ERM Framework COSO Enterprise Risk Management Integrated Framework Strategic Planning

Published: Jul 9, 2018
Share

The Committee of Sponsoring Organizations (COSO) of the Treadway Commission has released its first revision since 2004 to one of the most well-known risk management frameworks in the U.S., Enterprise Risk Management – Integrated Framework. The updated edition, Enterprise Risk Management – Integrating with Strategy and Performance, addresses the evolution of risks businesses face today.

“The complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of ERM, while asking for improved risk reporting,” said Robert B. Hirth Jr., COSO chair. “Our overall goal is to continue to encourage a risk-conscious culture.”

As Hirth stated, risk is evolving in today’s world, and business leaders and boards of directors need to be aware of this ever-changing business environment in order to be more strategic and competitive when striving to optimize outcomes. Some of these challenges include changing demographics in supporting decision-making, evolving technologies and shifts in economic markets. As risk influences and aligns strategy and performance across all departments and functions, the framework update illuminates the importance of ERM in strategic planning and circulates it throughout an organization.

The framework is a set of principles organized into five components: 1) Governance and Culture; 2) Strategy and Objective Setting; 3) Performance; 4) Review and Revision; and 5) Information, Communication and Reporting. These five components are supported by the following set of principles:

Governance and Culture	Strategy and Objective Setting	Performance	Review and Revision	Information, Communication and Reporting
1. Exercises board risk oversight	6. Analyzes business context	10. Identifies risk	15. Assesses substantial change	18. Leverages information and technology
2. Establishes operating structures	7. Defines risk appetite	11. Assesses risk severity	16. Reviews risk and performance	19. Communicates risk information
3. Defines desired culture	8. Evaluates alternative strategies	12. Prioritizes risk	17. Pursues ERM improvement	20. Reports on risk, culture and performance
4. Demonstrates commitment to core values	9. Formulates business objectives	13. Implements risk responses
5. Attracts, develops and retains capable individuals		14. Develops portfolio view

This framework accommodates diverse viewpoints and operating structures as well as enhances strategies and decision-making. By following the framework’s guidelines, ERM, in conjunction with data analytics and robotics/process automation, can change and adapt to the future. If data can be collected and analyzed efficiently, it will allow businesses to more readily identify trends and potential risks and then effectively react to them. Businesses at the forefront of digital innovation can position themselves to be industry leaders today and going forward.