Big Four & Leading Accounting and Consulting Firms – news, opinion and career opportunities for aspiring & current professionals & alumni

COSO Chair Talks About Update to its Enterprise Risk Management – Integrated Framework

By Rob Starr, Content Manager

Originally formed in 1985, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a voluntary private sector organization dedicated to  fraud deterrence, effective internal control and enterprise risk management. Recently,  they unveiled an update to its Enterprise Risk Management – Integrated Framework and are looking for  public comments on the  COSO website through Dec. 31, 2016.

Robert B. Hirth Jr., COSO Chair, helped us to understand what’s stayed the same and what’s changed with  the Enterprise Risk Management — Aligning Risk with Strategy and Performance update.

He started out saying the new net was still cast wide:

“This is a still a broad framework and our goal is to address a broad audience,” he says. “ We want a document that helps all organizations regardless of their size or where they are geographically that meets the needs of many different stakeholders and people. We also kept

Bob Hirth

Bob Hirth

the notion that ERM is about the entire organization  working together to achieve their strategy.”


That doesn’t mean a large part of a successful internal control framework has been superimposed over risk management. They are designed as two individual structures that nevertheless can work together or be used separately. The update  still gives organizations the ability to access their ERM frameworks’ effectiveness.

Juxtaposing what’s stayed the same are the changes made to improve organizations’ ability to gauge their ERM efforts. Hirth says the update even sets a different starting block.

“One of the key changes is we go right to the beginning of an organization and start with its mission, vision and values and the culture that’s created. We believe that’s an important starting point that was missing in 2004.”

ERM Elevated

He stresses how ERM has been elevated into the strategy setting process to consider a broader range of alternatives with a risk adjusted element.  The criteria used in the updates was also refined and borrows from a proven predecessor.

“We really like the format that we have  in the internal control framework so a big change has been a clearer set of criteria,” Hirth says. “We’ve laid out five components and twenty three supporting principles along with some revised definitions.”

Other differences include stronger linkage and discussions about decision making and possible unintended consequences involved and highlighting how ERM can be integrated into existing organizational activities like governance and performance management.

COSO has expanded its website,, with a section on the Framework update that includes the proposed Framework, survey and comment tools, and FAQs about the project, details of the most significant updates and how to respond to the survey.








Share this post:

Comments are closed.