Updated ERM framework highlights performancePosted On: Sep. 26, 2017 6:27 AM CST
The latest version of an enterprise risk management guide has been designed to help organizations grow while managing risk, experts say.
The Committee of Sponsoring Organizations of the Treadway Commission, or COSO, earlier this month released “ERM Framework: Enterprise Risk Management – Integrating with Strategy and Performance.” The new document updates Lake Mary, Florida-based COSO’s 2004 “Enterprise Risk Management – Integrated Framework.”
COSO said the update more clearly connects enterprise risk management with a number of stakeholder expectations. In addition, COSO said, the latest version puts risk in the context of an organization’s performance, rather than an isolated exercise and helps organizations to better anticipate risk so they can get ahead of it. The update also more strongly emphasizes how enterprise risk management informs strategy and its performance, COSO said.
The framework is organized into five components that contain different viewpoints and
PricewaterhouseCoopers L.L.P. updated the document under the Treadway Commission’s direction. Frank Martens, global risk framework and methodology leader for PwC in Vancouver, British Columbia, and COSO project lead director, said the framework was updated because the risk landscape was evolving quickly.
“We felt it was the right time to refresh what had been written in 2004,” he said, “and bring some updated ideas to the framework and give it some more innovative thinking.”
The 2004 document, Mr. Martens said, “set the groundwork for a lot of things we wanted to talk about in the update.”
“We really needed to update this document and write it through the lens of the business,” he said. “We wanted to move away from what would be a risk practitioner conversation to what would be a conversation that resonates through the entirety of the organization.”
Mr. Martens said a draft of the framework was posted for public comment about a year ago; there were about 10,000 downloads, nearly half of them outside North America, he added.
“That was a big goal for us,” he said. “We wanted to treat this as not just relevant to the U.S. — that was obviously important to us — but we also wanted to make sure we were getting to the global communities. And we were pleased with that level of feedback.”
COSO Chair Robert Hirth said that “too many people, unfortunately, look at ERM at this extra thing they needed to do, that they needed to add it on as one more thing on their schedule.”
“The idea is not to add it on,” Mr. Hirth said, “but to integrate it into what companies are already doing. Too many times, people say, ‘We’re too busy, we don’t have time for this, why would I do this?’ The idea is you’re already doing some great things, so take these concepts and challenge yourself by looking at them and asking yourself, ‘Does our strategy-setting process and setting of goals really consider these things?’”
Too many companies, Mr. Hirth said, begin their plans with the word “risk” and end up making a list of 4,000 risks.
“Just put that aside for a second,” he said. “We want to get back to the performance. What are the objectives? What are you really trying to do here, and what would be the acceptable performance around that objective? I think there’s a big focus on the results first and really formulating that, and then coming back to what’s going to stop us, rather than starting with what are all of our risks. That’s a big difference.”
The Risk & Insurance Management Society Inc. voiced its support for the new guide. Carol Fox, RIMS vice president of strategic initiatives and an invited participant on COSO’s advisory council on this issue, said in a statement that the revision “highlights the importance and value of enterprise risk management when setting and carrying out an organization’s strategy.”
“We appreciate COSO’s inclusiveness in seeking feedback from risk management professionals,” Ms. Fox continued, “and applaud our volunteer members who took advantage of this unique opportunity to influence one of risk management’s major guidance documents.”