For those responsible for understanding and managing risks, the new normal includes rethinking when, how, and where to apply strategic risk thinking and ERM. COSO’s Enterprise Risk Management – Integrating with Strategy and Performance (the Framework), addresses the importance of linking risk, performance, and strategy across all areas of the business.
Amidst the scale of change, disruption and risk, many organizations have adopted approaches based on agile methodology to help get ahead of the change and disruption. Commissioned by COSO and authored by Dr. Paul L. Walker, Schiro/Zurich Chair in ERM and Executive Director, Center for Excellence in Enterprise Risk Management at St. John’s University, the guidance highlights many of the COSO ERM risk principles and how they relate to an agile business environment.
“In guiding an organization, leaders cannot just move fast; they must also have a sense of direction. It is imperative that ERM practices be aligned with the organization’s agile approach to help them meet their objectives and achieve enhanced value as they pursue their mission and strategies in a world that is rapidly changing,” said Paul Sobel, COSO Chairman. “The COSO ERM framework provides a great method for thinking about how and where risk should be considered as companies become more agile.”
Companies practicing agile methods may be reassessing the strategy set because their environment and context is changing so rapidly, according to the paper. A variety of approaches can be used to ensure that business units and agile teams consider risks. Numerous ways are identified that show how the COSO ERM principles link to agile approaches.
“Organizational greatness includes taking risks but never blindly. Organizational leaders should regularly assess the environment in which they operate and the ability of the strategic approach to succeed in that environment,” said Dr. Paul Walker, author of the paper. “An ERM framework and the ERM team can play a crucial role in helping organizations manage the risk. Importantly, the ERM function itself needs to be updated to keep up with these changes or the ERM function will quickly be out of step with the rest of the organization.”
Please visit the COSO website for the full paper.