COSO due for renewal

The widely adopted COSO (Committee of Sponsoring Organizations of the Treadway Commission) risk framework, frequently utilized in the implementation and auditing of standards such as ISAE 3402 or ISO 27001, is due for a comprehensive update.

Due to strong market changes, the COSO II ERM framework was outdated. A framework was needed that was responsive to, and took into account, current market conditions while being flexible enough to be applicable to a wide range of organisations: Internal Control – Integrated Framework (ICIF). The framework is also expected to enable organisations to meet rapidly changing market demands without incurring more risk.

The biggest changes are the minimisation of the COSO cube (the number of components has been reduced). In addition, the model has moved to a ‘principle-based structre’ where 17 principles form the foundation for the model. Also, given recent developments, the new model has placed more emphasis on the IT component.

From late 2011 to March 2012, the committee solicited feedback from the market on the framework. This feedback is currently being critically assessed by the committee and will largely be incorporated into the final version of the framework.