By Rob Starr, Big4.com Content Manager
Enterprise risk management, fraud deterrence and effective internal control are factors that hold a position of importance with any organization looking to get to the top of their intended marketplace and stay there. Understanding that need, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) published in 2004 a framework for enterprise risk management that has not been revisited since that time.
Recently, COSO decided the time was right for a revision to the Enterprise Risk Management
– Integrated Framework and they selected PwC to facilitate the changes. Dennis Chesley, PwC’s Risk Consulting Leader and project team leader for the update, and Frank Martens, director at PwC, helped us to understand what’s going to take place and why.
“The main need for an update is due to the fact that so much has changed around expectations in risk management by Boards of Directors, executive management teams and other outside organizations including the regulators,” Chesley said, adding these expectations demand adequate procedures are in place to consider the risk and threats to organization wide objectives. PwC has been tasked with interviewing interested parties for views and concerns regarding the current Framework and to gather suggestions for improvements.
Chesley furthers there have been a number of events from 2004 up to the present day that have evolved the concepts and practices around how risk management is approached. The new contract isn’t the beginning of a new relationship between COSO and PwC—the company was involved in the original Internal Control Framework and the original Risk Management Framework and the most recent Internal Control Framework done last year.
“We pride ourselves on taking a position on these things that represents what we hear from the industry, other consulting firms and professional organizations and the world of academia,” Chesley says. “So when we come at these, we have an objective manner so the frameworks represent the quality of input from a variety of stakeholders and are conducted in the spirit of what COSO would expect from any organization helping them with an update.”
Frank Martens, director at PwC, mirrors his colleague’s sentiments telling Big4.com that PwC understands the significance of the update and has allocated a commensurate amount of resources toward the project. He explains:
“From a structure perspective, we have a core team of five to eight people with strong risk management skills as well as recent and relevant COSO experience.”
There’s also an extended project team assigned to work on the update. These people will
bring in different perspectives like a functional viewpoint on a technical aspect or much needed broad industry input. According to Martens, PwC will implement a four phased system they’ve used over the years that has been tried and tested.
“Our finalization phase is where we work closely with the board to make sure their objectives have been met,” he says. “It’s a strong team, we have experience, and very much want this update to be viewed as a success.” He finishes by stressing the real objectives are to capture market interest and enhance application.
Originally formed in 1985, COSO is a voluntary private sector organization dedicated to improving organizational performance and governance through effective internal control, enterprise risk management and fraud deterrence. COSO is jointly sponsored by the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), the Institute of Management Accountants (IMA), and The Institute of Internal Auditors (IIA).