02.19.2018 | Client Alert
Recognizing that Enterprise Risk Management (ERM) is a constantly evolving process, COSO (The Committee of Sponsoring Organizations of the Treadway Commission) issued a new document in June 2017, Enterprise Risk Management – Integrating with Strategy and Performance which places a greater emphasis on strategy alignment and integrating ERM with decision-making. This new document builds on its predecessor, Enterprise Risk Management – Integrated Framework which was issued in 2004.
In January 2018, COSO and the World Business Council for Sustainable Development (WBCSD) issued a draft guidance for applying ERM to environmental, social, and governance (ESG) risks. The draft is designed to help organizations from start-ups to multinationals respond to the growing impact of ESG-related risks, ranging from extreme weather events to product safety recalls.
COSO’s update connects ERM with a number of stakeholder expectations and puts risk in the context of the overall performance of an organization. The update emphasizes how ERM informs strategy and its performance. Ultimately, COSO offers insights that are important to the business as a whole and not just for those responsible for risk management.
Highlights of the update include:
- Incorporating greater insight on the value of ERM when planning and carrying out strategy
- Aligning performance with ERM to improve the setting of performance targets and understanding of the impact of risk on performance
- Accommodating expectations for governance and oversight
- Recognizing globalization and the need to apply a common approach, with some tailoring, across geographic locations
- Presenting new ways to view risk in setting and achieving objectives in a world where business has grown more complex
- Expanding reporting to address expectations for greater stakeholder transparency
- Accommodating evolving technologies and the proliferation of data and analytics in supporting decision making
- Setting out core definitions, components, and principles for all levels of management involved in designing, implementing, and conducting ERM practices
The update also seeks to clear up a number of misconceptions about ERM. Among them:
- ERM is not a function or department— it is the culture, capabilities, and practices that organizations integrate with strategy-setting and apply when carrying out that strategy.
- ERM is more than risk identification — it includes practices put in place to actively manage risk.
- ERM goes beyond internal controls — it also includes strategy, governance, communication, and measuring performance among other areas.
- ERM is not a checklist — it is a set of principles on which processes are built and integrated within an organization.
- ERM can be used by organizations of any size— if your organization has a mission, strategy, and objectives, ERM can be applied.
COSO/WBCSD Draft Guidance
There is an ever-evolving landscape of environmental, social, and governance (ESG)-related risks that may influence a company’s profitability, success, and survival. The World Economic Forum’s Global Risks Report 2018 identified tops risks, among them extreme weather events; water crises; natural disasters; and failure of climate change mitigation and adaptation.
COSO and WBCSD believe that leveraging a company’s ERM governance and processes can help identify, assess, and mitigate these risks. The draft guidance is designed to facilitate this process. Currently, the guidance is only in draft form and a lengthy consultation process is expected to take place in 2018 before any final recommendations from COSO and WBCSD are released.
If you have questions about the COSO updates and how they may apply to your organization, contact Alexander Moshinsky, Director, Operational Advisory and Risk Management at 212.331.7448 | AMoshinsky@BERDONLLP.com
Berdon LLP, New York Accountants