WHAT IS COSO’s model?
COSO (Committee of Sponsoring Organizations of the Treadway Commission) is an organization made up of private organizations, established in the USA, dedicated to providing a common model of guidance to entities on fundamental aspects of:
- • executive management and governance,
- • business ethics,
- • internal control,
- • business risk management,
- • fraud deterrence, and
- • financial reporting.
COSO’s model evolution:
1992: Internal Control – Integrated Framework (Report COSO or COSO I) was published as an integrated framework in order to help companies to evaluate and improve their internal control systems.
2004: COSO’s model ERM (Enterprise Risk Management – Integrated Framework) or COSO II was published, allowing companies to improve their internal control system through a fuller process of risk management.
2013: COSO III was published, updated in the COSO ERM 2017 model, which improves the Integrated Framework allowing greater coverage of the risks that organizations face. Presentation of COSO ERM 2017 model
Discover how GRC software can help you improve your organization
Representation of the COSO ERM Model 2017
Fuente: coso.org presentación “2017 ERM Slide Presentation”
Components of the COSO Model INTERNAL CONTROL RISKS:
What is the ERM Enterprise Risk Management methodology?
Enterprise Risk Management (ERM – Enterprise Risk Managementis a plan-based business strategy that aims to identify, assess, and prepare for any risks or events that may affect, both positively and negatively, an organization’s operations and objectives.
The objective of the ERM is to assess the risks relevant to the company (financial, strategic and operational), prioritize those risks and make informed decisions on how to manage them. The risk management plans they create estimate the impact of various threats and describe possible responses if one of these threats materializes.
An effective ERM process should be an important strategic tool for business leaders. Knowledge about the risks arising from the ERM process should be an important input to the organization’s strategic plan.
Because risks are constantly emerging and evolving, it is important to understand that ERM is a process that must be active and alive, with continuous updates and improvements.
The structure of the corporate risk management framework applies regardless of the size of the institution or how an institution wishes to categorize its risks, and is designed to help management and boards of directors properly manage the following main aspects:
- Identification of all risks that may affect the strategy and business operations, and the interrelationship between them.
- Acceptable level of risk.
- How to manage risks (culture, governance and policies).
- How to obtain the necessary information to manage risks.
- How to control risks.
- How to measure and evaluate the different risks.
- What a response to the risks.
- Which tests of response to harmful scenarios are most appropriate.
One of the main models developed for effective enterprise risk management (ERM) is currently the COSO ERM Model 2017.
Benefits for organizations:
In GlobalSuite Solutions we have the GlobalSuite® software,entirely developed by our team, which allows the implementation, management and maintenance of a Risk Management System based on the established objectives, likewise, allows the evaluation and monitoring of the treatment of the defined risk.