Coso ERM framework
Community of sponsoring organizations released the COSO ERM (enterprise risk management) framework in September 2004. The ERM project was initiated to develop a conceptually sound framework providing integrated principles, common terminology and practical implementation guidance supporting a company’s programs to develop or benchmark its enterprise risk management processes.
As set forth in the ERM framework, every entity, whether for-profit, not-for-profit or a governmental body, exists to provide value for its stakeholders. All entities face uncertainty; the challenge for management is to determine how much uncertainty the entity is prepared to accept as it strives to grow stakeholder value. ERM provides a framework for management to effectively deal with uncertainty and associated risk and opportunity, and thereby enhance its capacity to build value.
The COSO framework bolsters, supports and extends aspects of the original COSO internal control frame-work. The framework is based on eight key components:
• Internal environment
• Objective setting
• Event identification
• Risk assessment
• Risk response
• Control activities
• Information and communication
Also included in the conceptual approach is a mandate for coordination of all of these components in order to achieve the maximum effectiveness of a company’s risk assessment process.
In terms of relevance, since COSO is the current definitive standard for internal control, the COSO ERM framework is seen as a definitive standard as it relates to risk assessment. As internal audit functions complete their risk assessment processes, they should look to the COSO framework as a possible approach to complete this activity.The IIA, a member of COSO and a participant in the development of the COSO framework, supports its use by internal auditors. This framework provides a benchmark with detailed guidance for internal auditors to use in the evaluation of their organization’s risk management efforts. It also suggests guidance on various risk management processes and tools to consider when implementing or strengthening an organization’s ERM process. COSO comprises the following organizations:
• American Institute of Certified Public Accountants (AICPA)
• American Accounting Association (AAA)
• Financial Executives International (FEI)
• The Institute of Internal Auditors (The IIA)
•Institute of Management Accountants (IMA)
Coso erm and internal auditing