How effectively does your business manage risk?

Updated: Nov 17, 2020

From natural disasters and government shutdowns to cyberattacks and fraud, risks abound in today’s volatile, uncertain marketplace. While some level of risk is inevitable when operating a business, proactive owners and executives apply an enterprise risk management (ERM) framework to manage it more effectively.



Evolving framework

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed in July 1985 to combat fraudulent financial reporting. The panel is a joint initiative of the American Institute of Certified Public Accountants, Financial Executives International, Institute of Internal Auditors, American Accounting Association and Institute of Management Accountants.


COSO first published its Enterprise Risk Management — Integrated Framework in 2004. Companies aren’t generally required by law or regulations to apply an ERM framework. But they often choose to use COSO’s ERM framework to enhance their ability to manage uncertainty, consider how much risk to accept and improve understanding of opportunities as they strive to increase and preserve stakeholder value.


Through periodic updates, COSO aims to capture today’s best practices and help management attain better value from their ERM programs. The ERM framework was revamped in 2017 to address questions about how risk management should be incorporated with an organization’s management of its strategy. That update included five components: 1) governance and culture, 2) strategy and objective setting, 3) performance, 4) review and revision, and 5) information, communication and reporting.


The framework was modified again in 2018 to address sustainability issues. Spec