Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorNewsBreadcrumb SeparatorPress ReleasesBreadcrumb SeparatorCOSO Seeks Public Comment on Update To Enterprise Risk Management – Integrated Framework

For Immediate Release
Jun. 14, 2016

Suzanne Dawson
S&C Public Relations Inc.
(646) 941-9140 (office)
(908) 242-7162 (cell)

Robert Perez
The Institute of Internal Auditors
(407) 937-1247 (office)
(386) 956-8328 (cell)

COSO Seeks Public Comment on Update To Enterprise Risk Management – Integrated Framework

Revisions Address Changes in Business Environment, Risks, Call for Public Comment June 15-Sept. 30

NEW YORK, June 14, 2016 -- In response to the importance of risk management as well as growing complexity and speed of risk over the past decade, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) unveiled an update to its Enterprise Risk Management – Integrated Framework and is seeking public comment of the proposal, beginning tomorrow, June 15.

The update, Enterprise Risk Management — Aligning Risk with Strategy and Performance, is designed to address the needs of all organizations to improve their approach to managing new and existing risks as a way to help create, preserve, sustain and realize value.

COSO, which provides thought leadership and guidance on internal control, enterprise risk management, and fraud deterrence, released the original ERM Framework in 2004. Today, it is used widely to enhance an organization’s ability to manage uncertainty, gauge risk, and increase stakeholder value. However, significant new risks have emerged since the Framework was released, demanding heightened board awareness and oversight of risk management as well as improved risk reporting.

“As we’ve seen the Framework applied in practice, we’ve recognized that it has the potential to be used more extensively,” said Robert B. Hirth Jr., COSO Chair. “We realized that certain aspects would benefit from more depth and clarity, as well as greater insight into the links between strategy, risk and performance.”

The update reflects the critical importance of the connection between strategy and performance, offers perspective on current and evolving concepts and applications of enterprise risk management, and updates the core definitions of risk and enterprise risk management. One of the most significant enhancements is the introduction of components and supporting principles that reflect the evolution of risk management thinking and practices.

“The COSO board believes the redefined components and principles will provide organizations with direction for all levels of management in designing, implementing, and conducting enterprise risk management practices,” Hirth said.

Enterprise Risk Management — Aligning Risk with Strategy and Performance also updates the importance of enterprise risk management’s role in strategic planning and emphasizes how critical it is to embed risk management practices across all departments and functions of an organization.

COSO engaged PwC, author of the original 2004 Framework, to lead the update to the Framework under direction of the COSO Board. The COSO Board also formed an Advisory Council comprising representatives of industry, academia, government, and nonprofit organizations to provide input as the project progresses.

“Enterprise risk management has evolved significantly since 2004 and stands at the verge of providing significant value as organizations pursue value in a complex and uncertain environment,” said Dennis Chesley, PwC's Global Risk Consulting leader and lead partner for the COSO ERM effort. “This update more clearly connects enterprise risk management with a multitude of stakeholder expectations, establishes the relationship between risk and strategy, positions risk in the context of an organization’s performance, and helps organizations anticipate so they can get ahead of risk and embrace a mindset of resilience.”

COSO has expanded its website,, with a section on the Framework update that includes the proposed Framework, survey and comment tools, and FAQs about the project, details of the most significant updates and how to respond to the survey. The site also includes a video that features four members of the Advisory Council addressing the ERM update process and the importance of obtaining input from a variety of risk professionals about the proposed changes. Public comment will be accepted June 15 through Sept. 30, 2016. Written comments on the exposure draft will become part of the public record and will be available on the COSO website through Dec. 31, 2016.

“Risk cannot be viewed as a potential constraint or challenge to executing a strategy,” Hirth said. “Rather, how an organization copes with risk offers strategic opportunities. This update answers the call for improved culture, capabilities and practices integrated with strategy setting and its execution.”


About COSO
Originally formed in 1985, COSO is a voluntary private sector organization dedicated to improving organizational performance and governance through effective internal control, enterprise risk management and fraud deterrence. COSO is jointly sponsored by the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), the Institute of Management Accountants (IMA), and The Institute of Internal Auditors (IIA). For more information, visit

About PwC
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 208,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see for further details.

© 2016 PwC. All rights reserved.