The COSO Framework for Internal Control
April 3, 2025
Internal frauds are a big part of the operational risk faced by any organization. This is truer of multinational companies who have business interests in various countries across the globe. This is because there are thousands of people in important positions making business decisions on behalf of the company. Hence, ensuring that all these employees…
Insurance is one of the most regulated industries in the world. Also, there are multiple players which offer every type of insurance. As a result, the competitive pressures are very high. This ensures that the insurance companies are not able to charge exorbitant premiums. Almost every insurance company across the world is a price taker…
Credit derivatives are the most important financial innovation in the field of credit risk management. These derivative instruments have been created quite recently. They have only been traded for a couple of decades as compared to other instruments like stocks and bonds which have been around for centuries. Within this short period of time, credit…
The CAS committee on Enterprise risk management has given the following definition of the same - ‘The discipline by which any organization in any industry assesses, controls, exploits, finances and monitors risk from all the sources for the purpose of increasing organizations short-term and long-term value to its stakeholders’.
In simpler terms enterprise risk management includes all the tools and processes employed by an organization to manage and control risks and grab more opportunities in the market place. It provides a framework for better risk management.
Enterprise risk management starts with identification of events that are of relevance to the organization, the risks and opportunities. These events are evaluated on the basis of their impact and probability of occurrence and a strategy is designed to counter or meet the same; all this to add more value to stakeholders.
It is an approach where in risk is looked upon as an opportunity and at the same time is monitored such that it may not affect an organization to a large extent.
Typically the following four strategies, called as ‘risk response strategy’ are adopted by organizations while facing a risk.
Conceptual Framework: ERM in the table below has been conceptualized in two dimensions, one showing the types of risk and other the various risk management process steps.
ERM Framework | ||||
Process Steps | Types of Risk | |||
Hazard | Financial | Operational | Strategic | |
Establish Context | ||||
Identify Risks | ||||
Analyze/Quantify Risks | ||||
Integrate Risks | ||||
Assess/Prioritize Risks | ||||
Treat Risk | ||||
Monitor and Review |
A brief explanation of the various kinds of risk is as follows:
Hazard Risk: Natural disasters, liability damages, Property damages due to fire, tornado etc, injury or illness to its employees.
Financial Risk: Risks like foreign exchange risk, commodity risk, pricing risk, asset risk, liquidity risk.
Operational Risk: labor relations, customer satisfaction, product failure etc.
Strategic Risk: Competition, fluctuation in demand and market price, regulatory and political trends, social trend, capital availability.
The other dimension of the table carries the steps of entire risk management process. The process starts from an understanding the conditions in which organization operates (Establishing context). In the next stage various threats are identified (Identifying threats) proceeded by analysis of risks.
The risks are then integrated and prioritized. In the penultimate stage strategies are designed for controlling risks (Treat Risk). Finally, the risk environment is continually monitored and the strategies are evaluated.
Organizations have various departments and functions that identify, manage and deal with different risks. These risk functions or departments vary in capability and coordinates in a unique fashion with other functions. The entire task of enterprise risk management revolves around improving or enhancing this coordination. Finally stakeholders need a cohesive picture which is provided as the output of enterprise risk management. ERM thus, enables and improvises organization’s ability to deal with risks better.
Your email address will not be published. Required fields are marked *