All organizations take future planning seriously. They look at trends in their industries, market dynamics, product or service development, and other issues that will affect their ability to grow and thrive in their industry sphere.
But when the Committee of Sponsoring Organizations of the Treadway Commission (COSO) looks into the future, it examines all industries and takes a top-to-bottom view of the organizational hierarchy.
COSO’s view starts with the integrity of accounting and finance systems, moves to the quality of internal controls, and then considers the value of placing a risk-aware culture throughout the entire enterprise―including into the boardroom.
COSO is now planning a number of 2018 activities to coincide with rolling out its recently updated ERM framework, “Enterprise Risk Management – Integrating with Strategy and Performance.”
These will include foreign-language translations of the framework, case studies to add to an understanding of how the framework can be used, and white papers on ERM-related issues such as cybersecurity, digitization, and the Internet of Things.
The committee will add a certificate program for ERM that is one step down from a CPA-like full certification program.
It will also be broadening the scope of ERM by building on a partnership with the World Business Council for Sustainable Development. The goal: to add corporate sustainability to the ERM processes of the world’s enterprises.
ERM & Sustainability
Enterprise sustainability fits comfortably within an ERM culture, says Bob Hirth, current COSO chair and a senior managing director for Protiviti.
“At its best, ERM is an ongoing process and a culture that lives throughout an organization, and it can benefit private as well as public companies and organizations.
“Sustainability of natural resources is important for the public good, of course,” he says. “But a sustainability problem can become a serious risk for an organization. Think of a food contamination for a wholesale supplier, and how that can damage a company’s reputation, as well as its bottom line. Or the penalties a company can incur for not treating toxic waste properly.”
Hirth says that risk awareness should permeate the highest levels of an organization, and should be factored in with strategic planning.
“Strategic planning means defining objectives in the context of a company’s mission, goals and values,” he says. “Those objectives must include metrics, and they must also take into account any relevant uncertainties.
“That’s where risk-awareness comes in. That’s where the process of identifying risks can bring sustainability issues to the surface. And no one needs to be reminded that we live in an imperfect world where things can change quickly.”
Challenges in 2018
In addition to rolling out ERM and sustainability programs in 2018, COSO is also considering how to help member organizations navigate some important challenges:
Ever-greater volumes of data will be available for analysis by organizations in all industries. Making the most of that will likely require advanced analytical and data visualization tools.
Artificial intelligence and automation
These tools will be able to uncover relationships, trends, and patterns that were previously hidden. But Hirth notes that it will be important the tool designs be carefully vetted as they take on greater and greater responsibilities.
Managing the cost of risk management
Hirth notes that ERM typically does not require major new investment. “Well-run companies are usually already doing a good measure of risk management in their normal processes,” he says. “For them, moving the ERM commitment up a notch will be more of an incremental spend.”
This comes as organizations integrate ERM into their culture and into their strategic planning. “This way, the organization can put in place capabilities for acting quickly, ahead of the potential problem,” says Hirth. “That can help them open up new opportunities that they might otherwise bypass.”
Read this blog next to learn how COSO's latest update can help with your organization's strategic planning.