COSO ERM Framework
COSO ERM Framework
COSO ERM Framework
Dennis Chesley
Global Risk & APA Risk Consulting Leader
dennis.l.chesley@pwc.com
June 2016
PwC 1
Why Update the ERM Framework now
COSO’s 2004 Enterprise Risk Management-Integrated Framework is one of the world’s most widely
used risk management frameworks.
Since 2004 however, the market has continued to evolve and the COSO
Framework is evolving with it.
• ERM concepts and practices have evolved and the bar is rising
• There is a need to incorporate lessons learned from recent
events
• Business and operating environments are increasingly
complex, technologically driven, and global in scale
• Stakeholders are more engaged and seeking greater
transparency and accountability
• Risk discussions are increasingly prominent at the board
level
June 2016
.
PwC 2
Project Governance Structure
June 2016
PwC 3
What is Being Updated
• The update will focus on revising the 2004 Enterprise Risk Management–
Integrated Framework
- This will include both the core Framework and related Executive Summary
June 2016
PwC 4
Project Timing
The update is structured around five main phases, including a public exposure period.
Following completion of these phases, COSO will prepare the document for publication,
anticipated to occur in the first half of 2017.
Q3 2014 End of Q2 2016 ~ Q4 2016/ Q2 2017
(105+ Days) Q1 2017
Develop an Develop an outline Develop drafts of Conduct a public Review with the
understanding of of preliminary areas the Framework, exposure period to Board to agree on
views of the current for update review with the capture market any remaining
Framework Board, Advisory reactions and areas significant revisions,
Council, and other for update revising as
interested parties necessary and
prepare for
publication
June 2016
PwC 5
Depicting Enterprise Risk Management
The updated Framework includes a new graphic to illustrate the alignment of risk, strategy, and
performance.
2004 COSO ERM Updated COSO ERM
Framework Graphic Framework Graphic
June 2016
PwC 6
Clarifying Enterprise Risk Management
June 2016
PwC 7
What’s Changed
June 2016
PwC 8
Risk and Strategy
• Research suggests that organizations are looking to strengthen the integration between
strategy and enterprise risk management
• The updated Framework enhances the conversation of risk and strategy introduced in 2004
June 2016
PwC 9
Risk Culture
• Research suggests that culture continues to • Culture reflects the entity’s ethics:
escalate in prominence the values, beliefs, attitudes,
• Risk culture is often linked to the desired behaviors, and
conversation of managements attitude understanding of risk
towards risk raking • The Framework sets out a “culture
• Measuring and reporting on culture remain spectrum” which aligns closely to
a key challenge and will likely evolve the conversation on risk appetite
significantly in the coming years
June 2016
PwC 10
Integration of Risk in Execution
June 2016
PwC 11
Risk and Performance
June 2016
PwC 12
Relationship between ERM and Internal Controls
June 2016
PwC 13
Focus on Value
• The 2004 Framework reflected an underlying premise that “every entity— whether for-profit,
not-for-profit, or governmental—exists to provide value for its stakeholders; further the value
of an entity is largely determined by the decisions that management makes—from overall
strategy decisions through to day-to-day decisions”
• Research suggests that this view continues to hold, but could be more prominent; hence, the
updated Framework enhances the focus on value – how entities create, preserve, and realize
value
• This approach to focusing on value is embedded throughout, as for instance value is:
- Now prominent in the core definition of ERM
- Discussed extensively in principles
- Linked directly to risk appetite and the ability to manage risk to acceptable levels
June 2016
PwC 14
Staying Involved
The Framework will be in the public exposure period from June 15 until September 30. Here’s
what you can do during the exposure period to familiarize yourself with the draft Framework:
• Download the draft Framework and Executive Summary from
www.coso.org
• Read the FAQ for added insight
• Provide feedback using the online survey or in a comment letter
• Attend PwC’s ERM Framework Webcast
• Sign up for updates on the COSO framework at
www.pwc.com/coso-erm
• Reach out directly to PwC
June 2016
PwC 15