The COSO ERM Update – Megrow Continues the Dissection

The COSO ERM Update – So What?

The dust on COSO’s updated ERM framework is slowly settling. It is time to dig a little deeper and ponder about the actual impact of the update. Part one of my scribbling is here and part two is here.

for the non-converted

The executive summary of the update release is a hefty 16 pages long; some stakeholders have released YouTube videos to explain the updates, some are publishing podcasts and others release valuable comments on their websites. All these sources offer great content and explanation how risk management, strategy culture and execution fit together.

I have been asking myself: if I were the CEO of a company and (for what ever reason) unconvinced of the comprehensive benefits of ERM, would this update make me change my mind?

Probably not.


Because the link to measurable performance improvement is not that obvious. Or in more colloquial terms: “where is the beef”? I know this is a hard call, but after all business is about making investments in the aspiration of generating returns.

where are the $$?

It would be great if tangible, real-life examples show how the updated framework is making a quantifiable difference to companies. Ideally, the impact needs to be as closely related to revenue generation and profit of the core business. Invoking the argument of “reduced compliance” cost is tangible, but this is likely NOT what a CEO is looking for. A good argument would be a showcase in which ERM led to a significant change in strategy, which in turn positively impacted sales and/or profits.

Hopefully, over time the pundits will share case studies with a wider group of stakeholders. And until then, let’s keep up the good work, focus on the business opportunities when doing ERM work and stay tuned for more!

PS: this is a really comprehensive drawing…
control freak or risk taker

the pic is posted under creative common’s license