Ask Joey ™ a Question

What is the review and revision component of the COSO ERM framework?

Review and revision is one of the key components of the COSO ERM framework. By reviewing entity performance, an organization can consider how well the enterprise risk management components are functioning over time and in light of substantial changes, and what revisions are needed. The organization reviews and revises its current ERM capabilities and practices based on changes in strategy and business objectives. The 3 principles that relate to review and revision consist of:

Assesses Substantial Change—The organization identifies and assesses changes that may substantially affect strategy and business objectives.

Reviews Risk and Performance—The organization reviews entity performance and considers risk.

Pursues Improvement in Enterprise Risk Management—The organization pursues improvement of enterprise risk management.


You might also be interested in...

  • What are the components of the COSO ERM framework?

    The COSO Enterprise Risk Management (ERM) framework applies a risk-based approach as opposed to a control-based approach. The overall objective of the ERM framework is to attain reasonable assurance that the company objectives and goals are achieved, and that the company meets performance expectations. The main components of ERM include governance and culture, review and […]

  • What is the performance component of the COSO ERM framework?

    Performance is one of the key components of the COSO ERM framework. Risks that may impact the achievement of strategy and business objectives need to be identified and assessed. Risks are prioritized by severity in the context of risk appetite. The organization then selects risk responses and takes a portfolio view of the amount of […]

  • What is the governance and culture principle of ERM?

    Governance and culture is one of the key components of the COSO ERM framework. Governance sets the organization’s tone, reinforcing the importance of, and establishing oversight responsibilities for, enterprise risk management. Culture pertains to ethical values, desired behaviors, and understanding of risk in the entity. The 5 principles related to governance and culture consist of: […]