Please ensure Javascript is enabled for purposes of website accessibility
September 21, 2023

COSO’s ERM Framework Has Fresh Paint, New Open Concept

coso erm

I remember in college, I’d turn in a paper and feel a sense of relief knowing that I never had to look at it again. Feedback from the instructor was informative but required no further action. Man, do I miss that. Don’t you? I’m sure PwC, who authored the COSO Enterprise Risk Management (ERM) Framework, did when they had to take another hack at updating it. And, I find it slightly amusing that COSO didn’t even want to do the legwork on the update themselves, passing it back off to PwC. They just supervised.

But, nevertheless, after over a decade, someone decided we couldn’t put off updating the Framework any longer. In September, COSO offered up the final version of the new, improved COSO ERM. The Journal of Accountancy quoted Bob Hirth, COSO’s chair, that the “our overall goal is to continue to encourage a risk-conscious culture.”

Much of it is essentially the same, but a nip and tuck here and there to rejuvenate it, including:

  • A flashy, new title: Enterprise Risk Management – Integrating with Strategy and Performance. (Very creative; kudos to whoever came up with that.)
  • A greater emphasis on strategy alignment and integrating ERM with decision-making
  • Reminder that ERM shouldn’t be an isolated exercise performed periodically. Seems they caught on to the fact that we’re all lazy and just want to check the box.
  • Adoption of a components and principles structure, mimicking COSO Internal Control – Integrated Framework (2013)
    • Eight components got re-envisioned and turned into just five.
    • 20 principles
  • Simplification of the ERM definition to make sure after reading the behemoth Framework, you at least grasp what ERM is.
  • COSO nixed the Rubix cube diagram, finally! What is this thing?

coso erm

But never mind the clunky visuals, this refreshed COSO is a snoozer.

There’s always been something about COSO standards that I can’t quite put my finger on. Maybe it’s all the jargon, but am I the only one who feels like I’m reading a last-minute final paper from that required management class you took in college? It even starts the executive summary with the classic, “art and science” trope:

Our understanding of the nature of risk, the art and science of choice, lies at the core of our modern economy. Every choice we make in the pursuit of objectives has its risks. From day-to-day operational decisions to the fundamental trade-offs in the boardroom, dealing with risk in these choices is a part of decision-making.

As we seek to optimize a range of possible outcomes, decisions are rarely binary, with a right and wrong answer. That’s why enterprise risk management may be called both an art and a science. And when risk is considered in the formulation of an organization’s strategy and business objectives, enterprise risk management helps to optimize outcomes.

But, hey, I’ve used the “art and science” introduction a time or two, so I won’t bash it too hard.

We’ll see if executives find value in transitioning to the new guidance. No one’s forcing them since 2017 COSO ERM doesn’t supersede the 2004 version.

I expect it will take a while for people to embrace the changes. Everyone’s always a little skeptical and slow to implement new guidance. Just look at the procrastination on the standard updates for leases as an example. If history is any indication, on the last go around GC reported that a year after the 2013 update was made to the sibling standard, COSO Internal Control – Integrated Framework, approx. 20% of companies were planning to blow it off, and only 60% were on top of using it for SOX compliance. The remainder were “unsure,” whatever that means.

As Greg Kyte put it for the last COSO update, “[We] wondered if either update was actually necessary”

Necessary or not, it’s another way to convince clients that they should pay you to consult them on all the revolutionary changes. Good luck with that!

Image: iStock/bobaa22

Latest Accounting Jobs--Apply Now:

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.

Related articles

an empty office to represent talent shortage

Research: The Talent Shortage is Starting to Take Its Pound of Flesh From Corporate Tax Departments

This morning, Thomson Reuters released new research that reveals both corporate tax and global trade departments state they are under-resourced for technology and talent. This, naturally, is increasing risk in the form of penalties and audits. The latest research piggybacks a bit on what was revealed in their Future of Professions report released last month. […]

Pink note on blue walll with text written CAN WE TALK , concept of talk openly to improve relationship, listen and share more, for couples or for teamwork

Don’t Grow Your Accounting Firm Out of Business! Break Up With These Unscalable Practices Now

Business growth is always a high priority for accounting firms, especially small-to-midsize practices. Take care, though, because growth can be a double-edged sword. If your firm expands too quickly or without the right strategy, it can ramp up costs faster than you can handle, lower the quality of your services—and put so much stress on […]