Support Learning and Insight

It’s more important than ever to understand the challenges facing financial executives. Support the Financial Education & Research Foundation today.

Compliance

FEI Working Group Helps Shape New COSO ERM Framework

The September 2017 article, “New COSO Framework Embeds Risk Management Throughout the Enterprise”, highlighted The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) recently released updated ERM Framework: Enterprise Risk Management – Integrating with Strategy and Performance. In this follow-up article, we outline the successful comment letter the FEI COSO Working Group submitted in September 2016. Comment letters are just one of the methods FEI’s Technical Committees and Working Groups utilize to ensure the views of our finance and accounting professionals are considered.
 
As one of the original five sponsoring organizations of COSO, FEI established a working group in the summer of 2016 to review and provide feedback via a comment letter on the COSO ERM Exposure Draft. This group was comprised of FEI technical committee representatives with a deep understanding of, and passionate interest in, the topic of Enterprise Risk Management. Committees involved included the Committee on Governance, Risk and Compliance (CGRC), the Committee on Finance & IT (CFIT) and the Committee on Corporate Reporting (CCR).
 
Their letter represented the collective views of the working group and many of the points helped shape the final COSO ERM document. Specific recommendations in the final comment letter included.
  1. Expectations for Usage and Reporting – While the group understood the documents intent was to provide principles-based guidance for an ERM framework, they recommended the language be enhanced further to highlight that the ERM principles were not mandatory, nor do they require an assessment from the Board of Directors or Executive Management.
 
  1. Innovation Risk / Opportunity to take Risk – The group felt the general tone of the draft came across as more focused on avoiding or addressing risks that might lead to a loss (i.e., predominant focus on downside risk). While these elements are important, they recommended the wording be enhanced to reflect the risks associated with not addressing innovation and disruption and should align with text that also highlights the opportunity to look for areas where the entity should embrace risk, and aggressively exploit the upside of calculated risks.
 
  1. Outline of Accountability – While the working group generally agreed with the documents approach, the direct manner in which accountabilities are described may be excessive and potentially lead to undesirable conflict or disagreement within organizations. As an example, “The Board of Directors (BoD) is responsible for risk oversight.” This responsibility will likely differ based on entity type, jurisdiction and local law and therefore, it was recommended that the final document address and modify such overly specific language where phrasing was too strong or may not be applicable. The group felt that many organizations would not agree that draft wording aligned with current business.
 
  1. Length of Document – The working group felt the comprehensive nature of the exposure draft was a strength. However, there was consensus that an opportunity to meaningfully shorten the length existed. They recommended the document be streamlined to avoid redundancy, reduce the introduction of basic concepts, remove elements not directly related to an ERM framework, and move certain information into the appendix.
 
  1. Usage of Common Business Language – The group felt the draft document was written for an audience with a solid working knowledge of ERM. Therefore, the group recommended COSO assess the intended audience for the final document and potentially address wording used to better link common business language to the stated ERM principles.
 
The overall sentiment from the working group was that by utilizing their ERM program to contribute to the achievement of strategic goals, companies would transform risk from a check-the-box compliance function to a value add strategic advantage.
 
FEI’s CGRC continues to examine the framework and will provide further insights in the weeks and months ahead.