For the last few months, I have been running a survey of risk experts on which risk management guidance they prefer: the COSO ERM – Integrated Framework, or the ISO 31000:2009 risk management standard. I am fully aware that there are others, but these appear to be the prevalent ones. The purpose was to obtain an independent view; prior surveys have been run either by COSO or by individuals clearly linked to ISO advocacy.
The survey went out through my blogs and also through Twitter and LinkedIn.
Although only 180 risk practitioners answered the survey (meaningful but not authoritative), the results were interesting and the comments even more so! So much so that I have made all the comments available for you to peruse in detail.
There were only two questions:
1. Have you read both the COSO ERM framework and the ISO risk management standard?
Yes. I have read both | 76% |
No. I have only read the COSO ERM Framework | 12% |
No. I have only read the ISO 31000:2009 standard | 7% |
No. I have not read either | 6% |
2. Which do you prefer?
I prefer the COSO ERM Framework | 15% |
I prefer the ISO 31000:2009 risk management standard | 52% |
I have no preference. Either can be used effectively | 25% |
I have no preference. I don’t think either can be used effectively | 8% |
The answers to the second question are not materially different if you exclude those who had not read both the COSO ERM framework and the ISO risk management standard.
As I said, the comments are illuminating (see link in the first paragraph).
The people who prefer COSO ERM did so because, in their view:
By way of contrast, those who prefer ISO 31000:2009 offered these opinions:
Those who said that neither were effective had some strong comments, including:
A number of people thought that the two should be combined, taking the best of each. One thought I liked was the need to consider risk management as an element of governance (including strategy and performance management) rather than as a separate and distinct activity requiring a separate and distinct standard or framework.A few parting thoughts:
I encourage you to read the full set of comments and share your views.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
11 | |
9 | |
7 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 |