November 11, 2020
New Guidance: Compliance Risk Management - Applying the COSO ERM Framework
Companies are taking a closer look at how to effectively manage and mitigate compliance risks, especially at a time when many compliance programs are under the microscope from regulators while also dealing with the effects of a global pandemic. This new publication, Compliance Risk Management: Applying the COSO ERM Framework, describes the application of the Enterprise Risk Management—Integrating with Strategy and Performance (ERM Framework) to the management of compliance risks. The guidance, commissioned by COSO and authored by the Society of Corporate Compliance and Ethics & Health Care Compliance Association (SCCE & HCCA), describes the characteristics of effective compliance and ethics (C&E) programs associated with each of the five components and 20 underlying principles of the COSO ERM Framework. A significant aspect of ERM is its focus on creating, preserving, and realizing value. Effective C&E programs contribute to each of these objectives.
August 4, 2020
Blockchain and Internal Control: The COSO Perspective
As blockchain becomes mainstream, it is appropriate to focus on how this technology intersects with an entity’s internal control. With careful implementation and integration, the distinctive capabilities of blockchain can be leveraged to create more robust controls for organizations. Blockchain-enhanced tools also have the potential to promote operational efficiency and effectiveness, improve reliability and responsiveness of financial and other reporting, and elevate compliance with laws and regulations. But blockchain also creates new risks and the need for new controls. The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control — Integrated Framework provides an effective and efficient approach that can be leveraged to design and implement controls to address the unique risks associated with blockchain.
“Blockchain and Internal Control: The COSO Perspective” provides perspectives for using the 2013 Framework to evaluate risks related to the use of blockchain in the context of financial reporting and to design and implement controls to address such risks. It is intended to help inform decisions regarding oversight, risks, and internal control over financial reporting (ICFR). The paper also should be of value to the various stakeholders involved in financial reporting, within the context of their own environments.
May 20, 2020
New COSO Guidance: Risk Appetite – Critical to Success
In an effort to help boards, executives, and managers recognize how a better understanding and communication of risk appetite will help their organizations succeed, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is releasing new guidance, “Risk Appetite–Critical to Success,” focusing on how organizations can promote risk appetite as an integral part of decision-making. The project was commissioned by COSO and co-authored by Frank Martens of Pacific Rim Risk Management Services Ltd. and Dr. Larry Rittenberg, Ernst & Young Emeritus Professor of Accounting at the University of Wisconsin-Madison School of Business. The guidance focuses on linking risk appetite with strategies and objectives and applying appetite as part of managing an organization for success, given the amount of risk the organization is willing and needs to take. As noted in the paper, risk appetite must be flexible enough to adapt to changing conditions, helping an organization to remain relevant in the evolving landscape. Those who anticipate and understand their risk when change happens are better able to embrace the change and be more agile in challenging conditions.
February 4, 2020
COSO Releases New ERM Guidance: Creating and Protecting Value
Over the past few decades, enterprise risk management (ERM) has received increased attention from boards and executives, and it continues to evolve in its development and uses. To further inform organizations on its benefits, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is releasing new guidance, “Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management,” offering succinct, tangible steps to implement an effective ERM program.
The project was commissioned by COSO and co-authored by DePaul University’s Richard J. Anderson, Clinical Professor of Strategic Risk Management, and Dr. Mark L. Frigo, Co-founder and Director Emeritus of the Strategy, Execution and Valuation Initiative & Strategic Risk Management Lab at the Kellstadt Graduate School of Business/Driehaus College of Business - School of Accountancy & MIS.
December 17, 2019
New COSO Guidance Addresses How Companies Can Use ERM Framework to Assess Cyber Risks
Even as companies become more digital savvy, they continue to confront new and emerging data risks that pressure financial and reputational vulnerabilities. To help address these challenges, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with Deloitte Risk & Financial Advisory, is releasing new guidance, “Managing Cyber Risk in a Digital Age.”
Written to boards of directors, audit committee members, executive management, and cyber practitioners, the new guidance addresses how companies can apply COSO’s Enterprise Risk Management–Integrating with Strategy and Performance (ERM Framework), one of the most widely recognized and applied risk management frameworks in the world, to protect against cyberattacks. The guidance provides insight into how organizations can leverage the five components and 20 principles of the ERM Framework to identify and manage cyber risks.
Managing Cyber Risk in a Digital Age
October 30, 2019
Collaborative Work on ERM-ESG Alignment Earns UN ISAR Honors Promoting Sustainability
The United Nations Conference on Trade and Development (UNCTAD) honored the Committee of the Sponsoring Organizations of the Treadway Commission (COSO), of which The Institute of Internal Auditors (IIA) is a sponsoring organization, the World Business Council for Sustainable Development (WBCSD), and EY for their collaborative work on integrating environmental, social and governance (ESG) aspects into companies’ mainstream enterprise risk management practices. The recognition is for development of the
Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks guidance and ESG-risk workshops. The guidance was a collaboration between COSO and WBCSD with support from EY through funding from the Gordon and Betty Moore Foundation.
