The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Blog   /  Future ERM Models and Frameworks

Future ERM Models and Frameworks

When looking forward to future models and frameworks of Enterprise Risk Management, it is worth looking back, to see what they looked like originally, and make comparisons. For instance, the COSO ERM framework introduced in 2004 was an industrial and attempted professional measure to help organisations identify, understand and prioritise their risks, and integrate internal controls into business processes. One of the main reasons for its emergence was the rise of corporate fraud; the Framework could therefore be considered a tool to combat mismanagement, tighten corporate governance and monitor financial reporting more stringently.

The COSO 2004 model addressed different aspects of risk management, and incorporated trends which were regarded as significant, such as ethics and organisational culture. But this was seen as still too restrictive, and still too skewed towards internal control, with undue emphasis on the internal audit function. The international standard ISO 31000, developed by the International Organization for Standardization and released in 2009, is a systematic, logical process of risk management which sets out processes for identifying and analysing risk, and determining its treatment or mitigation. The emphasis of ISO 31000, designed with proper input from Risk professionals, is geared toward the achievement of organisational objectives and improving the quality of decision making.

Some firms see it as a broader framework while others consider it lacking in clarity, but it tends to be more supported by seasoned Risk professionals, compared to COSO. There is no one-size-fits-all when it comes to ERM. Business environments today are exceedingly dynamic and firms may find it hard to keep up with market trends and issues, let alone be able to identify the risks associated with them. But ERM is also about opportunity, managing risk, achieving objectives, improving decision-making and achieving an optimum level of agility, resilience and sustainability for the organisation.

ERM frameworks are likely to become easier to use. The first ISO 31000 standard evolved from the first known standard for enterprise risk management, AS/NZS 4360, published by Standards Australia and Standards New Zealand, in 1995. But even this base standard underwent revision before it became the foundation of ISO 31000 (published in 2009). Its refinement included the deletion of areas which were regarded as hindering, rather than helping its implementation, based on users’ feedback. ISO 31000:2018 became even shorter, clearer and more concise to support firms in their use of ERM principles when planning and making decisions.

ERM models and frameworks are not static; they undergo continuous refinement based on feedback from users in a diverse range of industries. They need to, because businesses are becoming more complex; firms are entering new, unfamiliar markets; and in some cases, completely new industries are emerging, with risks and opportunities in tandem. Future models and frameworks may see greater inclusion of “issues of the day” like gender diversity, climate change, human and cultural factors, more transparency and stricter governance. The lessons from the Covid-19 pandemic will not be forgotten; more attention is likely to be paid to “future readiness” and dealing with disruption and uncertainty.

    Name (required)

    Email Address (required, business email address only)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    CallEmail

    What is the biggest challenge in your job/industry

    Which modules are you interested in? (required)

    Managing ESGMechanics of ESGEnterprise Risk Management

    Message

      Name (required)

      Email Address (required, business email address only)

      Mobile Number (required)

      Company (required)

      Designation (required)

      Preferred Contact Method: (required)

      CallEmail

      What is the biggest challenge in your job/industry

      Message

        Name (required)

        Email Address (required, business email address only)

        Mobile Number (required)

        Company (required)

        Designation (required)

        Preferred Contact Method: (required)

        CallEmail

        What is the biggest challenge in your job/industry

        Which modules are you interested in? (required)

        Evaluating Risk and Internal ControlCorporate GovernanceEstablishing a Cybersecurity FrameworkEnterprise Risk Management

        Message

          Name (required)

          Email Address (required, business email address only)

          Mobile Number (required)

          Company (required)

          Designation (required)

          Preferred Contact Method: (required)

          CallEmail

          What is the biggest challenge in your job/industry

          Message

            Name (required)

            Email Address (required, business email address only)

            Mobile Number (required)

            Company (required)

            Designation (required)

            Preferred Contact Method: (required)

            CallEmail

            What is the biggest challenge in your job/industry

            Which modules are you interested in? (required)

            Digital Risk Management and DisruptionMechanics of CyberSecurityEnterprise Risk Management

            Message

              Name (required)

              Email Address (required, business email address only)

              Mobile Number (required)

              Company (required)

              Designation (required)

              Preferred Contact Method: (required)

              CallEmail

              What is the biggest challenge in your job/industry

              Which modules are you interested in? (required)

              Evolution of BCM Standards, Policies and FrameworksBIA & BCMS Frameworks and StrategiesRisk, Sustainability, Metrics and Crafting Effective Business Continuity Plans

              Message

                Name (required)

                Email Address (required, business email address only)

                Mobile Number (required)

                Company (required)

                Designation (required)

                Preferred Contact Method: (required)

                CallEmail

                What is the biggest challenge in your job/industry

                Which modules are you interested in? (required)

                Emergency Preparedness, Response, BC Awareness and trainingBCMS Performance, Metrics and Audits, Disaster Recovery Plans and Lean MethodologiesCrisis Management

                Message

                User registration

                Reset Password