To Manage Risk, a COSO Framework Takes Shape

To Manage Risk, a COSO Framework Takes Shape

As concern about risk management mounts, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has crafted an Enterprise Risk Management Integrated Framework that it claims will be scalable to any business plan.

PricewaterhouseCoopers led the development of the framework, which was slated for release on Oct. 25.

COSO calls the ERM framework a “roadmap for identifying risks, avoiding pitfalls and seizing opportunities to grow stakeholder value.”

Its major selling point, though, is its adaptability to all industries, public and private, and all sorts of risk, regardless of enterprise size.

“All companies need to take a look at the ERM framework,” said Peggy Wood, a partner at Grant Thornton LLP in Manhattan. “Even if you’re a two-person entity, you need to ask yourself what level of risk you’re willing to accept to make your business model successful.”

Although a mom-and-pop shop will typically choose to risk less than will a venture capitalist, it still needs to actively determine that amount of risk because, according to Wood, doing so is the only way to safeguard resources—in the form of personnel, materials, stocks, fuels, facilities or anything else.

Wood is vice chair of the New York State Society of CPAs’ Financial Accounting Standards Committee and a member of its Accounting and Auditing Oversight Committee. She says both committees see integrating company-wide risk management policies as an increasingly relevant hurdle for businesses to clear.

Sound internal controls alone might not address all potential risk. And now, according to Wood, it is important that every employee be involved in meeting the company’s level of risk tolerance. The framework could act as a template to determine what posture a company wants to take in managing risk and in disseminating that policy throughout the organization.

COSO expects enterprises to use this most recent framework in tandem with its Internal Control Integrated Framework, which is used by U.S. public companies to comply with the Sarbanes-Oxley Act and related PCAOB requirements.

“This framework could not be completed at a more appropriate time,” said COSO Chairman John J. Flaherty in a Sept. 29 COSO press release. “Until now, there hasn’t been a comprehensive framework that truly meets the far-reaching demands of the new regulatory and competitive environment.”

An executive summary of the Enterprise Risk Management Integrated Framework is available at www.coso.org and, at the time of this press, the actual two-volume framework is due out on Oct. 25.