COSO Releases Results of Two Surveys on Current State of Enterprise Risk Management and Board Risk Oversight

Dec 09, 2010, 13:00 ET from Protiviti from ,COSO

ALTAMONTE SPRINGS, Fla., Dec. 9, 2010 /PRNewswire/ -- The Committee of Sponsoring Organizations of the Treadway Commission (COSO) – an organization providing thought leadership and guidance on internal controls, enterprise risk management (ERM), and fraud deterrence – is releasing results of two different surveys relating to the current state of enterprise risk management and board risk oversight. These surveys were commissioned by COSO and conducted in partnership with two outside organizations. These activities are a continuation of COSO's ongoing efforts to provide thought leadership on ERM and to seek input about COSO ERM guidance from key stakeholders.


The first survey, launched by COSO in partnership with Protiviti, a global business consulting and internal audit firm, sought input directly from over 200 corporate directors to obtain deeper knowledge of the current state and desired future state of the risk oversight process as it is applied by boards of directors. Board members were divided on the effectiveness and maturity of their processes and efforts, according to the survey. While 53 percent of participants rated the risk oversight process in their organizations as "effective" or "highly effective," more than 70 percent indicated that their boards are not formally executing mature and robust risk oversight processes.

"Risk oversight is a high priority on most boards of directors' agendas," said Jim DeLoach, a managing director with Protiviti. "Our survey findings provide valuable insights on how a board can advance to a more mature stage in its oversight of risk – a critical issue as new legislation and regulations force boards to rethink their structure and mission as it relates to risk oversight."

A COSO thought paper authored by Protiviti, titled Board Risk Oversight – A Progress Report: Where Boards of Directors Currently Stand in Executing their Risk Oversight Responsibilities, discussing the results of this survey, including Protiviti's insights and recommendations, is available on COSO's ( and Protiviti's ( websites, as well as the websites of COSO's five sponsoring organizations.

The second survey, conducted by COSO with the assistance of the ERM Initiative at North Carolina State University, obtained information from corporate management about the current state of their risk oversight processes and feedback about COSO's 2004 Enterprise Risk Management - Integrated Framework. The survey was intended to obtain management perspectives about the relative maturity of their risk management practices and to identify perceived strengths and/or weaknesses in COSO's ERM Framework, as well as the extent of reliance on alternative frameworks to strengthen organizational enterprise risk processes and oversight.

This second survey suggests that boards may be over confident in management's underlying risk management processes. Almost 60 percent of the 460 respondents admitted that their risk management processes are ad hoc and informal, almost half (42.4 percent) described their organization's level of functioning of ERM processes as "very immature" or "somewhat mature" and about one-third (35 percent) admit that they are "not at all" or are "minimally" satisfied with the nature and extent of reporting to senior executives of key risk indicators. The two studies suggest that there is room for improvement in enterprise risk management across many organizations.  

Almost two-thirds of corporate management respondents were familiar with COSO's ERM Framework and that the Framework has been the overwhelming choice as the basis for implementing ERM within the respondents' organizations. According to Mark Beasley, Deloitte Professor of Enterprise Risk Management and Director of North Carolina State's ERM Initiative, "Most believe that the COSO ERM Framework is theoretically sound, provides a common language for ERM that is widely accepted and clearly describes key elements of a robust ERM process. Boards of directors are placing greater expectations on management to strengthen risk oversight processes."

A COSO thought paper titled COSO's 2010 Report on ERM: Current State of Enterprise Risk Oversight and Market Perceptions of COSO's ERM Framework is available on COSO's ( and the ERM Initiative's ( websites, as well as the websites of COSO's five sponsoring organizations.

COSO, the ERM Initiative at North Carolina State and Protiviti will conduct a webinar covering both of the above survey report results on January 26, 2011. For more information and to register for the complimentary webinar, visit

COSO is active in addressing insights emerging from both of the above surveys. "We have engaged researchers to develop thought papers aimed at removing the barriers to effective ERM implementation and moving organizations up the maturity curve to a more robust ERM process," said David Landsittel, COSO Chair. "Specifically, we are about to release two thought papers dealing with approaches for getting started in the implementation of ERM and developing key risk indicators. A third thought paper aimed at helping organizations better articulate and implement risk appetite is anticipated to be issued next spring," according to Landsittel.  

About COSO

Originally formed in 1985 to sponsor the National Commission of Fraudulent Financial Reporting, COSO is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence. COSO's supporting organizations are The Institute of Internal Auditors (IIA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), and the Institute of Management Accountants (IMA).

About Protiviti

Protiviti is a global business consulting and internal audit firm composed of experts specializing in risk, advisory and transaction services. The firm helps solve problems in finance and transactions, operations, technology, litigation, governance, risk and compliance. Protiviti has 60 locations worldwide and is a wholly owned subsidiary of Robert Half International Inc. (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.

About North Carolina State's ERM Initiative

The ERM Initiative in the College of Management at North Carolina State University is pioneering thought-leadership about the emergent discipline of enterprise risk management, with a particular focus on the integration of ERM in strategy planning and governance. The ERM Initiative conducts outreach to business professionals through executive education and hands-on advising; its internet portal (; research advancing knowledge and understanding of ERM issues; and undergraduate and graduate business education for the next generation of business executives.

SOURCE Protiviti; COSO