David Landsittel Chairman COSO

Recognizing the evolving nature of enterprise risk management (ERM) in recent years, COSO has released a new thought paper authored by representatives from Deloitte titled Risk Assessment in Practice.

This thought paper provides leadership thinking on risk assessment approaches and techniques that have emerged as the most useful and sustainable for decision-making. It represents another in a series of papers published by COSO aimed at helping organizations move up the maturity curve in their ongoing development of a robust ERM program.

Applying the principles of COSO’s Enterprise Risk Management – Integrated Framework, risk assessment follows event identification and precedes risk response. Its purpose is to assess how big the risks are, both individually and collectively, in order to focus management’s attention on the most important threats and opportunities, and lay the groundwork for risk response.

“Risk assessment is all about measuring and prioritizing risks so that risk levels are managed within defined tolerance thresholds without being over controlled or forgoing desirable opportunities,” said Dr. Patchin Curtis, director, Deloitte & Touche LLP and co-author of the paper. “To accomplish this requires a risk assessment process that is practical, sustainable, easy to understand and right-sized for the enterprise.”

More specifically, the thought paper presents a process that involves (a) developing risk assessment criteria, (b) assessing risks, (c) assessing risk interactions, and (d) prioritizing risks. It also discusses how to put this process into practice in a simple, practical, and easy to understand way.

“ERM is a young discipline that is continuing to evolve,” said COSO Chairman David Landsittel. “This publication builds on COSO’s existing ERM guidance by helping executives build a more robust risk assessment process, and providing an understandable discussion that will assist board members in their oversight responsibilities.”

Risk Assessment in Practice can be downloaded for free from COSO’s website (www.coso.org) as well as the websites of COSO’s five sponsoring organizations. COSO encourages practitioners and others interested in monitoring developments in enterprise risk management to visit the COSO website to learn more and download other thought papers on ERM

Founded in 1985, COSO is a joint initiative of five private sector organizations and is dedicated to providing thought frameworks, guidance, and thought leadership for ERM, internal control, and fraud deterrence. COSO comprises The Institute of Internal Auditors (IIA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), and the Institute of Management Accountants (IMA). www.coso.org