From natural disasters and government shutdowns to cyberattacks and fraud, risks abound in today’s volatile, uncertain marketplace. While some level of risk is inevitable when operating a business, proactive owners and executives apply an enterprise risk management (ERM) framework to manage it more effectively.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed in July 1985 to combat fraudulent financial reporting. The panel is a joint initiative of the American Institute of Certified Public Accountants, Financial Executives International, Institute of Internal Auditors, American Accounting Association and Institute of Management Accountants.
COSO first published its Enterprise Risk Management — Integrated Framework in 2004. Companies aren’t generally required by law or regulations to apply an ERM framework. But they often choose to use COSO’s ERM framework to enhance their ability to manage uncertainty, consider how much risk to accept and improve understanding of opportunities as they strive to increase and preserve stakeholder value.
Through periodic updates, COSO aims to capture today’s best practices and help management attain better value from their ERM programs. The ERM framework was revamped in 2017 to address questions about how risk management should be incorporated with an organization’s management of its strategy. That update included five components: 1) governance and culture, 2) strategy and objective setting, 3) performance, 4) review and revision, and 5) information, communication and reporting.
The framework was modified again in 2018 to address sustainability issues. Specifically, COSO’s Guidance for Applying ERM to Environmental, Social and Governance (ESG)-related Risks highlights ESG risks, as well as opportunities to enhance resiliency as organizations confront new and developing risks, such as extreme weather events or product safety recalls.
In December 2019, COSO published Managing Cyber Risk in a Digital Age. This guidance addresses how companies can apply COSO’s framework to protect against cyberattacks. These attacks have been on the rise in 2020, in part, because people are increasingly reliant on the Internet for working, learning and interacting during the COVID-19 pandemic. And home networks tend to be more vulnerable to cyberattacks than in-office networks.
Many people are unclear what the term “ERM” means. ERM encompasses more than taking an inventory of risks — it’s an enterprise-wide process. Internal control is just one small part of ERM — it also may include, for example, strategy setting, governance, communicating with stakeholders and measuring performance. These principles apply at all business levels, across all functions and to organizations of any size.
The ERM framework is designed to help management anticipate risk so they can get ahead of it, with an understanding that change creates opportunities, not simply the potential for crises. In short, ERM helps increase positive outcomes and reduce negative surprises that come from risk-taking activities.
ERM in the new normal
Market conditions in 2020 have been unprecedented, and more uncertainty lies ahead. Our accounting professionals can help you identify and optimize risks. Contact us to discuss cost-effective ERM practices to make your business more resilient and responsive in the future.
Information provided on this web site “Site” by Thompson Greenspon is intended for reference only. The information contained herein is designed solely to provide guidance to the user, and is not intended to be a substitute for the user seeking personalized professional advice based on specific factual situations. This Site may contain references to certain laws and regulations which may change over time and should be interpreted only in light of particular circumstances. As such, information on this Site does NOT constitute professional accounting, tax or legal advice and should not be interpreted as such.
Although Thompson Greenspon has made every reasonable effort to ensure that the information provided is accurate, Thompson Greenspon, and its shareholders, managers and staff, make no warranties, expressed or implied, on the information provided on this Site, or about any other website which you may access through this Site. The user accepts the information as is and assumes all responsibility for the use of such information. Thompson Greenspon also does not warrant that this Site, various services provided through this Site, and any information, software or other material downloaded from this Site, will be uninterrupted, error-free, omission-free or free of viruses or other harmful components.
Information contained on this Site is protected by copyright and may not be reproduced in any form without the expressed, written consent of Thompson Greenspon. All rights are reserved.
Ready to talk to one of our specialists?
Our specialists are all seasoned professionals who have years of experience working within your industry. Reach out to us today to schedule a consultation.