CHAPTER 7ERM Frameworks
FRANK MARTENS, CPA, CA
Principal, Pacific Rim Risk Management Services Ltd
CARMEN ROSSITER, CPA, CA, ICD.D
Program Director, Centre in Governance, Risk Management and Control Schulich Executive Education Centre, York University
INTRODUCTION
A framework is essential to successful enterprise risk management (ERM) implementation. There are many frameworks available but two of the most widely used are: ISO 31000:2018, Risk management—Guidelines and The Committee of Sponsoring Organizations of the Treadway Commission (COSO), Enterprise Risk Management—Integrating with Strategy and Performance.
Those frameworks provide useful guidance and we recommend using the best of both. Nevertheless, while generally accepted frameworks are a useful starting point, they are generic by their nature. The most successful organizations tailor their own framework to recognize their unique culture and operating environment in addition to supplementing it with the other key building blocks of effective enterprise risk management.
FRAMEWORKS AND THEIR IMPORTANCE
The Merriam-Webster dictionary defines “framework” as a:
- Basic conceptional structure (as of ideas)
- Skeletal, openwork, or structural frame.
In our context, a framework is an accumulation of ideas and concepts. It acts as a common frame of reference. It is an essential, just like the body's skeleton or the frame of a house.
A framework provides a point of reference—a compass on your enterprise risk management ...
Get Enterprise Risk Management, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
