I’ve said many times before on this blog, one of the building blocks for resilience is the ability to adapt to a faster-changing and more uncertain world. This is true for organizational strategies set, people employed, and the frameworks that guide us. That’s why my colleagues and I at PwC so strongly support the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) announcement yesterday to review and update its Enterprise Risk Management–Integrated Framework.
The years after the financial crisis have caused significant change in the area of risk management. Risk practices have evolved, risk tolerance and risk appetite levels aren’t the same, regulators’ expectations and understanding of how risk management ties into an organization’s strategy, objectives, and governance structure are increasing.
The Wall Street Journal Blog (subscription required): COSO Updating Enterprise Risk Management Framework
Compliance Week: COSO Launches Project to Update ERM Framework
Resilience Journal: 17th Annual Global CEO Survey: Fit for the future
Resilience Journal: How do global leaders bolster risk resilience? Ten best practices
As I said in the Wall Street Journal blog (subscription required) earlier this week, “The ERM goal is to set up a process whereby an organization can say here are the objectives we’ve set out, here are the risks or threats that could impact, how do we begin to manage, monitor and mitigate those risks.”
With this much risk change, complexity and velocity, it’s time to review COSO’s widely-accepted framework that guides how organizations can approach and manage risk. For, like any other business-critical function, risk management needs to reflect shifting realities, to provide leaders with today’s – and tomorrow’s - risk information. This is a pre-requisite to adaptability, resilience and being better-positioned to capture the upside of changing risk landscapes.
Our team at PwC will work with COSO to lead the review and refresh the Framework over the coming 12 to 24 months. I will update you as regularly as I can on what we learn.
If you have strong views or questions about COSO’s Enterprise Risk Management–Integrated Framework, I encourage you to share them with me here on this blog. Visit our Resilience Journal site for more information on COSO.