Common Risk Management Frameworks in the International Community

Risk Advisory/Internal Audit|International

By Donald Owens

With the passage of the Sarbanes-Oxley Act of 2002 and the elevation of corporate governance practices throughout most all companies (private or publicly traded), the adoption of a risk management framework that instills sound and effective controls throughout an enterprise is a requirement…not a choice.

The path to establishing a formal framework has led most US companies to adopt COSO, which is built on five key components: control environment, risk assessment, control activities, information and communication, and monitoring activities. However, companies that have expanded into international markets through mergers and acquisitions have come to realize that COSO is only one of several risk management frameworks embraced in the international business community. A few of the more common international frameworks are:

• Financial Reporting Council - UK Corporate Governance Code
• Criteria of Control (CoCo) - Canadian Institute of Chartered Accountants
• King III Report on Corporate Governance - Institute of Directors In Southern Africa
• Enterprise Risk Management: Frameworks, Elements, and Integration - International Management Accountants/The Association of Accountant and Financial Professionals in Business
• Joint Standards Australia/Standards New Zealand, Risk Management AS/NZS 4360

But the framework that is most widely used internationally is International Standard - ISO 31000, published by the International Organization for Standardization. As COSO is a very structured framework that has predefined components, ISO 31000 is more of a “how to” guide to risk management driven on principles and guidelines. It is not prescriptive like COSO, but more conceptual in nature, allowing companies to be flexible in designing and constructing their risk management architecture.

Both the COSO and ISO 31000 frameworks have their supporters and detractors but the key is that both provide the adopting organizations a means to embed effective risk management across their enterprise.

© 2013 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2019 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.