ENTERPRISE RISK MANAGEMENT (ERM) IS DEMANDING its share of attention from management and internal auditing, but it still has a respectable distance to go before receiving its due. In September, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released the final version of its ERM framework, Enterprise Risk Management--Integrated Framework, which outlines internal auditing's role in supporting ERM. An exposure draft of the framework had been issued more than a year before the final release, and many organizations have embraced ERM. Still, fewer than half the organizations responding to an IIA Research Foundation survey have an ERM framework--full or partial--in place. Those organizations that do not have an ERM framework are evenly divided as to their plans: one-third plan to implement ERM in the future; one-third have no plans to implement ERM, and one-third have yet to make a decision regarding ERM. Thus, it appears that adoption of ERM is still evolving. In light of the increasing interest in the topic of risk management, as well as internal control reporting, it would seem that most organizations ultimately will implement ERM, and the survey results support this. But ERM adoption may not occur immediately.