By Rob Starr, Big4.com Content Manager
Originally formed in 1985, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a voluntary private sector organization dedicated to fraud deterrence, effective internal control and enterprise risk management. Recently, they unveiled an update to its Enterprise Risk Management – Integrated Framework and are looking for public comments on the COSO website through Dec. 31, 2016.
Robert B. Hirth Jr., COSO Chair, helped us to understand what’s stayed the same and what’s changed with the Enterprise Risk Management — Aligning Risk with Strategy and Performance update.
He started out saying the new net was still cast wide:
“This is a still a broad framework and our goal is to address a broad audience,” he says. “ We want a document that helps all organizations regardless of their size or where they are geographically that meets the needs of many different stakeholders and people. We also kept
the notion that ERM is about the entire organization working together to achieve their strategy.”
That doesn’t mean a large part of a successful internal control framework has been superimposed over risk management. They are designed as two individual structures that nevertheless can work together or be used separately. The update still gives organizations the ability to access their ERM frameworks’ effectiveness.
Juxtaposing what’s stayed the same are the changes made to improve organizations’ ability to gauge their ERM efforts. Hirth says the update even sets a different starting block.
“One of the key changes is we go right to the beginning of an organization and start with its mission, vision and values and the culture that’s created. We believe that’s an important starting point that was missing in 2004.”
He stresses how ERM has been elevated into the strategy setting process to consider a broader range of alternatives with a risk adjusted element. The criteria used in the updates was also refined and borrows from a proven predecessor.
“We really like the format that we have in the internal control framework so a big change has been a clearer set of criteria,” Hirth says. “We’ve laid out five components and twenty three supporting principles along with some revised definitions.”
Other differences include stronger linkage and discussions about decision making and possible unintended consequences involved and highlighting how ERM can be integrated into existing organizational activities like governance and performance management.
COSO has expanded its website, www.COSO.org, with a section on the Framework update that includes the proposed Framework, survey and comment tools, and FAQs about the project, details of the most significant updates and how to respond to the survey.