The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has released the Enterprise Risk Management - Integrated Framework that describes the essential components, principles and concepts of
enterprise risk management for all organizations, regardless of size. With heightened concern and focus on risk management, the Framework provides boards of directors and managements a clear roadmap for identifying risks, avoiding pitfalls, and seizing opportunities to grow stakeholder value.
COSO recognizes that while many organizations may be engaging in some aspects of enterprise risk management, there has been no common base of knowledge and principles to enable boards and senior management to evaluate an organization's approach to risk management and assist them in building effective programs to identify, measure, prioritize and respond to risks. The publication provides businesses as well as other organizations, for the first time, with a principles-based framework that will enable them to identify all the aspects that should be present in every company's enterprise risk program and how they can be successfully implemented.
"This Framework could not be completed at a more appropriate time," said John J. Flaherty, Chairman of COSO. "Organizations worldwide now recognize the linkage between corporate governance, enterprise risk management and entity performance. Many seek to improve processes for identifying, analyzing and managing risks. Yet until now, there hasn't been a comprehensive framework that truly meets the far-reaching demands of the new regulatory and competitive environment. Successfully managing risk drives better business performance and facilitates achievement of strategic, operations, reporting and compliance objectives."
Built on the foundation of COSO's Internal Control - Integrated Framework, being used by many American businesses to comply with the Sarbanes-Oxley Act requirements, this new Framework is expected to be widely accepted as the benchmark for dealing with business risk.
The Framework speaks to many of the issues currently facing organizations such as how an organization determines the right amount of risk for the value it is striving to create for stakeholders and how it responds to risk to best protect and enhance value. It also addresses the role of board of directors, senior management and other corporate officers in enterprise risk management. An accompanying document, Application Techniques, illustrates how effective enterprise risk management concepts and principles may be successfully applied in the competitive business environment.
COSO engaged PricewaterhouseCoopers in 2001 to lead the development of Enterprise Risk Management - Integrated Framework after concluding there was a need for a broadly recognized enterprise risk management framework. COSO appointed an advisory council with members from the five COSO organizations and chaired by Tony Maki, a partner with Moss Adams, to work with PricewaterhouseCoopers in the development of the framework. Because of the importance of the project, the Framework was exposed for public comment before final publication.
COSO is a voluntary private-sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. The members of COSO are: the American Institute of Certified Public Accountants, the American Accounting Association, Financial Executives International, the Institute of Management Accountants and The Institute of Internal Auditors. COSO was originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, known as the Treadway Commission, an independent private-sector initiative which studied the causal factors that can lead to fraudulent financial reporting and developed recommendations for public companies and their independent auditors, for the SEC and other regulators, and for educational institutions. COSO then published Internal Control -- Integrated Framework, also authored by PricewaterhouseCoopers. Other COSO studies include Internal Control Issues in Derivatives Usage and Fraudulent Financial Reporting, 1987-1997 - An Analysis of U.S. Public Companies.