New England College of Business
In an era of risky investments and failed financial institutions, additional importance is being placed on businesses implementing Enterprise Risk Management (ERM) plans. ERM is defined by the Institute of Internal Auditors (2012) as an approach designed to "identify, quantify, respond to, and monitor the consequences of potential events implemented by management." Without an ERM plan, transparency to shareholders and internal accountability are nearly impossible to achieve. COSO and Basel are both reactive frameworks to increased regulatory changes that forced institutions to show more transparency to their financial reporting, in order to manage operational risks, mitigate the likelihood of a collapse, and ensure stability in volatile market conditions (Farnan 2004; Balin 2008); these measures increase confidence in investors. This comparative analysis of COSO and Basel seeks to indentify common measures that are necessary to form a functional ERM plan, the most important being the accountability of management and its communication with the Board (The New Basel Accord 2003).
A Comparative Analysis of ERM Guidelines: COSO I/II and Basel I/II Introduction
Due to the epidemic of failed financial systems seen over the past decade, agencies and private organizations (e.g., Securities and Exchange Commission, NICE, etc.) have set in place guidelines for the standardization of reporting and evaluating risk in an effort to eliminate "surprise" collapses in the future (NICE Systems Ltd. 2012). Alexander Campbell, Editor, Operational Risk & Regulation, states that "regulatory approaches are changing" and requiring companies to streamline processes for monitoring internal risks at a company, such as fraud (NICE Systems Ltd. 2012). Common goals of organizing committees trying to tackle regulatory challenges are to improve communication between the board and management, increase shareholders' confidence, and most importantly, for entities to thoroughly evaluate their liquidity so that in the event of a crisis, investors' assets are secured (Bressac 2005; Decamps, Rochet, & Roger 2003). This comparative analysis of COSO and Basel identifies the standards these documents set for institutions to maintain an Enterprise Risk Management (ERM) plan, as well as the affects these documents' shortcomings and constraints have on entities which apply either COSO or Basel. Enterprise Risk Management (ERM) is defined by the Institute of Internal Auditors (IIA) (2012) as an approach designed to "identify, quantify, respond to, and monitor the consequences of potential events implemented by management." It is important for all parties affiliated with an institution's ERM plan to clearly identify and understand the events that impact a company's value in order for the entity to achieve its objectives (IIA 2012). The frameworks COSO and Basel both attempt to be reactive solutions to public events in which lack of an adequate ERM plan has contributed to a collapse of a major institution or market which had a detrimental affect on the public (Farnan 2004; Lall 2009). Both documents have been explored by many key opinion leaders in the financial industry, and while each provides a set of guidelines for developing successful ERM protocols, each also fails to be foolproof. Shaw (2006) provides the argument that "while the COSO standard was groundbreaking at the time, it was not meant to be a marking guide for controls." Moreover, in regards to Pillar 3 of the Basel Accord which depicts methods of Value-At-Risk (VAR) calculations, Standard and Poor's noted that although these VAR methods "appear to offer mathematical precision…they are not a magic bullet" (Lall 2009). COSO and Basel can be seen as "a significant step forward" for the times (Saurina and Persaud 2008). Basel
In 1974, the Basel Committee of Banking Supervision (BCBS) was created (consisting of...