Another Framework: COSO ERM
THE ORIGINAL 1992 RELEASE OF the COSO internal control framework almost immediately pointed to other related areas where consistent definitions and internal controls guidance were lacking. One of these was risk management, a concept that had been receiving multiple and sometimes inconsistent definitions and interpretations by various industry groups. This was prior to the 2002-era SOx rules, when some public accounting firms began to call themselves risk management professionals, although many did not appear to have a clear understanding of what was meant by risk management. To try to develop a consistent enterprise risk management definition, COSO contracted with the same developers of the original COSO internal control framework, PricewaterhouseCoopers, to develop a common consistent definition for risk management. The result was the COSO enterprise risk management or COSO ERM framework released in 2004.
This chapter introduces COSO ERM and explains how to use this framework as a supplement to understanding and working with the new, revised version of the COSO internal control framework, as discussed in previous chapters. On first inspection, COSO ERM almost looks and feels like the COSO internal control framework. When it was first released not that many years after the original 1992 COSO internal control framework, many professionals viewed it as almost a new version or some form of supplement to the COSO internal controls. However, it ...