预读
Enterprise Risk Management — Integrated Framework
Executive Summary
Framework
September 2004
The Committee of Sponsoring Organizations of the Treadway Commission
Copyright ? 2004 by the Committee of Sponsoring Organizations of the Treadway Commission.
Additional copies of Enterprise Risk Management – Integrated Framework: Executive Summary and FOREWORD
Over a decade ago, the Committee of Sponsoring Organizations of the Treadway Commission(COSO) issued Internal Control – Integrated Framework to help businesses and other entitiesassess and enhance their internal control systems. That framework has since beenincorporated into policy, rule, and regulation, and used by thousands of enterprises to better control their activities in moving toward achievement of their established objectives.
Recent years have seen heightened concern and focus on risk management, and it becameincreasingly clear that a need exists for a robust framework to effectively identify, assess, and manage risk. In 2001, COSO initiated a project, and engaged PricewaterhouseCoopers, to develop a framework that would be readily usable by managements to evaluate and improve their organizations’ enterprise risk management.
he period of the framework’s development was marked by a series of high-profile business scandals and failures where investors, company personnel, and other stakeholders suffered tremendous loss. In the aftermath were calls for enhanced corporate governance and risk management, with new law, regulation, and listing standards. The need for an enterprise risk management framework, providing key principles and concepts, a common language, and clear direction and guidance, became even more compelling. COSO believes this Enterprise Risk Management – Integrated Framework fills this need, and expects it will become widely accepted by companies and other organizations and indeed all stakeholders and interested parties.
Among the outgrowths in the United States is the Sarbanes-Oxley Act of 2002, and similar legislation has been enacted or is being considered in other countries. This law extends the long-standing requirement for public companies to maintain systems of internal control, requiring management to certify an
