COSO Revises Its ERM Framework

Executives seeking guidance on effective approaches for integrating their organization’s risk management processes with strategy and performance should turn to COSO’s 2017 updated guidance in its Enterprise Risk Management: Integrating with Strategy and Performance. The 2017 revision updates COSO’s original 2004 Enterprise Risk Management – Integrated Framework, to reflect the growing realities of the complexities and speed of risks in our fast-paced, ever-evolving global business environment and the need to integrate risk considerations with strategy and performance.

Integration of ERM and Strategy

The title of the updated document highlights the emphasis of the importance of better connecting an organization’s risk management and strategic efforts. “While the connection of risk management and strategy was emphasized in the original framework, the 2017 updated framework places greater emphasis on the importance of integrating risk considerations when designing and implementing strategies to accomplish the organization’s performance goals and objectives,” commented Mark Beasley, Deloitte Professor of ERM and Director of the ERM Initiative who also served on the COSO Advisory Council that assisted with this revision. “The new guidance also highlights the importance of more effective and transparent communications with key stakeholders about risks in the context of strategy to meet growing governance expectations,” noted Beasley.

Principles of ERM

The 2017 ERM framework is organized around five core components for effective ERM:

  • Governance and Culture
  • Strategy and Objective Setting
  • Performance
  • Review and Revision
  • Information, Communication, and Reporting

To help users appreciate the breadth and depth of each of these components, the revised framework includes 20 core principles that support the five components. The principles describe different techniques that can be used to apply the components in different organizations. Adherence to the 20 principles should provide an expectation that the organization’s leaders understand risks associated with the organization’s strategy and objectives.

ERM Framework Resources

The 2017 revision includes three elements:

  • An Executive Summary
  • The Framework and Background Information to put the Framework into context
  • Appendices

The Executive Summary is available for free at COSO’s website. You may order the other materials there as well.