My topic for discussion today hovers on a recent dilemma one of my clients faced. The client asked "Whether it made sense to implement the Enterprise Risk Management Integrated Framework COSO alongwith the Sarbanes Oxley 404?". Well, my opinion is Sarbanes Oxley compliance is a statutory requirement which cannot be done away with. On the other hand, complying with COSO's Enterprise Risk Management Framework is optional. Let use try and find out the difference between implementation of Section 404 of the Sarbanes Oxley act and implementation of COSO's Enterprise Risk Management Integrated Framework.

Section 404 of the Sarbanes Oxley stresses on Internal Controls over financial reporting. COSO's ERM has aspects of risk management and goes one step further i.e. beyond internal controls over financial reporting. COSO's ERM framework deals with risk appetite, risk tolerance, overall control objectives and strategy of the management. Companies adopting COSO's Enterprise Risk Management Framework definetely will beenfit from a consistent approach to risk management. We all know that internal controls are not limited to just financial reporting. ERM takes care of internal controls across the entire organization and achieveing better controls.

Related Posts on Sarbanes Oxley >>

>> SOX Key Issues for CFO's and CEO's
>> Antifraud Action Plan for Internal Audit
>> Section 404 Maturity Framework
>> How to Develop a Testing Strategy for Internal Controls