How to apply COSO’s ERM framework to compliance risk management

By Ken Tysiac

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has published new guidance on how to apply the COSO enterprise risk management framework to effectively manage and mitigate compliance risks.

Compliance Risk Management: Applying the COSO ERM Framework describes the characteristics of compliance and ethics programs associated with each of the five components and 20 underlying principles of the COSO ERM Framework.

The publication was commissioned by COSO and authored by the Society of Corporate Compliance and Ethics & Health Care Compliance Association. It describes how to integrate the COSO ERM framework with guidance for compliance and ethics programs that is based on U.S. Federal Sentencing Guidelines as well as global legislation.

ERM focuses on creating, preserving, and realizing value, and effective compliance and ethics programs contribute to each of these objectives.

“Compliance risks are common and frequently material risks to achieving an organization’s objectives,” COSO Chairman Paul Sobel said in a news release. “This publication aims to provide guidance on the application of the COSO ERM framework to the identification, assessment, and management of compliance risks by aligning it with the [compliance and ethics] program framework, creating a powerful tool that integrates the concepts underlying each of these valuable frameworks.”

According to the publication, a governing board of directors and all employees have compliance responsibilities, and compliance risk often extends to activities carried out through third parties. The compliance function leads the development of the compliance and ethics program and works closely with business units in its execution, but the program needs the support of senior management and the board of directors in order to be successful.

COSO is a joint initiative of five private-sector organizations, including the AICPA, and provides thought leadership through the development of frameworks and guidance on ERM, internal control, and fraud deterrence.

Ken Tysiac ( is the JofA’s editorial director.


Get your clients ready for tax season

Upon its enactment in March, the American Rescue Plan Act (ARPA) introduced many new tax changes, some of which retroactively affected 2020 returns. Making the right moves now can help you mitigate any surprises heading into 2022.


Black CPA Centennial, 1921–2021

With 2021 marking the 100th anniversary of the first Black licensed CPA in the United States, a yearlong campaign kicked off to recognize the nation’s Black CPAs and encourage greater progress in diversity, inclusion, and equity in the CPA profession.