by Rick Nason, PhD, CFA
RSD Solutions Inc.
I have never been a huge fan of the COSO framework (or any framework for that matter – see my presentation Get Creative or Take the Risk, which was presented at the 2008 Treasury Management Association of Canada’s annual conference http://www.rsdsolutions.com/rick-nason039s-presentation-slides-tmac-annual-conference-2008 ). Despite that, the COSO framework is still the basis for most Enterprise Risk Management systems.
Admittedly, the COSO framework is one of the best frameworks out there, and it certainly is comprehensive. (That tends to happen when a system is designed by a committee of consultants who do not have to worry too much about implementation.)
We are all familiar with the three-sided COSO cube. One side of the cube of course has the delineations of; 1. Entity Level, 2. Division, 3. Business Unit and 4. Subsidiary, for which each of the functions of risk management are to be examined and implemented.
In the Human Factor, author Vicente offers up what he calls the “Human-Tech Ladder”, which are the ways that humans interface with technology. Vicente’s steps are; 1. Physical, 2. Psychological, 3. Team, 4. Organizational, and 5. Political. I propose that these are much better delineations for consideration for the COSO framework than the ones presented in the previous paragraph.
A risk system should be usable (Physical), deal with the individual (Psychological), deal with group interactions (Team), and organizational factors (Organizational), and as well incorporate factors from the broader aspects of the marketplace and society (Political).
1 comment:
Have a look at an article by Felix Kloman comparing 4360 to COSO ERM.
http://riskczar.com/2009/09/09/h-felix-kloman-coso-erm-vs-anz-4360-deathmatch/
Post a Comment