In September of 2017, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released the ERM Framework: Enterprise Risk Management-Integrating with Strategy and Performance. The new release, the first since 2004, stresses the use and the importance of enterprise risk management in the strategic planning process, while also emphasizing the importance of incorporating ERM (Enterprise Risk Management) through all parts of an organization.
The reason for the inclusion of ERM in strategic planning is the result of the acknowledgment that risk needs to be taken into account when developing a strategic plan, and measuring company performance knowing that all companies face risk regardless of the market they are in.
The new framework was developed, under the COSO board, by PriceWaterhouse Coopers, and there are plans to translate the framework to be translated into several languages. The documents start out with an explanation of what enterprise risk management is, how it is currently being used and how it is evolving to deal with the demands of an ever-shifting needs of our fast-changing business environment, and how ERM can be used to handle these changes in the factors that go into the decision-making process.
As stated in the Executive Summary, the purpose of the new guidance was to:
• Provides greater insight into the value of enterprise risk management when setting and carrying out strategy.
• Enhances alignment between performance and enterprise risk management to improve the setting of performance targets and to understand the impact of risk on performance.
• Accommodates the expectations stakeholders have for governance and oversight.
• Recognizes the globalization of markets and operations and the need to apply a common, albeit tailored, approach across geographies.
• Presents new ways to view risk to setting and achieving objectives in the context of greater business complexity.
• Expands reporting to address expectations for greater stakeholder transparency.
• Accommodates evolving technologies and the proliferation of data and analytics in supporting decision-making.
• Sets out core definitions, components, and principles for all levels of management involved in designing, implementing, and conducting enterprise risk management practices.
The second part of the framework discusses the five components that make up the framework, which they list as five principles as well as components of a system, which include:
- Governance and Culture
- Strategy and Objective Setting
- Review and Revision
- Information, Communication, and Reporting
The document ends by looking into the future to see what trends may affect enterprise risk management.
The AICPA announced this year that the changes to the COSO ERM framework are eligible for testing beginning with the testing window starting April 1, 2018. As part of the exam, candidates may be asked to do the following:
- Define ERM within the context of the COSO ERM framework, including the purpose and objectives of the framework.
- Understand the relationship between risk, business strategy, and performance within the context of the COSO ERM framework.
Candidates for the CPA testing in the second quarter of 2018 should review the framework, understand the components, and be ready to answer questions related to the framework as indicated by the changes in the CPA exam recently released by the AICPA.