A Framework for Risk Management | AccountingWEB

A Framework for Risk Management

Today’s business and economic environment is uncertain at best. This reality makes it essential for managers to understand risk and to have a framework and process for dealing with it. The Committee of Sponsoring Organizations of the Treadway Commission known as COSO recognized this need and developed the ERM Framework in 2004. This framework provides a solid foundation for both understanding and dealing with risk.

I have been teaching risk management programs since the framework was issued and it has been interesting to me to see that it hasn’t gotten the traction it deserved. This seems to be the case based on a recent article in the Journal of Accountancy. Managers realize the importance of managing risk but are too busy with day to day details to take the time to formalize risk management into a process of how they run their businesses. Based on the events we have lived through over the past few months one would think that risk management would be a top priority.

I thought it would be useful to provide insight into the risk management framework and process and then link it to a strategic approach to managing the business. This blog post will begin to provide the basics of the ERM Framework to help you understand risk. I will then follow up with a series of posts to link the application of strategy.

We need to understand that risk evolves out of a series of events from either internal or external sources that have the potential to impact strategy and the achievement of organizational objectives. Risk is the possibility that an event will happen. Management then needs to assess all the risks and consider the impact they might have on the organization.

The ERM Framework developed by COSO is similar to the COSO Framework for internal control but with variations and additional elements. The objectives were expanded through the addition of strategy because of the importance of setting high-level goals that are aligned with and supporting the organization’s mission.

The components of the framework were expanded from the five to eight. The additional components included objective setting, identification of events, and how to respond to identified risks. These changes make sense since enterprise risk management is a process just like internal control where people control it and its application has a direct impact on strategy. Enterprise risk management or ERM will only provide reasonable assurance and it is essential that it be geared toward achievement of objectives.

A critical factor in risk management is gaining an understanding for the organization’s appetite for risk. This is the amount of risk an entity is willing to accept in their pursuit of value. Is the appetite for risk high, moderate, or low? This factor should be related to balancing the goals for growth, return, and investment. It also needs to be a factor in the decision making process by the management team.

Utilizing this foundation, ERM can help to align risk appetite and strategy and enhance risk response decisions. This process is a key in minimizing operational surprises and losses. It helps to balance the downside and increase the upside when managing and responding to risks.

The next blog post on this topic will deal with risk tolerance, forming an appetite for risk, and defining and responding to risks. Eventually we will pull together the process of managing risks, setting objectives, and how strategy should be a component of managing the business on a daily basis. For more information on risk management and other topics visit www.northrupcpa.com.

This blog

Lynn Northrup, CPA, CPIM - Lynn's focus is on building business value for both family-owned businesses and other CPAs. I also specialize in lean accounting, process improvement, internal control, and assessment of audit risk. Other accomplishments include publishing two books, development of self study programs for Bisk Education, and an Adjunct Professorship at Villanova University. My wife Jessica and I live in southwestern Colorado and we look forward to contributing to the AccountingWEB community.

More from this blog

Bloggers crew

Steve Knowles has spent 25 years in business and practice in the UK, but he also worked in the states and the years haven't dulled his way of seeing an alternative view to everyone else, and every day is a new adventure.


Joel M. Ungar, CPA is a lifelong resident of the Detroit area and a graduate of The University of Michigan. He is a principal with Silberstein Ungar, PLLC, a Top 15 auditor of SEC public reporting companies.


Allan Boress, CPA, with over 25 years as a practitioner and consultant to the accounting profession. Mr. Boress is the author of 12 published books in 6 different languages, including a best-seller, The "I-Hate-Selling" Book.


Larry Perry, CPA, CPA Firm Support Services, LLC, is the author of accounting and auditing manuals, author and presenter of live staff training seminars, and author of webcast and self-study CPE programs. He blogs about small audits, reviews, and compilations.

