First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

COSO ERM

Uniting risk management with strategic planning

Who can argue that the consideration of what might happen (what some refer to as risk) should be part of the strategic planning process? Objectives and strategies should be set only after thinking carefully about where you are, what is happening around you, and what may happen in the future.

 

, ,

The updated ISO risk management standard merits our attention

Neither the ISO nor the COSO updates will, in my opinion, move the understanding and practice of ‘risk management’ to where they need to be. The updates are small steps when leaps were required.

 

, , , , ,

Do we understand what a risk event is?

COSO ERM talks about the possible effect of an event on objectives, and in common parlance we are talking about something happening that has an effect on the organization. (COSO thinks of risk as the possibility of that event occurring; ISO talks about risk as the effect of what might happen on objectives.)

 

, , , ,

COSO ERM explains the flaw in risk appetite statements

Devotion to remaining within risk appetite (if you can even express one that will proactively guide decision-makers) is likely to make you risk averse – and focusing on avoiding harm is the path to avoiding success.

 

, , ,