Enterprise risk management is getting remodeled. Late last year, the Committee of Sponsoring Organizations (COSO) released a draft of its updated internal control framework, designed to improve the framework developed in 1992. The revision adds 17 principles, such as “holding individuals accountable for their internal control responsibilities,” “selecting and developing controls that help mitigate risks” and “evaluating and communicating deficiencies to those responsible for corrective action.”
COSO’s model has been criticized for failing to prevent the frauds and restatements seen over the last decade. Now the question is whether the proposal, developed by PWC, addresses the framework’s shortcomings.