Main Menu

COSO Changes Are Coming. How Will They Impact Your ERM Program?


Changes aheadTwelve years after the Committee of Sponsoring Organizations of the Treadway Commission (COSO) commissioned and published in 2004 Enterprise Risk Management – Integrated Framework, COSO is making some updates. As with other frameworks, over time these publications require enhancements to adequately provide guidance to companies to address emerging risks, enhanced awareness and complexity of environments.

As of June 15, 2016, COSO has unveiled an update to its 2004 Enterprise Risk Management – Integrated Framework and is seeking public comment on the proposal. The updated publication is Enterprise Risk Management – Aligning Risk with Strategy and Performance, which will be released at a later date in 2016 or 2017. Public comments will be accepted June 15 through September 30, 2016.

The bigger question you may have is: How does this impact my company and my current (or desired) enterprise risk management program?

More Complex Environments

As with the update from COSO1992 to COSO2013, this framework update is imperative to helping organizations consider and evaluate the past, current and future environment their organization is exposed to. Environments have become more complex and uncertain as companies react to the current economic and technology risks and events while maintaining stakeholder expectations.

The updated framework is designed to help organizations work in conjunction with the stakeholders to appropriately evaluate risk regarding strategic, operational and financial initiatives. The proposed changes continue to support and provide guidance on internal control, enterprise risk management and fraud deterrence. At the same time, they have elevated the necessity of board awareness, oversight of risk management and improved risk reporting.

The design of enterprise risk management programs should incorporate risks and uncertainties from strategic planning and identified and monitored initiatives to the day-to-day functions and departments of an organization. By incorporating the strategic initiatives as well as the day-to-day functions, the organization develops a robust event and response approach to help support the strategic and day-to-day goals of the organization.

The 5 Key Components of COSO

COSO has organized the framework into five interrelated components as well as 23 principles to support the components. These components are as follows:

  1. Risk Governance and Culture
  2. Risk, Strategy and Objective-Setting
  3. Risk in Execution
  4. Risk Information, Communication and Reporting
  5. Monitoring Enterprise Risk Management Performance

By starting the evaluation of the ERM program based on the mission, vision and core values of the organization, these five components provide a great level of guidance on how to further develop the program based on the strategic and business objectives. The 23 principles offer further depth into each component to help pave the organization’s road map to enhanced performance.

Customize Your Solution for Your Needs

It is important to recognize that the application of the guidance should be tailored to meet the needs of the organization. By strategically integrating the framework into your environment, you should be in a great position to reap the benefits of enhanced performance and reaction to events as well as increased stakeholder value.

Amy Ribick, CFE, CRMAFor assistance on how to be an early adopter of the upcoming enhanced framework or how to determine the best approach on revamping your current ERM program, please contact Amy Ribick, Principal, Advisory Services, at 314.983.1347 or   


Back to Page