Title: The COSO ERM framework: a critique from systems theory of management control

Authors: Dermot Williamson

Addresses: Lancaster China Management Centre, Lancaster University Management School, Lancaster University, Lancaster, LA1 4YX, UK

Abstract: COSO|s (2004) framework on Enterprise Risk Management (ERM) makes a valuable contribution to the emerging practice of ERM, but suffers serious limitations. It fails to provide a workable standard for identifying ERM effectiveness. Its definition of |risk| diverts attention from opportunities and from uncertainties that fall outside its closed rational systems perspective. By taking a command and control approach, it ignores shared management of uncertainties with external parties and social implications of ERM. As a result, threats will be created if this framework is widely followed, which seems likely as ERM is institutionalised within regulations, professional practice and expected norms of good management.

Keywords: enterprise risk management; ERM; institutions; management accounting; management control; systems theory.

DOI: 10.1504/IJRAM.2007.015296

International Journal of Risk Assessment and Management, 2007 Vol.7 No.8, pp.1089 - 1119

Published online: 02 Oct 2007 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article