COSO ERM: Getting Risk Management Right

Strategy and organizational performance are the heart of the updated framework.

As enterprise risk management (ERM) has become popular in the past two decades, organizations have been trying to implement a program that makes all stakeholders satisfied that they are "doing risk management right." The problem is ERM is not a program. In fact, it is not a department nor a process, either. ERM — or more generically "risk management" — is an integral component of decision-making. It is a set of skills, approaches, competencies, tools, culture, and more that do not stand alone, but are part of all that an organization does. Unfortunately, many organizations don’t execute risk management well and suffer the consequences.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) recently published an update to its 2004 COSO ERM framework. The name of the 2017 version says it all: Enterprise Risk Management–Integrating With Strategy and Performance. Risk management is all about strategy and performance.

Read the complete Internal Auditor article about COSO ERM

Or download the PDF COSO ERM