COSO. Enterprise Risk Management — Integrated Framework – Executive Summary. Committee of Sponsoring Organizations of the Treadway Commission. September 2004. (CORE1106)

Summary: The Committee of Sponsoring Organizations of the Treadway Commission, COSO, defines Enterprise Risk Management, ERM, as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. The entity objectives are set forth in following four categories: (i) Strategic – high-level goals, aligned with and supporting its mission; (ii) Operations – effective and efficient use of its resources; (iii) Reporting – reliability of reporting; and (iv) Compliance – compliance with applicable laws and regulations. According to COSO, ERM enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value. Within the context of FP7-CORE project – and, supply chain security management in general – ERM can be seen as a useful approach particularly when it comes to aligning security risk appetite and strategy; to enhancing security risk response decisions; and to reducing security related operational surprises and losses. Some other ERM aspects such as seizing opportunities (“positive risks”) may not apply in supply chain security management context. One more interesting note, which could also be applied for supply chain security: everyone in an entity has some responsibility for ERM. This executive summary document is available for download at:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

eight − three =