Skip to main content
Poole College of Management
Enterprise Risk Management Initiative

ERM Frameworks and Best Practices

Aug 16, 2021

Strengthening Operational Resilience in a Post-Pandemic Environment

In a post-pandemic environment, organizations worldwide are implementing risk management strategies to create more resilient future operations. Operational resilience is the organization's ability to prepare responses to be in a position to recover quickly from disruptive events and continue to function amid challenging events. In its thought paper, Operational Resilience: Considerations for Boards, the C-Suite and Enterprisewide Implementation, Protiviti outlines top considerations for business leaders as they build resilience to support disruptions of an organization's ability to deliver goods and services, regardless of the severity of the event. Protiviti highlights a number of key concepts and practices for C-suite leaders, considerations for the board in overseeing operational resilience, and a checklist of essential elements to implement a resilience plan.
Getting Started with ERM for Nonprofits

Jul 14, 2021

Getting Started with Enterprise Risk Management: A Guide for Nonprofits

A video discussion of, "Getting Started with Enterprise Risk Management: A Guide for Nonprofits."

Jun 17, 2020

ISO’s Risk Management Framework

ISO’s Risk Management-Guidelines is a widely embraced framework for implementing ERM in any type of organization.  Issued by the International Organization for Standardization (ISO), ISO 31000:2018 provides guidelines on managing risks to help business leaders create and protect entity value through the management of risks in the context of decision making. The Framework bases the management of risks on principles, a framework, and process.

Jun 17, 2020

COSO’s ERM Framework

One of the most widely embraced ERM frameworks is COSO’s Enterprise Risk Management – Integrating with Strategy and Performance issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Originally issued by COSO as the Enterprise Risk Management – Integrated Framework in 2004, the framework was revised in 2017 to strengthen the emphasis on the integration of ERM with strategy and performance.

Apr 1, 2020

2020 The State of Risk Oversight: An Overview of Enterprise Risk Management Practices

2020 The State of Risk Oversight: An Overview of Enterprise Risk Management Practices

Feb 11, 2020

Effective ERM Can Promote Stakeholder Balance

This article provides an overview of the Business Roundtable (BRT) Statement on the Purpose of the Corporation.

Oct 3, 2019

Revamping ERM: How Seven Companies Improved ERM Effectiveness

This case study looks in depth at how seven different organizations have made changes to their approach to ERM to increase engagement in risk management activities from leaders across the organization and to facilitate more risk intelligent decision-making.

Jun 26, 2018

The Relationship between Internal Controls, ERM, and the Business Model

COSO's Improving Organizational Performance and Governance discusses how COSO's Internal Control Integrated Framework and COSO's ERM Integrated Framework relate to the standard business model. The frameworks can contribute to an organization's long-term success. The key takeaway is that good risk management and internal control are necessary for the long term success of all organizations. Improving organizational performance and governance will support this goal.

Jun 26, 2018

COSO’s Take on the Three Lines of Defense

As risks begin to threaten the achievement of company objectives, senior management must determine the appropriate way to respond. Responsibilities and duties must be clearly identified so individuals are aware of their roles in addressing these risks and controls. COSO developed the three lines of defense model that addresses how specific duties related to risks and controls could be assigned and coordinated within the organization to alleviate the threat. Ultimately, the model is designed to ensure individuals within each line of defense are aware of their full responsibilities and how these responsibilities fit into the organization's overall risk and control structure.

Jun 26, 2018

COSO Releases Examples of Framework Applications

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has released an important supplement to its 2017 Enterprise Risk Management – Integrating with Strategy and Performance. This compendium to the 2017 framework includes detailed examples for applying principles from the updated ERM Framework to day-to-day practices. The compendium of examples recognizes the connection between ERM and strategic setting and organizational performance and includes examples across a wide range of industries. Each illustration in the compendium was developed from industry practices identified through extensive research, including interviews and case studies.