Skip to content

Book Review: COSO ERM

​Wiley;; 384 pages; $75.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five U.S. private-sector organizations that provide insights on critical aspects of governance, risk management, fraud, and more. In 2004, COSO created an enterprise risk management (ERM) framework to provide direction and guidance for enterprise risk management. COSO explains that ERM is a process designed to identify and manage risks within an organization’s risk appetite. The COSO ERM framework is a set of eight broad and deep components that provide direction and guidance for ERM.

In the second edition of COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance Processes, author Robert Moeller has written a useful guide to help readers make sense of the framework. The new edition covers the latest trends and pronouncements that have affected COSO ERM and explores new topics, releases of protocols, and updated standards.

COSO ERM is not intended to replace a firm’s internal control framework; rather it augments the firm’s processes, helping to satisfy internal control needs and to move toward a fuller risk management process. For those who don’t have a background in risk frameworks, COSO ERM can be vastly confusing. For organizations looking to implement COSO ERM, this book will be a helpful guide to maximizing its benefits.


Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), PCI QSA (Qualified Security Assessor), is a principal eGRC consultant with the Nettitude Group.