In June 2017, the Committee of Sponsoring Organizations (COSO)released Enterprise Risk Management – Integrating with Strategy and Performance (ERM), which is an updated version of Enterprise Risk Management – Integrated Framework (2004). Every decision made in pursuit of an organization’s desired objectives has risk associated with it. The newer framework highlights the importance of considering risk when establishing strategy and driving peak organizational performance.
Other goals of the updated framework include the following:
- Provide a principle-based tool that can be applied across global markets and operations.
- Support greater transparency in improving performance target setting and risk reporting.
- Accommodate the prevalence of using technology, data, and analytics in decision-making.
- Enable monitoring of desired strategy achievement in an unpredictable and complex world.
COSO’s Internal Control – Integrated Framework (2013) complements the ERM Framework, and neither supersedes the other in application. However, the two publications are distinct in focus. Core definitions, components, and principles in the two combined frameworks allow entities to design internal control and processes to satisfy objectives related to operations, compliance, reporting, and–equally important–strategy.
ERM is applicable to entities of any nature, size, and complexity. Key to successful implementation is to not view risk management as an isolated exercise, but as an important element of accelerating growth and enhancing performance on an ongoing basis. Proper application of ERM allows organizations to better anticipate and respond to risks, both “good” and “bad”. “Good” risks create opportunities. “Bad” risks create potential for crises.
High-performing organizations must establish and periodically adjust strategy to changing circumstances. Entities must be keenly aware of evolving opportunities for creating value, and make plans for overcoming any challenges in pursuit of that value. COSO’s new ERM Framework is an incredibly useful tool for helping any organization better identify, evaluate, and respond to enterprise-wide risk.
ABOUT THE AUTHOR
Jennifer Louis has over 25 years of experience in designing and instructing high-quality training programs in a wide variety of technical and “soft-skills” topics needed for professional and organization success. In 2003, she founded Emergent Solutions Group, LLC, where she focuses her energy on designing and delivering practical and engaging accounting and auditing training. Jennifer started her career in Audit for Deloitte & Touche LLP. Jennifer graduated summa cum laude from Marymount University with a B.B.A. in Accounting
