COSO Enterprise Risk Management

Integrating with Strategy and Performance, June 2017

This project was commissioned by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), which is dedicated to providing thought leadership through the development of comprehensive frameworks and guidance on internal control, enterprise risk management, and fraud deterrence designed to improve organi- zational performance and oversight and to reduce the extent of fraud in organizations.

Foreword

“In keeping with its overall mission, the COSO Board commissioned and published in 2004 Enterprise Risk Management—Integrated Framework. Over the past decade, that publication has gained broad acceptance by organizations in their efforts to manage risk. However, also through that period, the complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of enterprise risk management while asking for improved risk reporting. This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment.

The updated document, now titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance. The first part of the updated publication offers a perspective on current and evolving concepts and applications of enterprise risk management. The second part, the Framework, is organized into five easy-to-understand components that accommodate different viewpoints and operating structures, and enhance strategies and decision-making. In short, this update:

  • Provides greater insight into the value of enterprise risk management when setting and carrying out strategy.
  • Enhances alignment between performance and enterprise risk management to improve the setting of performance targets and understanding the impact of risk on performance.
  • Accommodates expectations for governance and oversight.
  • Recognizes the globalization of markets and operations and the need to apply a common, albeit tailored, approach across geographies.
  • Presents new ways to view risk to setting and achieving objectives in the context of greater business complexity.
  • Expands reporting to address expectations for greater stakeholder transparency.
  • Accommodates evolving technologies and the proliferation of data and analytics in sup- porting decision-making.

The figure illustrates the framework considerations in the context of mission, vision, core values, and as a driver of an entity’s overall direction and performance.

Sets out core definitions, components, and principles for all levels of management involved in designing, implementing, and conducting enterprise risk management practices.

Readers may also wish to consult a complementary publication, COSO’s Internal Control— Integrated Framework. The two publications are distinct and have different focuses; neither supersedes the other. However, they do connect. Internal Control—Integrated Framework encompasses internal control, which is referenced in part in this updated publication, and therefore the earlier document remains viable and suitable for designing, implementing, conducting, and assessing internal control, and for consequent reporting.

The COSO Board would like to thank PwC for its significant contributions in developing Enterprise Risk Management—Integrating with Strategy and Performance. Their full consideration of input provided by many stakeholders and their insight were instrumental in ensuring that the strengths of the original publication have been preserved, and that text has been clarified or expanded where it was deemed helpful to do so. The COSO Board and PwC together would also like to thank the Advisory Council and Observers for their contributions in reviewing and providing feedback.”

Robert B. Hirth Jr. (COSO Chair) and Dennis L. Chesley (PwC Project Lead Partner and Global and APA Risk and Regulatory Leader)

2017 COSO ERM: Integrating with Strategy and Performance (Executive-Summary)

The Global Risks Report 2021

Cover Global Risks Report 2021

Klaus Schwab, Founder and Executive Chairman Saadia Zahidi, Managing Director:

“In 2006, the Global Risks Report sounded the alarm on pandemics and other health-related risks. That year, the report warned that a “lethal flu, its spread facilitated by global travel patterns and uncontained by insufficient warning mechanisms, would present an acute threat.” Impacts would include “severe impairment of travel, tourism and other service industries, as well as manufacturing and retail supply chains” while “global trade, investor risk appetites and consumption demand” could see longer-term harms. A year later, the report presented a pandemic scenario that illustrated, among other effects, the amplifying role of “infodemics” in exacerbating

the core risk. Subsequent editions have stressed the need for global collaboration in the face of antimicrobial resistance (8th edition, 2013), the Ebola crisis (11th edition, 2016), biological threats (14th edition, 2019), and overstretched health systems (15th edition, 2020), among other topics.

In 2020, the risk of a global pandemic became reality. As governments, businesses and societies survey the damage inflicted over the last year, strengthening strategic foresight is now more important than ever. With the world more attuned to risk, there is an opportunity to leverage attention and find more effective ways to identify and communicate risk to decision-makers.

It is in this context that we publish the 16th edition of the World Economic Forum’s Global Risks Report. Our analysis centres on the risks and consequences of widening inequalities and societal fragmentation. In some cases, disparities in health outcomes, technology, or workforce opportunities are the direct result of the dynamics the pandemic created. In others, already- present societal divisions have widened, straining weak safety nets and economic structures beyond capacity. Whether the gaps can be narrowed will depend on the actions taken in the wake of COVID-19 to rebuild with a view towards an inclusive and accessible future. Inaction on economic inequalities and societal divisiveness may further stall action on climate change—still an existential threat to humanity.

Growing societal fragmentation—manifested through persistent and emerging risks to human health, rising unemployment, widening digital divides, and youth disillusionment—can have severe consequences in an era of compounded economic, environmental, geopolitical and technological risks. The gap between the “haves” and “have-nots” will widen further if technology access and ability remain disparate. The world’s youth have faced exceptional pressures in the past decade and are particularly vulnerable to missing out altogether on the opportunities of the next.

For business, the economic, technological and reputational pressures of the present moment risk a disorderly shakeout, threatening to create a large cohort of workers and companies that are left behind in the markets of the future. Governments, too, must balance between managing the pandemic and economic contraction, while at the same time creating new opportunities that are fundamental to social cohesion and the viability of their populations. Most critically, if environmental considerations—the top long-term risks once again—are not confronted in the short term, environmental degradation will intersect with societal fragmentation to bring about dramatic consequences. If managed poorly, these disruptions will hamper the ability of policy-makers and other leaders to act on different areas of risk.

The foundation of the report continues to be our annual Global Risks Perception Survey, completed by over 650 members of the World Economic Forum’s diverse leadership communities. In addition, the long- standing and deeply committed Global Risks Advisory Board shapes the direction of this report from its earliest stages, and provides insight throughout the writing process. Over the last year, we have also expanded our efforts around risk and resilience for decision-makers and for the broader global community. A new Global Future Council on Frontier Risks capitalizes on its diverse and forward-looking membership to inject fresh thinking into efforts to understand and mitigate future risks and to amplify weak signals of coming disruptions in the decades ahead. Their ideas are featured in the postscript on Frontier Risks. A new Chief Risk Officers community brings together leaders in this role in the private sector and major institutions to share methods and views to collectively enhance capability.

We are ever grateful to our long-standing partners in the report’s development, Marsh McLennan and Zurich Insurance Group. We welcomed a new partner this year, SK Group, to whom we owe a debt of gratitude for the valuable inputs provided. We are also grateful to our academic partners: the National University of Singapore, the Oxford Martin School at the University of Oxford, and the Wharton Risk Management and Decision Processes Center at the University of Pennsylvania. Insights from a wide set of experts from the public and private sectors can also be found in these pages.

Complementing the Global Risks Practice, the World Economic Forum hosts major platforms dedicated to action on building a new economy and society, mobilizing for the climate, managing and disseminating Fourth Industrial Revolution technologies, shaping industry transformations, and enhancing global and regional cooperation. These platforms, and the leaders, networks and organizations they host, apply the findings of this report in their efforts to tackle the world’s greatest challenges—managing risks, building resilience and leveraging new opportunities. Such an integrated approach has never been more critical than at present, as the world moves beyond managing the pandemic to resetting our current systems and building back better economies and societies with people and the planet at the centre of our efforts.”

World Economic Forum:The Global Risks Report 2021