COSO supplements ERM Framework with industry examples

Register now

The Committee of Sponsoring Organizations of the Treadway Commission, also known as COSO, has added a supplement to its widely used Enterprise Risk Management Framework, including detailed examples of how to use the ERM Framework, written by PwC under the direction of COSO’s board.

The Compendium of Examples links together the concepts and applications of ERM, illustrating various scenarios based on research, interviews and case studies.

COSO released an updated version of the ERM Framework last September. It’s one of the most widely used risk management frameworks in the world, employed by many organizations that also rely on COSO’s Internal Control Integrated Framework, which the group updated in 2013.

The ERM Framework is designed to help organizations implement enterprise risk management and link it with strategy-setting and organizational performance, according to COSO chair Paul Sobel. “The compendium, in turn, offers concrete examples across a variety of industries with real-world advice about how to put the ERM Framework to use,” he added. “These illustrations help organizations of all types apply the framework to their specific situation.”

Each example in the compendium focuses on a particular industry, describing how an entity adapted the principles of the framework, in terms of the relationship between the organization’s mission, vision and core values; its strategic goals and directions; and the approaches it used to implement its strategy. The industries and sectors include financial services, technology, health care, energy, consumer products, industrial products, nonprofit and government. Each example targets specific components covered in the ERM Framework.

COSO is jointly sponsored by five accounting and auditing organizations: the American Accounting Association, the American Institute of CPAs, Financial Executives International, the Institute of Management Accountants, and the Institute of Internal Auditors.

“Practical application is needed to ensure organizations can operationalize the concepts in the Framework,” Sobel said in a statement. “The key is taking it from theory to application guidance that makes it operational.”

For reprint and licensing requests for this article, click here.
Risk management Audits PwC