COSO drafts updated approach to enterprise risk management

The proposal would clarify concepts introduced in 2004.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has published Enterprise Risk Management—Aligning Risk With Strategy and Performance.

The draft of the updated framework proposes:

  • Five components supported by 23 principles. The components are risk governance and culture; risk, strategy, and objective setting; risk in execution; risk information, communication, and reporting; and monitoring ERM performance.
  • A new definition of ERM.
  • An emphasized relationship between risk and value.
  • Renewed focus on the integration of ERM throughout management, linking it to decision-making.
  • Examining the role of culture.
  • Strategic focus on the potential misalignment of mission, vision, and values; the implications of the chosen strategy; and the risk to executing the strategy.
  • Delineating between ERM and internal control. COSO updated its internal control framework in 2013 to reflect changes in technology and the business environment. The proposed framework on ERM neither replaces nor supersedes the internal control document, which was an articulation of 17 principles spread across five main components.
  • Refining risk appetite and acceptable variation in performance. Risk and performance are not considered static and separate but are constantly changing and influencing each other.
  • An update to the "COSO cube," from the 2004 framework.

COSO is a committee of five sponsoring organizations, including the AICPA. The organizations come together periodically to provide thought leadership on ERM, internal control, and fraud deterrence.

COSO is seeking public comment on the exposure draft through Sept. 30. Comments can be made by visiting coso.org.

SPONSORED REPORT

Why cybercriminals are targeting CPAs

This free report expands on the most commonly found scams, why education and specialized IT knowledge help to lessen security vulnerabilities, and why every firm should plan carefully for how it would respond to a breach.

PODCAST

How tax reform — and Excel — are changing the CPA Exam

Mike Decker, the vice president of examinations at the AICPA, discusses changes being made to the exam as a result of tax reform — and about how Excel will now be available for use on the test.