Enterprise risk management is getting remodeled. Late last year, the Committee of Sponsoring Organizations (COSO) released a draft of its updated internal control framework, designed to improve the framework developed in 1992. The revision adds 17 principles, such as "holding individuals accountable for their internal control responsibilities," "selecting and developing controls that help mitigate risks" and "evaluating and communicating deficiencies to those responsible for corrective action."

COSO's model has been criticized for failing to prevent the frauds and restatements seen over the last decade. Now the question is whether the proposal, developed by PWC, addresses the framework's shortcomings.

Tim Leech, managing director at Canadian consultancy Risk Oversight, is skeptical. "Since the 1992 framework, there have been thousands of control failures [at companies] and all of them were certified by the auditors as having sound risk management systems." The framework is too limited in scope, he adds. "It doesn't deal at all with forward risk."

Continue Reading for Free

Register and gain access to:

  • Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
  • Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.