IFAC Professional Accountants in Business Committee Response to COSO's Enterprise Risk Management Exposure Draft

With the increased volatility in the modern business environment and the recent financial and economic crises around the world, the effective management of risk in organizations—including good internal control—has taken on even greater importance. Effective risk management facilitates the achievement of an organization’s objectives, while complying with legal, regulatory, and societal expectations, and enables the organization to better respond and adapt to surprises and disruptions. IFAC, therefore, commends COSO on taking up the challenge to update its ERM Framework.

IFAC is happy to see that many of its views on the effective management of risk are reflected in the current draft, especially with the Executive Summary stating that “integrating enterprise risk management into an organization helps to accelerate growth and enhance performance by more closely linking strategy and objectives to both risk and opportunity.” This is closely aligned with IFAC’s recent thought paper, From Bolt-on to Built-in, which argues that organizations should primarily focus on setting and achieving their objectives to create sustainable value and growth and that managing risk, both positive and negative, is a natural and integral part of that.

However, IFAC feels that additional changes are necessary for the Framework to be strategic-objective based instead of risk based.