COSO ERM 2017 vs ISO31000:2018

Can one of the documents be more useful than the other? And if yes, useful for whom, risk practitioners, regulators, auditors or consultants? Or have both documents failed to account for the actual growth in the risk management maturity and will be looked at with disappointment by risk professionals? Should you, as a risk practitioner, even bother to read both documents? And what should you tell an external auditor next time he recommends adopting one of the documents?

I will try and answer all these questions in the upcoming free webinar:



2 thoughts on “COSO ERM 2017 vs ISO31000:2018

  1. Hello Alex,

    Just wanted to know why you always focus on ISO 31000 applicability on non-financial companies. In your opinion, do you feel that COSO ERM 2017 is a more suitable framework than ISO 31000 for financial companies and why?

    1. Of course not, coso erm is rubbish for any industry. The only reason why I always say applicable to non financial is because I never worked in a bank and feel I have no right to comment on risk management in fs

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.