COSO RISK MANAGEMENT FRAMEWORK: EVOLUTION AND TRANSFORMATION
Abstract
The main purpose of writing this article is to study and analyze the COSO framework as well as published papers about this standard. The views of foreign scientists on the effectiveness and appropriateness of the implementation of the COSO framework by organizations are analyzed. The features and main characteristics of the model are highlighted, the possibilities and limitations contained by the implementation of the COSO framework are identified and analyzed. The features of the evolution and transformation of the model are determined and presented, the stages of the development of the COSO framework are characterized. Thus, four main stages in the evolution of the COSO framework can be distinguished: the first stage from 1985 to 1991 is characterized by the creation of the Committee as such and the beginning of the development of the original COSO framework. Then, in 1992, the Original framework is published, and a period of active use and dissemination begins, which lasted until 2012. In 2013, an improved (compared to the original) framework – COSO II – is released, which takes into account the growing role of non-financial reporting. The development of the “modern” framework continued from 2013 to 2016. The latest model at the moment was presented in 2017. The “modern” COSO framework is analyzed, its features and characteristics are highlighted main of which are: taking into account the ever-increasing impact of technology on risk management strategies and approaches; emphasis on the implementation of the risk management function both in strategic planning and in current activities; introduction of a “risk curve”, which demonstrates a new approach to determining and assessing the relationship between high risk and the degree of effectiveness. Thus, a “modern” framework can prevent and manage all of the new-type risks (such as cyber risk, for example). The fact of using COSO as a basis for new documents about internal control proves that COSO implementation is a good option for effective risk management organization, that it has much more opportunities, than limitation. As a result of the study, it should be noted, that despite some limitations, the COSO framework is definitely a good option for organizations to use, which will allow them to build a rigorous and efficient internal control system. For some entities (such as public sector organizations or start-ups) the application of the COSO framework may be more difficult, but the positive effect of using the framework whatever will be. The limitations, which were mentioned in the article, should take into account in order to ensure the highest efficiency of its application.
References
Leitch M. Why the COSO Frameworks Need Improvement / Leitch // IRMI. 2005. URL: https://www.irmi.com/articles/expert-commentary/why-the-coso-frameworks-need-improvement
Офіційний веб-сайт Комісії Тредвея [COSO]. URL: https://www.coso.org/Pages/aboutus.aspx
Committee of Sponsoring Organizations of the Treadway Commission [COSO]., Internal Control — Integrated Framework – Executive Summary / Committee of Sponsoring Organizations of the Treadway Commission [COSO]. 2013. URL: https://www.coso.org/Documents/990025P-Executive-Summary-final-may20.pdf.
Committee of Sponsoring Organizations of the Treadway Commission [COSO]. Enterprise Risk Management – Integrating with Strategy and Performance – Executive Summary / Committee of Sponsoring Organizations of the Treadway Commission [COSO]. 2017. URL: https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf
Kouns, J. Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams. / J. Kouns, D. Minoli. 2011. URL: https://www.researchgate.net/publication/290912733_Information_Technology_Risk_Management_in_Enterprise_Environments_A_Review_of_Industry_Practices_and_a_Practical_Guide_to_Risk_Management_Teams.
Leitch, M. (2005). Why the COSO Frameworks Need Improvement. Retrieved from IRMI. Access: https://www.irmi.com/articles/expert-commentary/why-the-coso-frameworks-need-improvement
Official website of Committee of Sponsoring Organizations of the Treadway Commission [COSO] - Access: https://www.coso.org/Pages/aboutus.aspx
Committee of Sponsoring Organizations of the Treadway Commission [COSO]. (May 2013), Internal Control — Integrated Framework – Executive Summary. Access: https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf
Committee of Sponsoring Organizations of the Treadway Commission [COSO]. (June 2017), Enterprise Risk Management – Integrating with Strategy and Performance – Executive Summary. Access: https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf
Kouns, J., & Minoli, D. (2011). Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams. John Wiley & Sons. Access: https://www.researchgate.net/publication/290912733_Information_Technology_Risk_Management_in_Enterprise_Environments_A_Review_of_Industry_Practices_and_a_Practical_Guide_to_Risk_Management_Teams
