COSO ERM:
The Next Big Opportunity to
Grow With Confidence…
Jeff Thomson, President IMA
Sandra Richtermeyer, Dean, Manning School of Business, UMass Lowell
Robert Hirth, COSO Chair
Debunking COSO ERM “Myths”
COSO ERM Myths
COSO is a form of exotic Northern Italian pasta favored by Dr.
Norm.
As far as we know, this is a myth as we believe Dr. Norm to be a
meat and potatoes man.
COSO ERM Myths
COSO ERM is the best ERM framework in the global market,
including ISO 31000.
COSO does not assert this. Our goal is to spread awareness and
adoption of our ERM framework as we think it serves as a key
strategy enabler.
COSO ERM Myths
COSO ERM is primarily useful for publicly traded companies,
especially Regulation S-K (material risk disclosures).
While useful for this purpose, COSO ERM helps organizations of
any size, any structure, any where “grow with confidence”.
COSO ERM Myths
COSO ERM, much like the Internal Controls (brother/sister)
framework, really only applies to external financial reporting and
compliance activities.
NO NO NO! The COSO Frameworks apply to internal and
external financial and operational management in achieving
strategy objectives.
COSO ERM Myths
COSO ERM focuses on the analytics of risk as that is the key
competency gap for accountants and those in operations and
strategy.
COSO ERM does have an emphasis on risk analytics such as heat
maps, risk appetite and more. But ERM is as much about culture
and a consistent language of risk and challenge across the
enterprise.
COSO ERM Myths
COSO ERM requires a narrow but in depth level of competency
on the “risk” body of knowledge.
“Risk” is a broad-based body of knowledge as it encompasses
governance, strategy, finance and operations. As such, it is
tested on the CMA® exam and in the curricula of the five
founding member bodies of COSO.
COSO ERM Myths
COSO was founded in the 1980’s by Bob Hirth,
Sandra Richtermeyer, Jeff Thomson, and, Bartles
and James.
The five founding members of COSO are –
IMA
FEI
AICPA
IIA
AAA
COSO ERM Myths
No myth # 3. This is wearing me out!!
N/A
COSO ERM Myths
There is no longer a separate COSO ERM and COSO
Internal Controls framework.
There remain separate but related frameworks.
The ERM framework focuses more on ERM in
pursuit of strategy objectives. The I/C framework
focuses more on controls and control design in
mitigating risk related to objectives. Note – COSO
will be authoring a thought paper relating the two
frameworks (later this year).
COSO ERM Myths
We are just stringing you along. There is no new
COSO ERM framework. Enjoy your day.
Of course we are kidding and now will get on
with our great panel discussion on the new
COSO ERM framework ….. Coming soon!!
Enterprise Risk Management – Aligning Risk with
Strategy and Performance
Robert Hirth
COSO Chairman
Incrementalism…
“How would you like to meet
more of your objectives more
of the time? “
What’s Available Now…
• Executive Summary
• FAQ document
• Draft Framework
• Numerous articles
• Accounting/Consulting
Firm publications
15
Top Changes to the Framework
Updates components and adopts principles
Simplifies definitions
Emphasizes value
Renews the focus on integration
Examines role of culture
16
Top Changes to the Framework, continued
Elevates discussion of strategy
Enhances alignment with performance
Links with decision making
Delineates enterprise risk management from internal control
Refines risk appetite and acceptable variation in performance
17
1. Updates Components and Adopts Principles
18
1. Updates Components and Adopts Principles
19
6. Elevates Discussion of Strategy
• Explores enterprise risk management and strategy from three different perspectives:
• The possibility of strategy and business objectives not aligning with mission, vision and
values
• The implications from the strategy chosen
• Risk to executing the strategy
20
Opportunities for Many…
•Management Accountants
•Not-for-Profits
•Public Sector
•Academics
•Boards
And Private Companies Too!
It’s all About Performance …
23