February 20, 2019
COSO Issues Guidance for Healthcare Providers
Amid heightened scrutiny and ever-increasing complexities in operations and regulation, healthcare organizations face unique challenges related to the design and operation of internal controls. In response, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with Crowe LLP and CommonSpirit Health, has published new guidance: “2013 COSO Integrated Framework: An Implementation Guide for the Healthcare Provider Industry.” Healthcare organizations experience issues with system access and integrity, clinical documentation, coding, and billing, all of which may result in potential noncompliance with federal and state regulations – and costly mistakes. The guide introduces healthcare organizations to COSO’s widely used “Internal Control – Integrated Framework,” and provides a roadmap to implementation to help strengthen their overall governance and internal control structures. The Framework is recognized as the leading guidance for designing, implementing, and conducting internal control and assessing its effectiveness.
Implementation Guide for the Healthcare Provider Industry (2019)
October 23, 2018
COSO Announces Guidance Addressing Environmental, Social and Governance-related Risks
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the World Business Council for Sustainable Development (WBCSD) released today the final version of “Guidance for Applying Enterprise Risk Management (ERM) to Environmental, Social and Governance (ESG)-related Risks.” This guidance, which aligns with COSO’s widely accepted
Enterprise Risk Management — Integrating with Strategy and Performance, is intended to bring ESG risks and opportunities into a clearer focus for mainstream business and other organizations around the world. It is designed to enhance organizations’ resiliency as they confront the increasing prevalence and severity of ESG-related risks, ranging from extreme weather events to product safety recalls.
June 11, 2018
COSO Releases ERM Compendium of Examples
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) today announced the release of an important supplement to Enterprise Risk Management – Integrating with Strategy and Performance, with detailed examples for applying principles from the updated ERM Framework to day-to-day practices.
Authored by PwC under the direction of the COSO Board, the new Compendium of Examples recognizes the connection between concepts and applications of ERM. Each illustration in the compendium was developed from industry practices identified through extensive research, including interviews and case studies.
COSO Enterprise Risk Management - Integrating with Strategy and Performance: Compendium of Examples
May 24, 2018
COSO Sponsors Launch ERM Certificate Program
COSO announces the COSO Enterprise Risk Management Certificate. The program offers strategy, finance, accounting, auditing, risk management and other business professionals the opportunity to earn a certificate in the
COSO ERM Framework.
The COSO ERM Certificate is geared toward professionals who play a risk management role in entities of any size, consultants who provide advisory services related to enterprise risk management, and board members who provide oversight of enterprise risk management.
The course is offered only through COSO’s five sponsoring organizations: American Accounting Association (AAA), American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), IMA (Institute of Management Accountants), and The Institute of Internal Auditors (IIA).
COSO Enterprise Risk Management Certificate Program
Feb. 7, 2018
COSO, WBCSD Release New Draft Guidance on Environmental, Social and Governance-related Risks
COSO and the World Business Council for Sustainable Development (WBCSD) released at GreenBiz 2018 a draft Guidance for applying Enterprise Risk Management (ERM) to Environmental, Social and Governance (ESG)-related risks. The supplemental draft Guidance is designed to help organizations worldwide respond to the increasing prevalence and severity of ESG-related risks, ranging from extreme weather events to product safety recalls. COSO and WBCSD are seeking public comment on the draft Guidance and the previously released Executive Summary through June 30, 2018. Comment letters may be provided to
firstname.lastname@example.org. A consultation survey also will be available soon through the COSO website.
Preliminary Draft Guidance
Preliminary Draft Guidance (printable)
Draft Executive Summary
Draft Executive Summary (printable)
Feb. 1, 2018
COSO Appoints Leading Audit and Risk Management Executive Paul Sobel as Chairman
COSO has named Paul Sobel, Vice President and Chief Audit Executive at Georgia-Pacific LLC, as its new Chairman. His appointment to a three-year term is effective Feb. 1. Sobel, CIA, QIAL, CRMA, is recognized as a leading expert on governance, enterprise risk management, compliance, and internal control. He was selected as Chairman because of his extensive background along with his experience in corporate environments and professional service firms. Sobel succeeds Robert B. Hirth Jr., who served as COSO chairman since 2013.
Jan. 23, 2018
COSO, WBCSD Release Draft on Environmental, Social and Governance-related Risks
COSO partners with the World Business Council for Sustainable Development (WBCSD) in releasing a draft executive summary about new, cutting-edge guidance, "Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks." The guidance will help organizations worldwide respond to the increasing prevalence and severity of ESG-related risks, ranging from extreme weather events to product safety recalls. Details of a public comment period on the draft executive summary and on a draft of the full application guidance will be available in the coming weeks.
Executive Summary (printable)
Sept. 20, 2017
COSO Seeks New Board Chair
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is seeking applications for the position of Board Chair. The Chair is responsible for leading COSO in fulfilling its mission of providing thought leadership dealing with enterprise risk management, internal control and fraud deterrence. Candidates may submit a letter of interest along with a current resume of qualifications by the position application close date of Oct. 27, 2017.
Sept. 6, 2017
COSO Issues Important Update to ERM
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its highly anticipated ERM Framework:
Enterprise Risk Management — Integrating with Strategy and Performance. This new document builds on its predecessor,
Enterprise Risk Management — Integrated Framework, one of the most widely recognized and applied risk management frameworks in the world. The updated edition is designed to help organizations create, preserve, and realize value while improving their approach to managing risk.
April 7, 2017
COSO and WBCSD Sign Memorandum of Understanding
Recognizing the benefits of mutual cooperation to their respective members and for business in general, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the World Business Council for Sustainable Development (WBCSD) recently completed a Memorandum of Understanding (MoU) aimed at working together to help businesses identify and prioritize issues related to sustainability and enterprise risk management.