ERM: a status report; A study funded by The IIA Research Foundation reveals how far organizations have come in developing enterprise risk management and internal auditing's role in the process

Submitted on 7th September 2017

ENTERPRISE RISK MANAGEMENT (ERM) IS DEMANDING its share of attention from management and internal auditing, but it still has a respectable distance to go before receiving its due. In September, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released the final version of its ERM framework, Enterprise Risk Management--Integrated Framework, which outlines internal auditing's role in supporting ERM. An exposure draft of the framework had been issued more than a year before the final release, and many organizations have embraced ERM. Still, fewer than half the organizations responding to an IIA Research Foundation survey have an ERM framework--full or partial--in place. Those organizations that do not have an ERM framework are evenly divided as to their plans: one-third plan to implement ERM in the future; one-third have no plans to implement ERM, and one-third have yet to make a decision regarding ERM. Thus, it appears that adoption of ERM is still evolving. In light of the increasing interest in the topic of risk management, as well as internal control reporting, it would seem that most organizations ultimately will implement ERM, and the survey results support this. But ERM adoption may not occur immediately.

To avail of this paper, please contact the Society on  Further information on the paper is available here

Internal Auditor
Length of Resource
Mark S. Beasley, Richard Clune, and Dana R. Hermanson .
Date Published
Publication Type
Resource Type