Professional Documents
Culture Documents
com
November, 2017
Agenda
1 Introducing
COSO
2 Why update
the
3 What has
changed?
4 What does
it mean for
5 More
information
Framework you?
now?
Who is COSO and what What prompted the How does this compare What does the new How to obtain a copy of
is the COSO ERM Framework update? to the 2004 COSO Framework mean for the new Framework
Framework? What was the feedback ERM Framework and you and your and obtain more
received during Public why where changes organization? information
comment? introduced?
August 2017
PwC | COSO Enterprise Risk Management – Integrating Strategy and Performance 2
www.pwc.com
Introducing COSO
COSO’s 2004
Enterprise Risk COSO and PwC have collaborated on
Management- frameworks and publications for 25 years
Integrated
Framework
is one of the
world’s most
widely used risk
management
frameworks.
www.coso.org
2012 Understanding and 2006 Internal Control over Financial 1992 Internal Control – Integrated
2013 Internal Control – Integrated 2013 Internal Control – Integrated
Communicating Risk Appetite Reporting Guidance for Smaller Public Framework
Framework Executive Summary Framework
Companies
PwC | COSO Enterprise risk management – Aligning risk with strategy & performance 4
www.pwc.com
83%
achievement of their strategy and business objectives
%
70 Notable CEO Comments:
60
52
50 Risk needs to help me look
50
44 around corners.
48 38
39
40 35
41 It’s nice that we have a risk
Pull out of an
40 39
36 37
30 register… but so what?
31 31
important statistic
29
27
20 21
There has to be more value
goes in this area
18
Global economic growth (improve) 15
10
Confidence next 12 months (very confident)
we can get from risk than
0
2004 2005
20pt Georgia (white)
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017
just a compliance program.
What’s changed?
A new framework with global input
As part of the drafting process, the Framework was made publicly available for review and comment
between June and September, 2016.
Global
Website visits interest
1 Over 24,000
website visits,
2 46% of the
downloads
over 2 million outside of
impressions the US
400/11/5
Entity
interest Engagement
3 Wide spread
interest
4 Equal interest by
private & public
companies
across
industry
• Enterprise risk management frameworks are as varied as the • The effectiveness of an enterprise risk management
organizations they support. Framework is founded on fostering, designing and
• In their infancy, many frameworks focus on increasing implementing the culture, capabilities and practices that
positive outcomes and identifying entity-wide risks. align to intended benefits.
• Boards, senior management and stakeholders are • A more detailed discussion of the benefits of ERM can be
increasingly expecting ERM to reduce performance found in the COSO Executive Summary
variability, improve resource deployment and enhance
enterprise resilience.
• This will often require that the capabilities and practices of
an organization to evolve in line with increasing
expectations.
COSO ERM Discussion August 2017
PwC 16
Question 1:
During the development of the ERM Framework, we heard repeated calls for a closer
link with risk and strategy. Do you feel:
a) it is time to get risk b) many are still trying c) this is a wasted effort
at the strategic planning to find their way in this and nothing will change
table conversation at the strategy level
• Risk frameworks should ensure • Risk capabilities should account • Management should designate
existing risk identification and for how risk ratings and appropriate roles and
assessment practices account for responses may exist and change responsibilities for the
risks occurring at different levels at different altitudes within an management of risk and
of the organization organization execution of risk responses
A compendium of Examples:
examples is also being • Governance in a Higher
developed. The proposed
Education Institution
compendium will
illustrate: • Culture in a Government Entity
• All principles • Culture in a Financial Services
Company
• A variety of entity sizes
from global through to • Strategy and Objective-Setting
national, regional, and in an Energy Company
local entities
• Strategy and Objective-Setting
• A variety of industry types in a Not-for-Profit Entity
• Actual company practices
Coming Soon…. and be augmented with
• Performance in a Consumer
Products Company
expected practices in select
areas, as needed • Performance in a Technology
Company
• Written from the
perspective of • Review and Revision in an
the business Industrial Products Company
• Risk Information in a
Healthcare Company
OR
d) I have no idea or
don’t plan to do
anything with my
program
More information
Staying involved
Dennis L Chesley
Partner
Tel: 917-348-1705
Dennis.l.chesley@pwc.com
© 2017 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each
member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should
not be used as a substitute for consultation with professional advisors.
At PwC, our purpose is to build trust in society and solve important problems. PwC is a network of firms in 157 countries with more than 223,000 people who are
committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com/us.