The COSO ERM framework is comprised of the components and principles of effective enterprise risk management. The Committee of Sponsoring Organizations (COSO) is an organization that seeks to guide managers toward more effective, efficient, and ethical business practices through enterprise risk management (ERM). Their ERM framework is used by companies globally.
The COSO ERM framework recommends specific procedures for identifying, assessing, and responding to risks. Along with this advice, the framework provides specific language that allows managers from many different industries and cultures to understand and discuss enterprise risk management using the same terms.
COSO has developed its ERM framework with special attention to strategic planning. The organization has focused on enterprise risk management while other frameworks tend to be only about risk management in a very narrow sense. Other frameworks have been used in silos, so that one part of the company may be well-protected while another is not. The COSO ERM framework instead deals with risk across the entire company.
This framework gives guidance on how to manage oversight of the ERM processes by the board and audit committees in any company. At the same time, COSO recognizes and addresses in its ERM framework the fact that providing services is the primary purpose of the business and enterprise risk management is only helpful when it allows for and helps achieve that goal.
COSO ERM framework includes recommendations on how to set and communicate risk policy based on how much risk the organization is willing to accept. It encourages transparency and accurate financial reporting and gives advice on how to accomplish that.
The COSO ERM framework is scalable and beneficial to profit, nonprofit, and government organizations. It is available to all companies, whether they are a member of COSO or not, for a small fee.