The COSO Enterprise Risk Management (ERM) framework, particularly the 2017 "Integrating with Strategy and Performance" update, is built on several core concepts. It emphasizes that ERM must be integrated with strategy-setting to help the organization achieve its objectives. A foundational element is fostering a risk-aware culture throughout the entity, from the board down to all employees. The framework also mandates a comprehensive, holistic, and portfolio view of risk, considering how individual risks interrelate across the entire organization. These principles ensure that risk management is not a siloed function but a dynamic, integral part of decision-making and performance management.

C. Risk management is the responsibility of the risk committee.

This is incorrect. COSO ERM establishes that risk management is the responsibility of everyone in an organization, with the board providing oversight and management setting the tone.

E. Consideration of the main risk only which is financial risk.

This is incorrect. ERM by definition is an enterprise-wide approach that considers all types of risks, including strategic, operational, and compliance risks, not just financial ones.

1. COSO. (2017). Enterprise Risk Management—Integrating with Strategy and Performance: Executive Summary. Committee of Sponsoring Organizations of the Treadway Commission.

Page 4, "Governance and Culture": This component emphasizes the importance of board oversight, management's role, and defining the desired culture. Principle 4, "Demonstrates Commitment to Core Values," directly supports the creation of a risk-aware culture (Answer A).

Page 5, "Strategy and Objective-Setting": This component explicitly links ERM to the strategic-planning process, supporting the consideration of risk in the context of business strategy (Answer D).

Page 6, "Performance": Principle 12, "Selects, Develops, and Performs Review," and Principle 14, "Develops a Portfolio View," advocate for a comprehensive and holistic approach to risk (Answer B). The framework refutes the idea of focusing only on financial risk (Answer E).

Page 4, Principle 1, "Exercises Board Risk Oversight": This section clarifies that while the board has an oversight role, management has overall responsibility, and accountability rests at all levels, which contradicts the notion that responsibility lies solely with a committee (Answer C).

2. Beasley, M. S., & Frigo, M. L. (2018). What’s New in the COSO ERM Framework? Journal of Accountancy, 225(5), 28-32.

This article highlights the key shifts in the 2017 framework, stating, "The updated framework more clearly connects ERM with strategy-setting and the entity's operating performance." It also notes the "prominence of culture" as a key theme, reinforcing answers A and D. The article's discussion of taking a "portfolio view of risk" supports answer B.