Chapter 8
Integrating ERM with COSO Internal Controls
Often confused by their similar names and the same sponsors, Committee of Sponsoring Organizations (COSO) Internal Controls and COSO Enterprise Risk Management (ERM) represent two different approaches to understanding internal controls and processes in today's enterprise. While much of this book has discussed COSO ERM, this chapter will take a deeper look at the COSO internal controls framework, first highlighted in Chapter 4, and its risk-related relationships with COSO ERM. Professionals need to recognize that these are two similarly named but rather different frameworks or models. All too often and almost up to the present, many have referred to the COSO internal controls framework as just “COSO” with no reference to the similarly named but different COSO enterprise risk management or ERM framework.
Prior chapters have primarily referenced the COSO internal controls framework in contrasting it to COSO ERM. This chapter will dig a bit deeper and provide a more detailed look at the components and objectives of the COSO internal controls framework as well as some background on its origins. Since the COSO internal controls framework has a risk component, we also will discuss that element's relationship to COSO ERM. An overall objective of this chapter is to describe how managers can use and apply effective enterprise risk management practices when building strong COSO internal control practices.
COSO Internal Controls Background ...
