One of the most widely embraced ERM frameworks is COSO’s Enterprise Risk Management – Integrating with Strategy and Performance issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Originally issued by COSO as the Enterprise Risk Management – Integrated Framework in 2004, the framework was revised in 2017 to strengthen the emphasis on the integration of ERM with strategy and performance.

The 2017 COSO ERM Framework consists of five interrelated components:

  1. Governance and Culture:  This component includes the importance of an effective tone at the top and the role of culture in supporting effective ERM.
  2. Strategy and Objective-Setting:  This component emphasizes the important integration of ERM, strategy and objective-setting to emphasize how effective ERM should be an important strategic tool.
  3. Performance: This component highlights the importance of identifying, assessing, responding, and reporting on risks that are linked to the achievement of strategy and business objectives.
  4. Review and Revision: The component describes how the evaluation of performance may shed insights on how well the ERM process is functioning and what revisions may be needed.
  5. Information, Communication, and Reporting: This component emphasizes that ERM is a continual process that requires ongoing identification and sharing of risk and strategy information.

The ERM Framework is principles-based. Each component contains a series of principles that are necessary for effective ERM. In total there are 20 principles in COSO’s 2017 ERM Framework. These principles help management and boards of all types of entities fulfill their overall responsibilities for managing risks and obtain insights about those risks that can be used for strategic advantage. The ERM Framework also helps organizations embed an integrated approach to risk management throughout the organization.

COSO’s ERM Framework consists of four documents:

  1. Executive Summary (available for free download)
  2. Volume 1 (this contains the Framework)
  3. Volume 2 (this contains Appendices to Volume 1)
  4. Volume 3 (this includes a Compendium of Examples)

The Executive Summary can be downloaded for free from the COSO website and instructions on how to purchase the Volumes 1-3 can be found there as well.



Getting Started in – Risk Management Frameworks

Evaluating Your ERM Program – Risk Management Best Practices

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2020-06-17