COSO Plan Adoption
The most powerful recommendation from the readings and research is every company should have Enterprise Risk Management (ERM). The Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides instructions for startup of ERM. It gives guidance; however, it does not provide steps for implementation. These three steps have been successful: 1) keys to success, 2) initial action steps, and 3) continuing ERM implementation (Steinbeg, 2011, pg. 36).
According to COSO, “enterprise risk management is a process, affected by an entity’s board of directors, management, and other personnel. It is designed to identify potential events that may affect the entity, and manage risk to be within the risk appetite. Also it provides reasonable assurance regarding the achievement of entity objectives” (Beasley, Branson, & Hancock, 2010, pg. III). Companies need to embrace ERM to help avoid business risks and determine how much risk it can handle.
Risk oversight of an organization is highly important. It could make or break the organization. Risk oversight involves the organization’s board of directors overseeing management to ensure they have a process of monitoring risks and updating that process. Management along with the board of directors must have an understanding of the amount of risk the organization will pursue to have an effective process. Two steps to avoid risk oversight are reporting regularly on its process and agreeing with management on the type of risks recognized as high priority.
A COSO ERM Framework survey was conducted with 460 people responding. It was found that most companies’ ERM process still needs some or much work, and he or she was dissatisfied with their risk oversight system. Although top level of management is communicating, there is lack of structure and road maps for implementation (Beasley, Branson, & Hancock, 2010). The respondents stated that they needed more instructions on implementing ERM. Their...