COSO ERM or ISO 31000? Which is better?
There seem to be camps of those that are avid advocates of the ISO 31000:2009 risk management standard and those that believe the COSO ERM Framework works well.
For a discussion with a 31000 believer (Grant Purdy), see this previous post.
COSO commissioned a study by Mark Beasley to understand what people thought of its risk management framework. However, very few who responded (perhaps because it came from COSO and was not independent) were using the ISO standard. Therefore, it didn’t provide a reasonable basis for comparison and arguably didn’t reach those using other guidance.
Please spare a few minutes to complete a simple set of questions on this topic, to see how many have read just one or both of the sets of guidance, and which more prefer.
I will share the results and explain my views and why I hold them later.
Leave a Reply
Share this blog
Recent Posts on Norman’s IIA Blog
- A CEO We Know Tells How He Managed Risk During Hurricane Irma September 18, 2017
- Lessons From the Massive Equifax Cyber Breach September 13, 2017
- Reputation and Reputation Risk – Part III August 28, 2017
- Reputation and Reputation Risk – Part II August 21, 2017
- Reputation and Reputation Risk August 14, 2017
- Is Your Board Ignorant? August 8, 2017
- A Discussion of Risk Management Between Jim DeLoach and Mark Beasley July 31, 2017
- From Risk Management to Risk Leadership July 24, 2017
- Those Who Serve and Lead the Practice of Internal Auditing July 14, 2017
- What Makes a Good Board? July 11, 2017
Norman, Have you given up on OCEG’s approach to ERM?
Mike, OCEG’s approach to ERM is to accept either ISO or COSO as representing the risk management portion of GRC or principled performance. The new version of Red Book contains more detail and is more closely aligned, in its language, with ISO than COSO.
I continue to (a) prefer the ISO standard, (b) believe risk management operates within the context of governance and assists an organization identify and then optimize achievement of objectives.