Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Fundamentals

COSO’s ERM Framework

June 17, 2020 2-min. read

One of the most widely embraced ERM frameworks is COSO’s Enterprise Risk Management – Integrating with Strategy and Performance issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Originally issued by COSO as the Enterprise Risk Management – Integrated Framework in 2004, the framework was revised in 2017 to strengthen the emphasis on the integration of ERM with strategy and performance.

The 2017 COSO ERM Framework consists of five interrelated components:

  1. Governance and Culture:  This component includes the importance of an effective tone at the top and the role of culture in supporting effective ERM.
  2. Strategy and Objective-Setting:  This component emphasizes the important integration of ERM, strategy and objective-setting to emphasize how effective ERM should be an important strategic tool.
  3. Performance: This component highlights the importance of identifying, assessing, responding, and reporting on risks that are linked to the achievement of strategy and business objectives.
  4. Review and Revision: The component describes how the evaluation of performance may shed insights on how well the ERM process is functioning and what revisions may be needed.
  5. Information, Communication, and Reporting: This component emphasizes that ERM is a continual process that requires ongoing identification and sharing of risk and strategy information.

The ERM Framework is principles-based. Each component contains a series of principles that are necessary for effective ERM. In total there are 20 principles in COSO’s 2017 ERM Framework. These principles help management and boards of all types of entities fulfill their overall responsibilities for managing risks and obtaining insights about those risks that can be used for strategic advantage. The ERM Framework also helps organizations embed an integrated approach to risk management throughout the organization.

COSO’s ERM Framework consists of four documents:

  1. Executive Summary (available for free download)
  2. Volume 1 (this contains the Framework)
  3. Volume 2 (this contains Appendices to Volume 1)
  4. Volume 3 (this includes a Compendium of Examples)

The Executive Summary can be downloaded for free from the COSO website and instructions on how to purchase the Volumes 1-3 can be found there as well.

Original Article Source:Enterprise Risk Management – Integrating with Strategy and Performance Executive Summary“, COSO, June 2017

More From Enterprise Risk Management Initiative

Side of Hunt

What is Enterprise Risk Management (ERM)?
Executive Perspectives on Top Risks 2024

REPORT: Executive Perspectives on Top Risks for 2024 and a Decade Later
Elona Ruka-Wright

Integrating ERM with Other Risk and Assurance Functions