COSO Integrates Enterprise Risk Management with Compliance and Ethics

The Committee of Sponsoring Organizations of the Treadway Commission ("COSO") integrated the concepts of its Enterprise Risk Management ("ERM") Framework with those of compliance and ethics ("C&E") programs to better identify, assess and manage organizational risks.

COSO identified that as an organization pursues its objectives, compliance risks emerge as common and material by-products. COSO defined ERM as "the culture, capabilities, and practices, integrated with strategy-setting and its performance, that organizations rely on to manage risk in creating, preserving, and realizing value."

COSO stated that when an ERM framework is aligned with an effective C&E program, an organization can "confidently" pursue new value creation opportunities while mitigating potential accompanying violations.

COSO described ERM as having interrelating goals with an organization’s system of internal controls, but distinguished ERM as including concepts of risk appetite, tolerance, strategy, and business objectives. Due to the differences in compliance, internal control, and enterprise risk management, COSO asserted that a conceptual integration of the three overlapping spheres better manages all types of organizational risk.

Tags