COSO updates enterprise risk framework to highlight strategic planning

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) on Sept. 6, 2017, updated its Enterprise Risk Management—Integrated Framework, with Enterprise Risk Management — Integrating With Strategy and Performance.

The updated Framework discusses enterprise risk management relative to the changes in business arising from developments in the financial markets, the emergence of new technologies and demographic changes. The Framework is organized into five parts to help executives devise strategies and manage risk.

COSO said the updated Framework can be used by executives to develop a risk management strategy and by directors to oversee management’s performance in managing risk.

“The complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of enterprise risk management while asking for improved risk reporting,” said COSO Chair Robert Hirth in a statement. “Our overall goal is to continue to encourage a risk-conscious culture.”

Hirth said in an email that the updated Framework is not intended as a replacement to the Integrated Framework, which was published in 2004, although COSO plans to consider whether the Integrated Framework should be superseded.

According to PricewaterhouseCoopers LLP, which developed the updated Framework, the update is meant to reflect how the practice of enterprise risk management has evolved since 2004. The update is intended to address questions about how risk management should be incorporated with an organization’s management of its strategy.