COSO ERM or ISO 31000? Which is better?
There seem to be camps of those that are avid advocates of the ISO 31000:2009 risk management standard and those that believe the COSO ERM Framework works well.
For a discussion with a 31000 believer (Grant Purdy), see this previous post.
COSO commissioned a study by Mark Beasley to understand what people thought of its risk management framework. However, very few who responded (perhaps because it came from COSO and was not independent) were using the ISO standard. Therefore, it didn’t provide a reasonable basis for comparison and arguably didn’t reach those using other guidance.
Please spare a few minutes to complete a simple set of questions on this topic, to see how many have read just one or both of the sets of guidance, and which more prefer.
I will share the results and explain my views and why I hold them later.