Sponsoring Organizations:

Guidance on Enterprise Risk Management

​​​​Enterprise Risk Management—Integrating with Strategy and Performance (2017)​

In keeping with its overall mission, the COSO Board commissioned and published in 2004 the Enterprise Risk Management—Integrated Framework. Over the past decade, that publication has gained broad acceptance by organizations in their efforts to manage risk. However, also through that period, the complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of enterprise risk management while asking for improved risk reporting. This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. The updated document, titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance.​

Executive Summary​

Frequently Asked Questions

COSO 2017 ERM Slide Presentation

HOW TO PURCHASE

​​News Release​

​​​​​Enterprise Risk Management — Integrated Framework (2004)​​

In response to a need for principles-based guidance to help entities design and implement effective enterprise-wide approaches to risk management, COSO issued the Enterprise Risk Management — Integrated Framework in 2004. This framework defines essential enterprise risk management components, discusses key ERM principles and concepts, suggests a common ERM language, and provides clear direction and guidance for enterprise risk management. The guidance introduces an enterprise-wide approach to risk management as well as concepts such as: risk appeti​te, risk tolerance, portfolio view. This framework is now being used by organizations around the world to design and implement effective ERM processes. Available for purchase in the AICPA Store. Learn more about Enterprise Risk Management —​ Integrated Framework.

Purchase Enterprise Risk Management —​ Integrated Framework

ERM Thought P​apers

ERM Risk Assessment in Practice

This thought paper provides leadership thinking on risk assessment approaches and techniques that have emerged as the most useful and sustainable for decision-making. It represents another in a series of papers published by COSO aimed at helping organizations move up the maturity curve in their ongoing development of a robust ERM program.

News Re​l​ease

Enterprise Risk Management for Cloud Computing

This thought paper is published in response to the growing number of organizations utilizing cloud computing as a viable alternative for meeting their technology needs. The thought paper provides guidance on following the principles of the COSO Enterprise Risk Management — Integrated Framework to assess and mitigate the risks arising from cloud computing.

News Rel​ease

Enhancing Board Oversight: Avoiding and Challenging Traps and Biases in Professional Judgment​

A thought-paper detailing a five-step judgment process that board members and others can use to overcome common pitfalls and mitigate the effects of judgment bias. The judgment process is based on KPMG’s Professional Judgment Framework, which enables individuals to identify where and when the quality of judgments tends to be threatened by predictable, systematic judgment traps and biases.

News Rel​ease

Enterprise Risk Management —​ Und​erstanding and Communicating Risk Appetite​

Organizations encounter risk every day as they pursue their objectives. Risk appetite — the amount of risk organizations are willing to accept in pursuit of their objectives — is an integral part of an effective ERM system. This thought paper aims to help organizations develop, better articulate, and implement “risk appetite.” It provides examples of statements of risk appetite and emphasizes the notion that risk appetite should be clearly defined, communicated by management, embraced by the board, and continually monitored and updated.

News Release

Embracing Enterprise Risk Man​​agement: Practical Approaches for Getting Started

This paper is intended to help organizations start down the path toward improving risk management. This thought paper describes how an organization can start to move from informal risk management to ERM. Moreover, it discusses the increasing importance of and focus on ERM and the need for all types of organizations to understand and embrace ERM. The paper also examines perceived barriers to starting ERM and working through those barriers.

News Release

Developing Key Risk Indicators to S​​trengthen Enterprise Risk Management

This paper is directed towards managers. It provides practical examples to help executives develop effective key risk indicators to heighten board and management enterprise risk awareness in order to increase the effectiveness of an ERM process and improve the execution of an organization’s strategy.

News Release

Board Risk Oversig​​ht —​ A Progress Report: Where Boards of Directors Currently Stand in Executing their Risk Oversight Responsibilities

This report is based on a survey that sought input directly from over 200 corporate directors to obtain deeper knowledge of the current state and desired future state of the risk oversight process as it is applied by boards of directors.

News Release

COSO’s 2010 Report on​​​ ERM: Current State of Enterprise Risk Oversight and Market Perceptions of COSO’s ERM Framework​

This report is based on a survey launched to obtained information from corporate management about the current state of their risk oversight processes and feedback about COSO’s 2004 Enterprise Risk Management —​ Integrated Framework.

News Release

Strengthening Enterp​​​rise Risk Management for Strategic Advantage

This document is a helpful resource for articulating the strategic value of effective ERM. The publication further develops the responsibilities of board of directors presented in the first thought paper on ERM. This paper highlights key elements of ERM for board and senior executive consideration as they re-examine their existing approaches to risk oversight. The paper also provides a list of four specific areas where senior management can work with its board to enhance the board’s risk oversight capabilities.

News Rel​ease

Effective Enterprise Risk Ov​​ersight: The Role of the Board of Directors

The paper emphasizes the role of the directors with regard to ERM. It lays out four core responsibilities of boards in the oversight of management’s risk processes and top risk exposures arising out of those processes.

News Release

Top