What limitations of existing enterprise risk management models prompted creation of a new framework?
There have been a wide variety of frameworks utilized across companies and across countries. Some of these focus narrowly on risk management (rather than enterprise risk management). Others focus on specific industries or specific types of risk. In addition, many of these focus on mechanisms for reducing – rather than managing – risk. By contrast, the COSO Enterprise Risk Management – Integrated Framework addresses enterprise risk management applicable to all industries and encompassing all types of risk. Moreover, the framework recognizes that an effective enterprise risk management process must be applied within the context of strategy setting. This is a fundamental difference from most risk models used to date. It starts with the top of the organization and supports an organization’s major mission. In addition, many of the pre-existing frameworks stood by themselves, and thus tended to be implemented within functions. As a result, many risk management practices have been implemented
Related Questions
- How Does This Framework Relate to COSOs Internal Control Framework? Are you replacing the Internal Control Framework with the Enterprise Risk Management Framework?
- What is the role of the CFO and others in the financial management organization in enterprise risk management? How will this framework help them?
- What is the role of internal auditors in enterprise risk management? How will this framework help them?
