COSO's Updated Enterprise Risk Management Framework—A Quest For Depth And Clarity

Date01 July 2018
Published date01 July 2018
COSOs Updated Enterprise
Risk Management Framework
A Quest For Depth And Clarity
Kyleen Prewett and Andy Terry
This article dis-
cusses the importance
and evolution of
enterprise risk man-
agement. It examines
similarities and dif-
ferences between the
2004 and 2017 COSO
ERM Frameworks
as well as the overall
value of the 2017
revisions. Finally, the
article examines the
relationship between
ERM and internal
Since its incep-
tion in 1985, the
Committee of Spon-
soring Organizations
(COSO), formed by a federa-
tion of the American Account-
ing Association, American
Institute of CPAs, Financial
Executives International, Insti-
tute of Management Accoun-
tants, and Institute of Internal
Auditors, has sought to
advance thought, dialogue, and
practices related to internal
control. Soon after its 1992
seminal internal control publi-
cation, Internal Control
Integrated Framework, COSO
also began publishing in the
areas of enterprise risk man-
agement (ERM), monitoring of
controls, and fraud deterrence,
as well as disseminat-
ing guidance on how
to apply these con-
cepts in certain types
and sizes of organiza-
tions or to certain
functional areas such
as information
In 2004, COSO
published its rst
comprehensive guid-
ance on enterprise
risk management
Risk ManagementIntegrated
Framework. The 2004 ERM
Framework was similar in
structure and tone to the 1992
Internal Control Framework
and, by-in-large, expanded on
the Risk Assessment compo-
nent of the Internal Control
Framework. In 2013, COSO
In 2004, COSO published its rst comprehensive
guidance on enterprise risk management (ERM) -
Enterprise Risk Management Integrated
Framework. Then, in June of 2017, COSO
released a new, more detailed and complex ERM
framework titled Enterprise Risk Management
Integrating with Strategy and Performance. This
article examines the relationship between ERM
and internal control, and then examines the
similarities and differences between the 2004 and
2017 COSO ERM Frameworks. While little is new
in the 2017 Framework, its focus on the
integration of ERM with strategy-setting and
performance and deeper recognition of the role of
governance and culture provides a comprehensive
framework and impetus for rms to be intentional
about integrating these important concepts.
© 2018 Wiley Periodicals, Inc.
© 2018 Wiley Periodicals, Inc.
Published online in Wiley Online Library (
DOI 10.1002/jcaf.22346

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT