find the latest legal job
Monash University Director Workplace Relations
Category: Industrial Relations and Employment Law | Location: All Melbourne VIC
· Exceptional senior leadership role
View details
Personal Injury Lawyer - Melbourne Eastern Suburbs - 2-5 years PAE
Category: Personal Injury Law | Location: Lilydale VIC 3140
· Fulfilling role as part of a small team in a positive workplace
View details
Legal Counsel
Category: Banking and Finance Law | Location: Sydney CBD, Inner West & Eastern Suburbs Sydney NSW
· In-house opportunity · Be part of our engine for success in a high growth business
View details
Trainer/Assessor Diploma of Legal Services
Category: Other | Location: Liverpool NSW 2170
· 3 Days Per Week · 9am - 4pm
View details
Corporate and Commercial Partner
Category: Corporate and Commercial Law | Location: Adelaide SA 5000
· Adelaide CBD · Join a leading Adelaide commercial law firm
View details
Jury out as Australia digests COSO

Jury out as Australia digests COSO

As Australia digests the recently launched COSO enterprise risk management (ERM) framework, the debate over how much impact it will have here is raging. Stuart Fagg reportsThe COSO (Committee…

As Australia digests the recently launched COSO enterprise risk management (ERM) framework, the debate over how much impact it will have here is raging. Stuart Fagg reports

The COSO (Committee of Sponsoring Organisations of the Treadway Commission) enterprise risk management integrated framework was released last month following more than three years of development. It was widely expected to clarify issues such as how to determine the right amount of risk for the value it is striving to create, the role of boards of directors and senior management in ERM and an application techniques add on, which illustrates how effective ERM concepts and principles may be applied in the business environment.

However, senior risk experts in Australia have offered differing views as to how successful the framework will be here. COSO’s internal controls framework became world’s best practice after being recommended by the US Securities and Exchange Commission (SEC) for Sarbanes-Oxley Act compliance and is in use at some of Australia’s largest corporates. Some believe the ERM framework will be as popular.

“The development of the framework is that a while back the original COSO internal controls framework was developed and the committee then saw that there was a greater trend towards a need to apply risk management, not just internal controls,” said Nick Chipman, partner, financial and organisational risk management at PricewaterhouseCoopers. “The ERM framework is the natural extension to the internal controls framework.”

With some Australian companies pursuing the Sarbanes-Oxley compliance route due either to being SEC registrants or wishing to raise capital in the US, the ERM framework could get a foothold here, Chipman added. “Given the pervasive nature of the impact of Sarbanes-Oxley requirements and US SEC registrants requirements, it will have global reach. The implications out of Sarbanes-Oxley is that COSO is the preferred internal controls model to consider and the parallel is the risk management aspect. In terms of best principles, it is up there.”

Other observers also lauded the launch of the framework. “There’s been a lack of clarity in just what ERM should involve,” said one senior financial services business figure. “This will certainly go some way to rectifying that and will also help debase the idea that ERM is an expensive and onerous invention of consultancies.”

However, those looking for a shot in the arm for their ERM problems may be disappointed. “I think it is a good contribution to the ERM body of knowledge, but it won’t be a silver bullet to make ERM suddenly easy to implement or more valuable,” said Gary Anderson, managing director of Protiviti. “But it does help clarify the links between ERM and internal controls. It is still a major challenge for companies that want to implement ERM properly and add value to their organisation rather than it being a compliance exercise.”

Akin to the ASX’s corporate governance guidelines and the recent update to AS/NZS: 4360, the COSO framework is a principles-based document. “If you were to take the principles as guideposts as to what the companies need to look at, there is more work involved, but it is more targeted work,” Chipman said. “So from that point of view is it more comprehensive? Yes. But does it get to describing exactly how it should be implemented in a company? No.”

The subject of ERM has attracted fierce debate. Some call it the best way to manage risk across complex and diverse organisations and jurisdictions while others point to its current incarnation and label it expensive and cumbersome. But that is less to do with the model used, and more to do with the culture of organisations involved. “We’ve seen plenty of frameworks that are expensive and unworkable,” Chipman said. “Is this going to correct that? Well it depends on whose got the wheel at the time.“

Stuart Fagg is editor of Lawyers Weeklys sister publication Risk Management

Promoted content
Recommended by Spike Native Network