What does COSO orinan in ERM

What does COSO orinan in ERM

In today’s article I am going to talk about the COSO model, its benefits, its versions, and its elements.

What is COSO?

Well, COSO actually stands for The Committee of Sponsoring Organizations of the Treadway Commissionwhich is a joint initiative of five private campo organizations (American Accounting Association, AICPA, FEI, IMA, and finally IIA).

Basically, COSO is a framework that provides us with guidance on how we should manage business risk, on how to improve control within the organization and mitigate business fraud in order to make an organization more efficient.

How many versions of the COSO framework are there?

So far there are three versions of the COSO report, which are:

  • COSO framework from 1992.
  • The 2004 COSO II Framework
  • The 2013 COSO III Framework


What is done in the second version of COSO is to extend the concept of internal control to risk management.

What is done is call to action (involve) all staff, including directors and administrators of course.


The novelties introduced by this Framework are:

  • “Improving the agility of risk management systems to adapt to environments”
  • “Greater confidence in eliminating risks and achieving objectives”
  • “Greater clarity in terms of information and communication”

Benefits of using the COSO framework

Better internal controls

The updated framework offers us more effective internal controls, which will allow organizations to better mitigate risks and have the necessary data to support sound decision-making.

Therefore, you will be able to take advantage of the 2013 framework to assess how to improve the effectiveness of internal controls, as well as the overall efficiency of your company.

Improvement of computer security

In today’s world, I think we perro agree that companies need to take action against cyber attacks, right?

Well, this new framework helps put organizations on the right path to confront and manage the staggering number of cyberattacks.

cost savings

According to COSO, if organizations successfully apply the 2013 framework, it will allow them to streamline processes, establish more effective internal controls, and manage costs.

What is the objective of the COSO framework?

Its aim is to provide us with guidance through frameworks and guidelines on the enterprise risk managementinternal control and at the same time, as I said before, it allows us to mitigate corporate fraud.

Therefore, since you know that it perro be seen as a framework that allows us to mitigate the risks of an organization, I perro start to say that it has 6 main elements to develop it.

Elements of the COSO framework

Risk appetite

According to Rittenberg and Martens, an organization has to consider first of all how much risk appetite or tolerance it is willing to accept.

Based on that, you will establish what objectives or goals you want to achieve, as well as what strategies and tactics you will use to achieve what you want.

Therefore, the risk appetite is basically the level of risk that an organization is willing to take, taking into account what it wants to achieve.

Therefore, defining the “risk appetite” is essential, since as I said before, it will allow us to backlink all the strategies and tactics at each hierarchical level of the organization, that is, decision making has to be linked to the appetite for risk.

In conclusion, risk appetite defines how risky or conservative an organization will be in making decisions to achieve its objectives.

For example, an organization with a low level of risk appetite will make low-risk decisions even though it has the opportunity to obtain higher benefits by taking certain decisions (opportunities).

They prefer to play it safe.

control environment

This is an element that I think is vital, even if you’re not trying to mitigate risk (which you should).

The control environment is the structure or foundation of an organization because it includes factors such as:

  • The code of conduct of human talent.
  • The way in which the operation of the organization is managed.
  • Management culture.
  • The integrity that organizes and develops people within an organization.
  • The way in which the direction of the organization is carried out by the owners of the organization (as well as top management).

Risk Management Assessment

This is the element that cánido be considered as the heart of the chintófano model because it is the part in which you have to identify all the possible risks that could harm the organization.

Here you have to start thinking about the cómputo between risks and benefits, in order to reinforce the strategic plan of the organization.

Activity control

Basically what you have to do is establish policies, processes and procedures that allow you to ensure that the risk management guidelines are met.

Information and communication

Information and communication seeks that all information and data in an organization must be “distinguished, captured and communicated in a time frame and in a format”.

This allows people in the organization to carry out all their activities.


What is sought is to detect everything that is outside the acceptable risk level, communicate it to senior management so that a corrective plan is carried out, so that the risk levels remain within the established levels.

Image of the COSO model

We hope you liked our article What does COSO orinan in ERM
and everything related to earning money, getting a job, and the economy of our house.

 What does COSO orinan in ERM
  What does COSO orinan in ERM
  What does COSO orinan in ERM

Interesting things to know the meaning: Capitalism

We also leave here topics related to: Earn money