Standards

The COSO ERM Framework and ISO 31000 are the two most widely used standards for ERM. Although they are separate guidance documents issued by different standard-setting entities, they share some common characteristics. Both of the documents reflect the evolution of risk management over the past decade, recognizing risk management’s move from a separate and at times departmentalized activity to an integrated management competency. Additionally, rather than view risk management as a periodic risk assessment and modification activity, both revisions emphasize that managing risk is an integral part of decision-making throughout an organization and vital for carrying out its mission and improving performance. Both revisions also recognize that risk and uncertainty are important considerations as leaders form strategy, run operations and deliver project initiatives. Risk Management Magazine, June 2018