Enterprise risk management is getting remodeled. Late last year, the Committee of Sponsoring Organizations (COSO) released a draft of its updated internal control framework, designed to improve the framework developed in 1992. The revision adds 17 principles, such as "holding individuals accountable for their internal control responsibilities," "selecting and developing controls that help mitigate risks" and "evaluating and communicating deficiencies to those responsible for corrective action."

COSO's model has been criticized for failing to prevent the frauds and restatements seen over the last decade. Now the question is whether the proposal, developed by PWC, addresses the framework's shortcomings.

Tim Leech, managing director at Canadian consultancy Risk Oversight, is skeptical. "Since the 1992 framework, there have been thousands of control failures [at companies] and all of them were certified by the auditors as having sound risk management systems." The framework is too limited in scope, he adds. "It doesn't deal at all with forward risk."

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

  • Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
  • Exclusive discounts on ALM and Treasury & Risk events.
  • Access to other award-winning ALM websites including PropertyCasualty360.com and Law.com.

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.