Abstract
In 2014, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) announced that they would embark on the revision of their Enterprise Risk Management—Integrated Framework (2004). After 2 years of deliberations and a 6-month evaluation period, COSO has finally released its Enterprise Risk Management: Integrating Strategy and Performance on September 6, 2017. One of the primary issues that arose after the release of the original Framework was the awareness that organizations have failed to adopt an integrated treatment of Enterprise Risk Management (ERM) and strategic planning, termed Strategic Risk Management (SRM). This is especially troubling as the benefits of SRM have been recognized by academics, practitioners, and regulators. The new Framework takes significant steps to promote a mind shift, or paradigm change, to a more integrative approach to ERM and strategic planning. Pierce and Goldstein, in their previous work (in: 14th global conference on business and economics, Oxford, UK, 1–2 October, 2016), highlighted language and diagrams in the original Framework that may have led to the siloed treatment of both processes. In this paper, we examine changes in the new Framework to determine whether they sufficiently address these changes in order to move organizations more toward Strategic Risk Management.
This is a preview of subscription content, log in via an institution to check access.
(Reproduced with permission from COSO 2004)
(Reproduced with permission from Pierce and Goldstein 2016)
(Reproduced with permission from COSO 2017, p. 68)
(Reproduced with permission from COSO 2017, p. 73)
(Reproduced with permission from COSO 2017, p. 21)
Similar content being viewed by others
References
Beasley, M.S., B.C. Branson, and B.V. Hancock. 2010. COSO’s 2010 Report on ERM: Current State of Enterprise Risk Oversight and Market Perceptions of COSO’s ERM Framework. Available at: http://coso.org/-ERM.htm. Accessed 17 September 2016.
Beasley, M.S., B.C. Branson, and B.V. Hancock. 2011. Current State of Enterprise Risk Oversight: 3rd Edition. Available at http://www.aicpa.org/interestareas/businessindustryandgovernment/resources/erm/downloadabledocuments/current_state_erm_3rdedition.pdf. Accessed 23 September 2016.
Beasley, M.S., B.C. Branson, and B.V. Hancock. 2012. Current State of Enterprise Risk Oversight: Progress is Occurring but Opportunities for Improvement Remain. Available at https://erm.ncsu.edu/az/erm/i/chan/library/AICPA_ERM_Research_Study_2012.pdf. Accessed 23 September 2016.
Beasley, M.S., B.C. Branson, and B.V. Hancock. 2014. Report on Current State of Enterprise Risk Oversight: Opportunities to Strengthen Integration with Strategy. Available at https://erm.ncsu.edu/az/erm/i/chan/library/AICPA_ERM_Research_Study_20142.pdf. Accessed 23 September 2016.
Beasley, M.S., B.C. Branson, and B.V. Hancock. 2015. 2015 Report on Current State of Enterprise Risk Oversight: Update on Trends and Opportunities. Available at https://erm.ncsu.edu/az/erm/i/chan/library/AICPA_ERM_Research_Study_2015.pdf. Accessed 23 September 2016.
Beasley, M.S., B.C. Branson, and B.V. Hancock. 2016. 2016 The State of Risk Oversight: An Overview of Enterprise Risk Management Practices. Available at https://erm.ncsu.edu/az/erm/i/chan/library/AICPA_ERM_Research_Study_2016.pdf. Accessed 23 September 2016.
Beasley, M., A. Chen, K. Nunez, and L. Wright. 2006. Working Hand in Hand: Balanced Scorecards and Enterprise Risk Management. Strategic Finance 87 (9): 49–55. (ProQuest Business Collection).
Beasley, M., B. Branson, and B. Hancock. 2009. Report on the Current State of Enterprise Risk Oversight. Raleigh, NC: The ERM Initiative at North Carolina State University.
Committee of Sponsoring Organizations. 2004. Enterprise Risk Management—Integrated Framework. Available at www.coso.org.
Committee of Sponsoring Organizations. 2016. Enterprise Risk Management—Aligning Risk with Strategy and Performance. Available at www.coso.org.
