Enterprise Risk Management ERM Strategy

COSO ERM Framework Update

COSO ERM Framework

The COSO ERM Framework is one of the best established and most widely used ERM frameworks. Whilst becoming the quasi-standard after its publication in 2004, the framework started getting a little long in the tooth. COSO and PWC just published the “COSO ERM Framework Update”, 2017 version with some fanfare.

COSO ERM 2017 update
Updated COSO ERM Framework
Why update?

Since the original publication in 2004, the risk landscape has evolved dramatically. Back then, big data and cyber were not yet buzz words and the global financial crisis (which wasn’t “global” after all….) was far away. Secondly, practitioners realised that the true value of ERM becomes evident only if companies link ERM to their strategic considerations. Finally, the notion that risk also means opportunity, i.e. ERM is about capturing upside and mitigating downside, gained more traction.


The executive summary released by COSO is a hefty 16 pages long. At first glance, this violates every possible rule of “how to write an executive summary”. Maybe it is a symptom of how complex the overall risk and opportunity landscape has become?

I will publish a series of blog posts going a little deeper into the changes that the new framework brought. Stay tuned for more blog posts on Megrow Consulting’s website.


Copyright of the picture is with COSO.