Common Risk Management Frameworks in the International Community

With the passage of the Sarbanes-Oxley Act of 2002 and the elevation of corporate governance practices throughout most all companies (private or publicly traded), the adoption of a risk management framework that instills sound and effective controls throughout an enterprise is a requirement…not a choice.

The path to establishing a formal framework has led most US companies to adopt COSO, which is built on five key components: control environment, risk assessment, control activities, information and communication, and monitoring activities. However, companies that have expanded into international markets through mergers and acquisitions have come to realize that COSO is only one of several risk management frameworks embraced in the international business community. A few of the more common international frameworks are:

• Financial Reporting Council - UK Corporate Governance Code
• Criteria of Control (CoCo) - Canadian Institute of Chartered Accountants
• King III Report on Corporate Governance - Institute of Directors In Southern Africa
• Enterprise Risk Management: Frameworks, Elements, and Integration - International Management Accountants/The Association of Accountant and Financial Professionals in Business
• Joint Standards Australia/Standards New Zealand, Risk Management AS/NZS 4360

But the framework that is most widely used internationally is International Standard - ISO 31000, published by the International Organization for Standardization. As COSO is a very structured framework that has predefined components, ISO 31000 is more of a “how to” guide to risk management driven on principles and guidelines. It is not prescriptive like COSO, but more conceptual in nature, allowing companies to be flexible in designing and constructing their risk management architecture.

Both the COSO and ISO 31000 frameworks have their supporters and detractors but the key is that both provide the adopting organizations a means to embed effective risk management across their enterprise.

© 2013 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter

our thoughts on

array(2) { [0]=> string(2) "33" [1]=> string(2) "11" }
Artificial Intelligence in Higher Education
Why Higher Education Institutions Must Comply with GDPR
International Tax Update: OECD Releases Latest Edition of Model Tax Convention
Minimizing Higher Ed Risks - Utilizing Internal Audit and Data Analytics
Enterprise Risk Management in Higher Education, and How Internal Audit Can Help
Financial Institutions - Regs on Regs on Regs

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215
p:614.621.4060     f:614.621.4062