The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has published Enterprise Risk Management—Aligning Risk With Strategy and Performance.
The draft of the updated framework proposes:
- Five components supported by 23 principles. The components are risk governance and culture; risk, strategy, and objective setting; risk in execution; risk information, communication, and reporting; and monitoring ERM performance.
- A new definition of ERM.
- An emphasized relationship between risk and value.
- Renewed focus on the integration of ERM throughout management, linking it to decision-making.
- Examining the role of culture.
- Strategic focus on the potential misalignment of mission, vision, and values; the implications of the chosen strategy; and the risk to executing the strategy.
- Delineating between ERM and internal control. COSO updated its internal control framework in 2013 to reflect changes in technology and the business environment. The proposed framework on ERM neither replaces nor supersedes the internal control document, which was an articulation of 17 principles spread across five main components.
- Refining risk appetite and acceptable variation in performance. Risk and performance are not considered static and separate but are constantly changing and influencing each other.
- An update to the "COSO cube," from the 2004 framework.
COSO is a committee of five sponsoring organizations, including the AICPA. The organizations come together periodically to provide thought leadership on ERM, internal control, and fraud deterrence.
COSO is seeking public comment on the exposure draft through Sept. 30. Comments can be made by visiting coso.org.