By Rob Starr, Big4.com Content Manager
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a voluntary private sector organization dedicated to improving organizational performance and governance through effective internal control, enterprise risk management and fraud deterrence. Their widely accepted framework hadn’t been revised since 2004. Robert B. Hirth, Jr., COSO Chair, answered some questions for Big4.com about the evolution of this ERM framework and the role PwC will play in the upcoming changes.
1. Why did COSO pick PwC to enhance the Framework?
COSO employs a Principal Author model for all of its frameworks and publications. This is necessary given COSO’s limited resources as a private, joint initiative with no employees, office facilities or other supporting staff. PwC has served as the Principal Author for the latest Internal Control framework revision in 2013as well as the 2004 ERM framework. The COSO board felt that this experience and positive track record made PwC a logical first choice to lead the ERM framework revision efforts. The COSO Board approached PwC to discuss this and PwC was enthusiastically supportive of being the Principal Author for the ERM framework revision. We were
also able to include several PwC team members from the Internal Control framework revision as well as securing Frank Martens, a key PwC Director who has been involved in numerous COSO projects. We are also very pleased that PwC partner Dennis Chesley will lead the project. Dennis has very relevant and substantial risk management experience.
2. What was it about the evolution of risk management thinking and practices that necessitated this?
The COSO Board believes that risk management has continued to evolve and develop since COSO’s pioneering efforts in 2004 via the release of the ERM framework. Heightened sensitivity to the topic of ERM by Boards, management, shareholders and regulators as a well as refinements in approach, terminology and philosophies are factors driving the decision to look at revising the 2004 ERM framework. Finally, the continued increasing pace of change as well as heightened regulatory and compliance risks are driving the need for more effective risk management at all organizations.
3. What do changing stakeholder expectations have to do with the need for these changes?
As noted in question 2 above, changing stakeholder expectations are clearly a driving force for considering revision to the 2004 ERM framework. One particular stakeholder expectation change in the last five years is the SEC disclosure requirement for all US listed companies to describe the role of the Board in overseeing the risk management program of the organizations they serve on. Other countries and stock exchanges have also continued to evolve their disclosure requirements regarding risk management.
4. How is risk management evolving?
Like any profession, discipline or product, change continues to require evolution is order to stay effective. As ERM has continued to evolve, it is important for COSO to challenge and compare its ERM framework against these changes to ensure its relevancy and if it is not relevant to revise it accordingly.
5. What do you see in the future?
I’d hope ERM will become simply and fully “baked in” to the way all organizations, units, processes and individuals govern, plan, operate, report, monitor and adapt. This would apply to both private and public sector organizations, public listed companies, private enterprises and not-for-profit organizations. ERM is about meeting more of your objectives more of the time, experiencing fewer surprises and thus clearly adding to shareholder and overall enterprise value. I’d also hope that individuals will see that applying ERM concepts to themselves as individuals is a way to help them enhance their professional and personal lives.