Jim de Loach MD of Protiviti said in a recent podcast that COSO RM framework is more of evaluation framework, while ISO 31000 based RM framwork is more of a illustrating process.
I am not sure what he meant by that. If he might not have mistaken ISO 31000 consists of stages such as Identification, Assessment and Measurement. Aren't these stages 'evaluation'?
If i have understood it wrongly then please i request Jim De Loach to clarify this point.
You need to be a member of Global Risk Community to add comments!
Dear GlobalRisk Community member, Our community’s mission is to foster business, networking and educational explorations among members. Learn from some of the top experts in the industry as they clearly explain how to approach the most important Risk management concepts. Check out their expert tips and use the link at the end of each article to navigate back to the website to leave your comment or ask a question. Some of the topics include: How do you Explain Risk Appetite? How to Prepare a…
Read more…I have just published a guide on PEPs screening requirements around the world and would like to know if anybody has any feedback on it? https://complyadvantage.com/blog/politically-exposed-persons-peps-screening-requirements-around-the-world/CA-PEP-Screening-Map-FINAL-V7 (1).jpg
Read more…We created a free presentation (attached), which discusses both global and organizational impacts of the COVID-19 pandemic, along with critical actions organizations should take immediately. This presentation introduces a framework that helps regions and organizations navigate a path to recovery via 9 potential scenarios. These scenarios capture outcomes related to GDP impact, public health response, and economic policies. The presentation also breaks down 6 immediate and critical actions…
Read more…Now that the updated COSO and ISO risk management standards emphasize a connection to enterprise objectives and decision making, does this mean ERM and GRC solutions focused on risk registers and regulatory compliance are missing the true value of risk management?Will current risk management solutions evolve to integrate more decision support functionality or will standalone prescriptive analytics and other technology solutions take a more prominent role in enabling risk-informed…
Read more…We have an interesting question from one of our members. "We usually perform OTC FX transactions with clients backed-to-back on the market (with Banks). Now we are going to perform a FX swap (i.e. Spot + forward) JPY/EUR for the Bank account for 1 week at the longest. The purpose is to get EUR place @ CB for LCR compliance purpose (no trading purposes). Bank's Management think that this should be considered as a trading position and therefore be classified within the Bank's trading book.…
Read more…The recent sudden crash of oil prices has had a major impact on the world economy, leading to many troubled faces in the international arena. The Russians fear the effects of yet another powerful hit on their economy, Venezuela seems to be considering default and the Americans are weary of the consequences for its young and emerging shale oil industry. And then you have the Middle East, where the smallest match is enough to ignite the largest fire. But are these worries really justified or…
Read more…The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.
For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!
Replies
My view - as per attachment.
COSO vs ISO 31000.docx
Trevor, Thanks for the comments. You are right ISO31000 replaced ANZ4360 (Australian).
Trevor Levine (RISKCZAR) said:
Thank you Mathew, really appreicate your comments , please feel free to comment that would benefit organisations thinking or already implementing the RM.
Mathew Hancock said:
Alex, thank you for commenting i was going to mention about your specialist group if anyone would like to discuss it over there as well.
We appreciate your comments here on Global Risk Community as well. This is the reason why we like have such discussions on all the forums dealing with Risk.
Happy New Year to you too.!
Hi Fayaz,
As per the comments already made, I would say that both standards look at the same risk management process (context, identification, evaluation, management, etc), but talk about how to apply the process across an organisation differently. There are strengths and weaknesses to each approach, but both have useful elements to them.
If someone is looking at how to apply either the COSO ERM framework or ISO31000 I would suggest looking at a process maturity approach (as per the SEI-Carnegie Mellon University Capability Maturity Model). The COSO ERM framework and ISO31000 can help you define what you can do, while the maturity model framework can be used to provide a good understanding of the journey by which you can achieve it. I would put a cautionary note here though that not all maturity models are well put together. Happy to discuss the maturity concept further if there is interest.
Kind Regards,
Mathew
Fayaz Malik started this discussion from the LinkedIn group on the ISO 31000 Risk Management Standard.
We have reached 5000+ members and growing with 100 new members every week.
For those interested to listen to the original interview of Jim de Loach and read the 144 comments which it continues to generate, you are invited to join the following discussion :
Comparing the COSO ERM Framework with ISO 31000
Short link : http://goo.gl/OZzYV
I take this opportunity to wish you a Happy New Year 2012
Regards
Alex Dali, MBA,ARM
Moderator of the ISO 31000 Risk Management Standard group in LinkedIn
I referenced a 2003 article by the legendary Felix Kloman comparing 4360 to COSO a couple of years back. Since most people would agree 31000 is very similar to 4360, the Kloman article may help respond to the question.
My earlier reference to the 600 pages is not untrue as it is quite lengthy and given the choice between both I quote Winston Churchill: "The length of this document defends it well against the risk of its being read.”
Kloman is more eloquent in his assessment of COSO ERM "It is an exercise in cranial congestion: too many words, too much jargon and too little clarity".
31000 like 4360 is brief, simple and easy to understand. I employ more language from 4360 in my day-to-day risk life because it is simple. At the end of the day, all frameworks are pretty much the same: identify all your risks, write them down and assess them so you can prioritize them. Once you write them down, now you have to do something about them.
This is not rocket science.
But if you are going to hand a CFO both documents and say 'pick one to read so you know how to do risk management' unless you are named Frank Martens, I am pretty sure the CFO is going to reach for the 31000.
See the Deathmatch between 4360 and COSO here:
http://riskczar.com/2009/09/09/h-felix-kloman-coso-erm-vs-anz-4360-...
Trevor, we need just few points.
I believe no framework is a perfect evaluating tool but i don't think COSO is better than ISO31000. I thnk ISO31000 is better at both evaluation and guiding the implementing framework.
The main difference between COSO ERM and ISO 31000 is about 600 pages.
-
1
-
2
of 2 Next