With the passage of the Sarbanes-Oxley Act of 2002 and the elevation of corporate governance practices throughout most all companies (private or publicly traded), the adoption of a risk management framework that instills sound and effective controls throughout an enterprise is a requirement…not a choice.
The path to establishing a formal framework has led most US companies to adopt COSO, which is built on five key components: control environment, risk assessment, control activities, information and communication, and monitoring activities. However, companies that have expanded into international markets through mergers and acquisitions have come to realize that COSO is only one of several risk management frameworks embraced in the international business community. A few of the more common international frameworks are:
• Financial Reporting Council - UK Corporate Governance Code
• Criteria of Control (CoCo) - Canadian Institute of Chartered Accountants
• King III Report on Corporate Governance - Institute of Directors In Southern Africa
• Enterprise Risk Management: Frameworks, Elements, and Integration - International Management Accountants/The Association of Accountant and Financial Professionals in Business
• Joint Standards Australia/Standards New Zealand, Risk Management AS/NZS 4360
But the framework that is most widely used internationally is International Standard - ISO 31000, published by the International Organization for Standardization. As COSO is a very structured framework that has predefined components, ISO 31000 is more of a “how to” guide to risk management driven on principles and guidelines. It is not prescriptive like COSO, but more conceptual in nature, allowing companies to be flexible in designing and constructing their risk management architecture.
Both the COSO and ISO 31000 frameworks have their supporters and detractors but the key is that both provide the adopting organizations a means to embed effective risk management across their enterprise.
© 2013 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.
This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter