“Natural Selections†September 2017: Not another article on COSO ERM?
Don’t worry, this is brief - and practical. The just-released COSO ERM framework has many good attributes (strategy, culture, appetite etc) which leading risk advisors have been talking about for some time, though it’s useful to have them in a single place.
However, let’s be honest, COSO (and risk, assurance etc) can be a little ‘dry’? Many of my client enquiries are based around the plaintive question: “How can I get the board interested in my risk register?â€
The answer never varies: methodologies are not engaging, but we should be. For example, COSO is an excellent fraud risk management framework, and fraud is an interesting means of explaining the value of risk management in general.
We who advise on risk, assurance etc need to be advocates - drawing on our war stories (the failures always being the funniest) and giving practical advice in order to be successful. COSO ERM is good stuff but will not advance good assurance on its own.