COSO releases new guidance on taking an agile approach to enterprise risk management
- Published: Thursday, 10 March 2022 08:52
Agile enterprise risk management (ERM) approaches can be a key factor in helping organizations successfully manage risks in a fast-paced business environment says new guidance from COSO.
‘Enabling Organizational Agility in an Age of Speed and Disruption’ says that organizations that are practicing agile methods may be reassessing the strategy set because their environment and context is changing so rapidly. A variety of approaches can be used to ensure that business units and agile teams consider risks says the paper, which identifies numerous ways in which the COSO ERM principles link to agile approaches.
Commissioned by COSO and authored by Dr. Paul L. Walker, Schiro/Zurich Chair in ERM and Executive Director, Center for Excellence in Enterprise Risk Management at St. John’s University, the guidance discusses the following key points:
- The speed of change, risks, and disruption is driving organizations to rethink their vision and strategy.
- Being agile is an extension of strategy and could also be the best strategic choice in certain environments; not being agile could be a strategic mistake.
- Organizational leaders should regularly assess the environment in which they operate and the ability of the strategic approach to succeed in that environment.
- Greatness includes taking risks but never blindly.
- New normals and new business models must factor in the speed of change, risks, and disruption.
- Agile helps manage some risks but can also lead to other risks.
- New tools and methods are available for assessing noise, the environment, the strategy, and the business model, and linking noise to the business model.
- Superior ERM approaches can be a huge factor in helping the organization be more successful by focusing on the right strategies and risks.
- Gathering and understanding the noise in the market and how it impacts the business and operating model, as well as building an early warning system, is becoming critical.
- Organizations should regularly assess ERM and revisit the purpose, mission, and alignment of ERM with the current environment, strategic approach, and business units.
Read the guidance (PDF).