COSO Enterprise Risk Management Framework
The COSO Enterprise Risk Management framework was published in 2004 by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). It defines Enterprise Risk Management as “ a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives”.
COSO Enterprise Risk Management framework has its own merits and legacy in United States of America especially after the Sarbanes-Oxley Act was in effect. It originates from COSO Internal Control Framework, published in 1992 which had been used widely throughout the world by many large organizations in managing their internal control framework. Some have seen COSO Enterprise Risk Management framework is the expansion of COSO internal control framework, a thought that deserves on its own standing especially from the accounting and auditing professionals point of view.