COSO has produced a new “thought paper” on risk management, offering ideas on how companies can raise their game with respect their particular approach to enterprise risk management.

With the help of Deloitte & Touche to author the paper, COSO provides some ideas for corporate leadership on risk assessment approaches and practices that it says have emerged as the most helpful for key decision makers. Titled Risk Assessment in Practice, the paper focuses specifically on the risk assessment process to help companies better determine how big or small their risks are and to help management focus attention on the most important risks and opportunities. The paper applies the principles of the Enterprise Risk Management -- Integrated Framework that COSO published in 2004.

According to Patchin Curtis, a director at Deloitte and co-author of the paper, risk assessment is focused on measuring and prioritizing risks so that risks are managed within defined tolerances, but not over-controlled or squelching desirable opportunities. "To accomplish this requires a risk assessment process that is practical, sustainable, easy to understand, and right-sized for the enterprise," she says in a written statement.

The thought paper outlines a risk assessment process that develops risk assessment criteria, assesses risks, assesses the interactions of risk, and prioritizes the risks. COSO says the paper also addresses how to put the process into practice in a simple, practical way. 

COSO is putting the finishing touches on its project to update its Internal Control--Integrated Framework, but chose not to integrate its ERM framework into the internal control framework as part of the internal control framework. The thought paper instead offers some separate ideas on how to put risk assessment practices into place. 

"ERM is a young discipline that is continuing to evolve," said COSO Chairman David Landsittel in a statement. The new risk assessment publication builds on COSO's existing ERM guidance by helping executives build a more robust risk assessment process, he said. It also provides an understandable discussion that will assist board members in their oversight responsibilities, according to Landsittel.

The paper is available for free download via the COSO website.

Topics