Committee of Sponsoring Organizations. 2017. Enterprise Risk Management—Integrating with Strategy and Performance. Available at www.coso.org.
Dafikpaku, E. 2011. The Strategic Implications of Enterprise Risk Management: A Framework. In 2011 ERM Symposium, Chicago, IL, 14–16 March. Retrieved from: https://www.soa.org/library/monographs/other-monographs/2011/november/2011-erm-toc.aspx. Accessed 18 March 2016.
D’Aquila, J.M., and R. Houmes. 2014. COSO’s updated internal control and enterprise risk management frameworks. The CPA Journal 84(5): 54–59.
DeLoach, J. 2012. Integrate the ERM Process With What Matters. Corporate Compliance Insights. Retrieved from: http://www.corporatecomplianceinsights.com/integrate-the-erm-process-with-what-matters/. Accessed 31 March 2017.
DeLoach, J. 2013. 10 Questions You Should Ask About Risk Management. Corporate Compliance Insights. Retrieved from: http://www.corporatecomplianceinsights.com/ten-questions-you-should-ask-about-risk-management/. Posted 18 February, Accessed 28 July 2017.
Frigo, M.L. 2008. When Strategy and ERM Meet. Strategic Finance, 45–49. Retrieved from: https://www.rims.org/resources/ERM/Documents/WhenStrategy_and_ERM_Meet_StrategicFinance.pdf. Accessed 29 August 2016.
Frigo, M. and R. Anderson. 2009. Strategic Risk Assessment. Strategic Finance, 25–33. Retrieved from: https://www.rims.org/resources/ERM/Documents/StrategicRiskAssessment_StrategicFinance_December2009.pdf. Accessed 02 September 2016.
Frigo, M.L., and R.J. Anderson. 2011. What is Strategic Risk Management? Strategic Finance 92 (10): 21–22.
Marks, N. 2013. Reflections on Strategic Risk. Norman Marks on Governance, Risk Management, and Audit [web log comment]. Retrieved from: https://normanmarks.wordpress.com/2013/11/24/reflections-on-strategic-risk/.
Marks, N. 2014. What is Effective Risk Management? Norman Marks on Governance, Risk Management, and Audit [web log comment]. Retrieved from: https://normanmarks.wordpress.com/2014/04/12/what-is-effective-risk-management/.
Marks, N. 2015. World-Class Risk Management, Kindle ed. North Charleston, SC: CreateSpace Independent Publishing Platform.
McNally, J.S. 2013. The 2013 COSO Framework & SOX Compliance: One approach to an effective transition. Strategic Finance: 45–52.
Metha, S. 2010. Enterprise Risk Management: Insights & Operationalization. [Executive Report], Danvers, MA: Financial Executives Research Foundation. Retrieved from: https://erm.ncsu.edu/library/article/erm-insights-operationalization. Accessed 28 August 2016.
Pierce, E.M. and J. Goldstein. 2016. Moving from Enterprise Risk Management to Strategic Risk Management: Examining the Revised COSO ERM Framework. In 14th Global Conference on Business and Economics, Oxford, UK, October 1–2. Accessed from: http://www.gcbe.us/14th_GCBE/data/confcd.htm.
Schiller, F., and G. Prpich. 2014. Learning to Organise Risk Management in Organisations: What Future for Enterprise Risk Management? Journal of Risk Research 17: 1–19.
Verbano, C., and K. Venturini. 2011. Development Paths of Risk Management: Approaches, Methods and Fields of Application. Journal of Risk Research 14: 519–550.
Acknowledgements
The authors would like to thank Douglas Anderson, Managing Direct—CAE Solutions, with the Institute of Internal Auditors, for his continued insight into the Enterprise Risk Management revision process.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Pierce, E.M., Goldstein, J. ERM and strategic planning: a change in paradigm. Int J Discl Gov 15, 51–59 (2018). https://doi.org/10.1057/s41310-018-0033-3
Published:
Issue Date:
DOI: https://doi.org/10.1057/s41310-018-0033-3