Successful organizations figure out ways to effectively manage their risks to thrive in an uncertain and rapidly changing world. Some rely on the experience and business savvy of their leaders; many others leverage a more disciplined approach, commonly referred to as enterprise risk management (ERM).
In 2014, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) announced commencement of an update to its 2004 ERM framework Enterprise Risk Management – Integrated Framework. The new framework, published in September 2017, is titled Enterprise Risk Management – Integrating with Strategy and Performance. Designed to help organizations better pursue opportunities and manage threats, the update:
- Recognizes the importance of strategy and entity performance as the central consideration for risk management.
- Better distinguishes between internal controls and ERM.
- Positions ERM as an integral part of decision making.
Throughout this book, author Paul Sobel provides implications for internal auditors or risk managers, and sometimes both. These implications will help them understand the new framework and provide examples of how they can be an integral part of helping their organizations successfully manage risk in uncertain times.