Evolving ERM: New Framework Provides Updated Guidance for Risk Management
1 like164 views
The document discusses the updated guidance for enterprise risk management (ERM) released by COSO in September 2017, which builds upon its 2004 framework by enhancing risk management procedures and clarifying the integration of ERM with strategy and performance. It emphasizes the importance of aligning ERM with organizational goals while also assessing risk tolerance and decision-making, providing graphical representations to connect risks with performance. The guidance is intended as a flexible framework for organizations to enhance their ERM practices, positioning risk as an integral part of operational strategies.
Evolving ERM: New Framework Provides Updated Guidance for Risk Management
- 1. ADVISORY MHM (Mayer Hoffman McCann P.C.) is an independent CPA firm that is a member of Kreston International Limited, a global network of independent accounting firms. Learn more at www.mhmcpa.com Our roots run deep Changing times call for changing approaches to enterprise risk management. The Committee of the Sponsoring Organizations of the Treadway Commission (COSO) released updated guidance for ERM in September 2017. The new guidance enhances COSO’s 2004 ERM publication, Enterprise Risk Management-Integrated Framework by providing additional detail organizations can use to enhance enterprise-wide risk management procedures. Updates address evolving risks and help clarify the role ERM plays in strategy and performance. EvolvingERM:NewFrameworkProvidesUpdated GuidanceforRiskManagement Internal Controls Enterprise risk management and internal controls go hand-in-hand. COSO’s updated guidance in Enterprise Risk Management: Integrating with Strategy and Performance even adopts components and principles, a structure that is similar to COSO’s internal control recommendations. To clarify that internal controls and ERM encompass different types of activities, the guidance removes some of the redundancies between COSO’s internal control guidance and its ERM framework. It also further develops the governance recommendations for risk management. Decision-Making New guidance stresses how ERM can be used to create, preserve and realize value, and it emphasizes the importance of including ERM in all aspects of operations. Decision-making can be helped by ERM so that decisions are made with an understanding of how the risk associated with a decision fits in with the organization’s risk culture. Analyzing an acquisition in light of ERM, for example, may reveal that the deal is too risky for an organization’s risk appetite. Performance Closely tied to decision-making and value is ERM’s role in performance. The new guidance focuses on the role risk plays in business objectives and performance targets. It encourages organizations to identify the top risks that impact performance and determine the amount of risk tolerance that is acceptable for a given level of performance. Risk tolerance enables organizations to better assess whether changes in levels of performance are acceptable or whether the changing levels of performance may necessitate changes to the organization’s risk profile. Included in the guidance are graphical depictions of risk profiles to help illustrate how risk can be connected to performance. Strategy Risk management fails when a strategy is used that doesn’t fit the organization. ERM should reflect an organization’s risk profile and its core values and mission. Updates to COSO guidance stress the importance of an ERM strategy, and the updated guidance encourages organizations to consider the possibility of a strategy and business objectives not aligning, the implications from the strategy chosen, and the risks to executing strategy before deciding on a set approach to risk management. How to Implement the New Guidance COSO’s ERM framework is not mandatory. It’s designed to be a guide that organizations of all types and across all industries can use to help enhance their current ERM practices. It can hold significant benefits for organizations that implement it. Organizations can use it to connect enterprise risk management with stakeholder
- 2. ADVISORY MHM (Mayer Hoffman McCann P.C.) is an independent CPA firm that is a member of Kreston International Limited, a global network of independent accounting firms. Learn more at www.mhmcpa.com Our roots run deep ©Copyright2017.MayerHoffmamMcCannP.C.Allrightsreserved. expectations. It also helps them position risk in the context of performance, and not just an isolated exercise. By making risk management an integral part of your operating strategy, your company can get ahead of the issues that may impact operations. ERM can also identify changes that need to be made, which may present new opportunities to create value for your organization. For more information about ERM, please contact us. Related Reading • ERM Requirements for Federal Agencies Could Trigger Changes for Government Contractors • 3 Questions Every Board Needs to Ask About Enterprise Risk • Top 4 Risks Facing Your Company