COSO's Framework for Enterprise Risk Management

A new framework from COSO aims to help companies evaluate risk across the enterprise

March 01, 2005 — CSO — The CSO's job is all about risk. And if the Committee of Sponsoring Organizations (COSO) of the Treadway Commission has its way, soon everyone else's job will be about risk too.

COSO, a voluntary council with members from five accounting organizations, made its name with its internal control framework, which was cited in the Sarbanes-Oxley Act as an example of controls companies could use to prevent fraudulent financial reporting. Now the group has released a framework about enterprise risk management (ERM), of which internal controls are only a small part.

"ERM provides a comprehensive way for companies to avoid surprises," contributor Rick Steinberg told the crowd at what amounted to a release party for the document in midtown Manhattan in late September. "That's the bottom line."

The framework breaks ERM into four categoriesstrategic, operational, reporting and complianceand assumes that every risk can be avoided, accepted, reduced or shared. Right now, few companies outside of financial services are looking at risk in such a formal way, according to Steinberg and others. However, executives who look at risk in a comprehensive way will be able to add to their company's bottom line, by evaluating how risks interrelate so that they can make better decisions about which risks are worth taking.

Now that the framework has been finalized, it's up to companies to decide if they want to adopt itand up to CSOs to make sure that their expertise in operational risk management is a key part of this implementation.

"The marketplace will now decide if this is useful," says longtime chairman John Flaherty, the former general auditor of PepsiCo. "If the product is as good as we think it is, it's going to sell, and companies will adopt it."

A free executive summary of the framework is available at www.coso.org, where visitors can also purchase the two-volume set for $75.