Sponsoring Organizations:

COSO Enterprise Risk Management — Aligning Risk with Strategy and Performance


​In October 2014, COSO announced a project to review and update the Enterprise Risk Management–Integrated Framework. The Framework is widely accepted and used by management and boards to enhance an organization’s ability to manage uncertainty, consider how much risk to accept, and improve understanding of opportunities as it strives to increase and preserve stakeholder value.

COSO engaged PwC as author of the update. PwC has received valuable input from the COSO Board, its Advisory Council, and many stakeholders through an on-line survey conducted from October to December 2014 and since that time. The revised Framework updates the core definitions of risk and enterprise risk management as well as the components of enterprise risk management. One of the most significant enhancements is the introduction of principles that reflect the evolution of risk management thinking and practices. The COSO B​oard believes the redefined components and principles will provide organizations with direction for all levels of management in designing, implementing, and conducting enterprise risk management practices.

The new title, Enterprise Risk Management—Aligning Risk with Strategy and Performance, recognizes the increasing importance of the connection between strategy and entity performance. The updated content offers a perspective on current and evolving concepts and applications of enterprise risk management. COSO also believes the proposed Framework will provide organizations with significant benefits – for example, it provides greater insight into strategy and the role of enterprise risk management in the setting and execution of strategy, enhances the alignment between organizational performance and enterprise risk management, and accommodates expectations for governance and oversight. This update addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk in today’s complex business environment.

Beginning on June 15, 2016, COSO invited the public to review and provide comments on the proposed Framework. The comment period closed September 30, 2016. COSO thanks all individuals and organizations who provided comments during this period.​