An update from members of FEI’s Committee on Governance, Risk and Compliance (CGRC)
On Wednesday, September 6, 2017, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released the new updated ERM Framework:
Enterprise Risk Management – Integrating with Strategy and Performance.
Financial Executives International (FEI) is a sponsoring member of COSO and participated in framework update. The new document is a significant leap forward over the 2004 framework and now emphasizes embedding ERM throughout an organization, as risk influences both strategy and performance. The framework begins by highlighting how enterprise risk management helps organizations better understand the risks around mission, strategy settings, risks to performance, and the risks of a misaligned strategy.
The framework includes components on:
- Governance and culture;
- strategy and objective-setting;
- performance;
- review and revisions; and
- information, communicating and reporting.
Each component has a set of principles to demonstrate what an organization could do in that specific area. There are 20 principles in total, including:
- Board risk oversight
- Analyzing business context
- Formulating business objectives
- Assessing substantial change
- Developing a portfolio
COSO also released an appendix with illustrations that:
- Explains how management roles change by entity size;
- provides board risk oversight examples for each component (to help organizations improve their risk oversight); and
- demonstrates how a portfolio approach might be implemented by linking the risks to objectives.
The recent Financial Executive Research Foundation (FERF) executive report,
The Strategic Financial Executive: Managing Risk in a Disruptive World found that expectations for the CFO are changing to a greater emphasis on strategy and risk skills. This COSO update provides new tools to assist CFOs, and those who support the CFO, in leveraging ERM to contribute to the achievement of strategic goals.
FEI members should become familiar with the new framework and be able to explain to board members, and other executives, how the framework might apply to their organizations, helping to meet strategic goals and to create and protect value. Organizations may also want to compare their current practices to the components and principles to look for opportunities to improve their decision making, risk management and performance.
FEI’s CGRC will continue to follow and analyze the framework and provide additional insights in the coming weeks.