Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Leadership and Governance

Webinar Featuring Insights from Two COSO Risk Oversight Reports

February 9, 2011 4-min. read

In January 2011, the NC State ERM Initiative, along with COSO and Protiviti, conducted a webinar entitled, “ERM Board Risk Oversight – A Tale of Two Surveys from COSO,” to highlights key findings and insights from two recent COSO released survey reports on the current state of enterprise risk management. The webinar features Dave Landsittel, Chairman, COSO, Mark Beasley, Director of the ERM Initiative at NC State, and Jim DeLoach, Protiviti Managing Director.

The webinar recording is no longer available. However, the reader of this article may be interested in an overview of the COSO reports discussed:

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) – an organization providing thought leadership and guidance on internal controls, enterprise risk management (ERM), and fraud deterrence – released in late 2010 results of two different surveys relating to the current state of enterprise risk management and board risk oversight. These surveys were commissioned by COSO and conducted in partnership with two outside organizations. These activities are a continuation of COSO’s ongoing efforts to provide thought leadership on ERM and to seek input about COSO ERM guidance from key stakeholders.

The first survey, launched by COSO in partnership with Protiviti, a global business consulting and internal audit firm, sought input directly from over 200 corporate directors to obtain deeper knowledge of the current state and desired future state of the risk oversight process as it is applied by boards of directors. Board members were divided on the effectiveness and maturity of their processes and efforts, according to the survey. While 53 percent of participants rated the risk oversight process in their organizations as “effective” or “highly effective,” more than 70 percent indicated that their boards are not formally executing mature and robust risk oversight processes.

“Risk oversight is a high priority on most boards of directors’ agendas,” said Jim DeLoach, a managing director with Protiviti. “Our survey findings provide valuable insights on how a board can advance to a more mature stage in its oversight of risk – a critical issue as new legislation and regulations force boards to rethink their structure and mission as it relates to risk oversight.”

A COSO thought paper authored by Protiviti, titled Board Risk Oversight – A Progress Report: Where Boards of Directors Currently Stand in Executing their Risk Oversight Responsibilities, discussing the results of this survey, including Protiviti’s insights and recommendations, is available on COSO’s (www.coso.org) and Protiviti’s (www.protiviti.com) websites, as well as the websites of COSO’s five sponsoring organizations.

The second survey, conducted by COSO with the assistance of the ERM Initiative at North Carolina State University, obtained information from corporate management about the current state of their risk oversight processes and feedback about COSO’s 2004 Enterprise Risk Management – Integrated Framework. The survey was intended to obtain management perspectives about the relative maturity of their risk management practices and to identify perceived strengths and/or weaknesses in COSO’s ERM Framework, as well as the extent of reliance on alternative frameworks to strengthen organizational enterprise risk processes and oversight.

This second survey suggests that boards may be over confident in management’s underlying risk management processes. Almost 60 percent of the 460 respondents admitted that their risk management processes are ad hoc and informal, almost half (42.4 percent) described their organization’s level of functioning of ERM processes as “very immature” or “somewhat mature” and about one-third (35 percent) admit that they are “not at all” or are “minimally” satisfied with the nature and extent of reporting to senior executives of key risk indicators. The two studies suggest that there is room for improvement in enterprise risk management across many organizations.  

Almost two-thirds of corporate management respondents were familiar with COSO’s ERM Framework and that the Framework has been the overwhelming choice as the basis for implementing ERM within the respondents’ organizations. According to Mark Beasley, Deloitte Professor of Enterprise Risk Management and Director of North Carolina State’s ERM Initiative, “Most believe that the COSO ERM Framework is theoretically sound, provides a common language for ERM that is widely accepted and clearly describes key elements of a robust ERM process. Boards of directors are placing greater expectations on management to strengthen risk oversight processes.”

The result is a COSO thought paper titled COSO’s 2010 Report on ERM: Current State of Enterprise Risk Oversight and Market Perceptions of COSO’s ERM Framework.

COSO is active in addressing insights emerging from both of the above surveys. “We have engaged researchers to develop thought papers aimed at removing the barriers to effective ERM implementation and moving organizations up the maturity curve to a more robust ERM process,” said David Landsittel, COSO Chair. “Specifically, we are about to release two thought papers dealing with approaches for getting started in the implementation of ERM and developing key risk indicators. A third thought paper aimed at helping organizations better articulate and implement risk appetite is anticipated to be issued next spring,” according to Landsittel.  

Source: PR Newswire

More From Enterprise Risk Management Initiative

John Berry

How Coca-Cola’s ERM Leader is Using AI to Monitor and Manage Emerging Risks
Bonnie Hancock

The Role of Corporate Boards in Enterprise Risk Management
TradeTalks

How C-Suite Leaders Are Navigating Current and Future Risks