Just as corporate managements are working diligently to deal with COSO’s updated internal control framework, particularly in connection with assessing their control systems for reporting under Section 404 of Sarbanes-Oxley Act, we hear that COSO is embarking on another project: to update the enterprise risk management framework.
COSO says the update aims “to enhance the Framework’s content and relevance in an increasingly complex business environment, so that organizations worldwide can attain better value from their enterprise risk management programs.” It adds that since the framework was issued in 2004, we’ve seen practice evolve, lessons learned, business environments become more complex and technologically driven, and stakeholders more engaged. There’s no question this is the reality.