Sandra Wiley, COO and Shareholder, is ranked by Accounting Today as one of the 100 Most Influential People in Accounting as a result of her prominent role as an industry expert on HR and training as well as influence as a management and planning consultant. She is also a founding member of The CPA Consultant's Alliance. Sandra is a certified Kolbe™ trainer who advises firms on building balanced teams, managing employee conflict and hiring staff.

Maria Calabrese, CIR, Human Resources manager for Fazio, Mannuzza, Roche, Tankel, LaPilusa, LLC in Cranford, New Jersey, Maria's topics revolve around the world of: Mentoring, Performance management, and The "Y Generation," a.k.a. "The whY generation".


William Brighenti is a CPA, Certified QuickBooks ProAdvisor, and Certified [Business] Valuation Analyst, operating an accounting, tax, and QuickBooks consulting firm in Hartford, Connecticut, Accountants CPA Hartford.


Ken Garen, CPA, is the co-founder and President of Universal Business Computing Company (www.ubcc.com), a software development firm of high-volume, high-productivity accounting and payroll technology.


Eva Rosenberg, MBA, EA, is the publisher of TaxMama.com, and author of the weekly syndicated Ask TaxMama column. She provides answers to tax questions from taxpayers and tax professionals worldwide.


Amy Vetter, CPA, CITP is the CPA Programs Leader for Intacct Corporation responsible for leading the CPA/BPO Partners nationally.

Brian Strahle is the owner of LEVERAGE SALT, LLC where he provides state and local tax technical services to accounting firms, law firms and tax research organizations across the United States. He also writes a weekly column in Tax Analysts State tax Notes entitled, "The SALT Effect." For more info, visit his website: www.leveragestateandlocaltax.com
Scott H. Cytron, ABC, is president of Cytron and Company, known for helping companies and organizations improve their bottom line through a hybrid of strategic public relations, communications, marketing programs and top-notch client service. An accredited consultant, Scott works with companies, organizations and individuals in professional services (accounting, finance, medical, legal, engineering), high-tech and B2B/B2C product/service sales.

Rita Keller is a nationally known CPA firm management consultant, speaker, author, mentor and blogger. She has over 30 years hands-on experience in CPA firm management, marketing, technology and administrative operations.

Stacy Kildal is the mom of two fantastic kids, an Advanced Certified QuickBooks ProAdvisor, Certified Enterprise Solutions ProAdvisor, Sleeter Group Certified Consultant, a nationally recognized member of the Intuit Trainer and Writer Network, and co-host of RadioFree QuickBooks.
Michael Alter's blog specializes in providing practical advice to those who seek greater profitability and practice management tactics that enhance deeper client relationships.

Sally Glick, CMO, Principal, Marketer of the Year in 2003 and AAM Hall of Famer in 2007, leads a lively discussion of the constantly expanding roles of marketing and the professional marketers that drive this initiative in accounting firms of all sizes.


The IMA Young Professionals Blog features the insights of IMA’s Young Professionals Committee. Committee members share advice and experiences on careers, continuing education, work/life balance, and other issues affecting young accounting and finance professionals.


FEI Financial Reporting Blog provides highlights from SEC, PCAOB, FASB, IASB, and other regulatory news, including reporting under Sarbanes-Oxley Sect 404. It is written by Edith Orenstein, Director of Technical Policy Analysis at FEI.


Sue Anderson has 30 years of experience in continuing education for accountants. Currently she is the program director for online CPE provider CPE Link.


Jim Fahey is COO of Apple Growth Partners, a regional CPA firm in Ohio. His focus is on the effective and efficient use of technology within the firm by all team members.

Caleb Newquist is the Editor-in-Chief of Sift Media US, overseeing content for both AccountingWEB and Going Concern.

Leita Hart-Fanta, CPA, CGFM, and CGAP is the author of "The Yellow Book Interpreted" and owner of Yellowbook-CPE.com a website devoted to training for governmental auditors.


AccountingWEB is more than just a U.S. team of journalists and financial and technology experts - we have an international side, too! Members of our British team who publish AccountingWEB.co.uk share their ideas, insights, and perspectives from across the pond.