COSO ERM 2017 vs ISO31000:2018

Can one of the documents be more useful than the other? And if yes, useful for whom, risk practitioners, regulators, auditors or consultants? Or have both documents failed to account for the actual growth in the risk management maturity and will be looked at with disappointment by risk professionals? Should you, as a risk practitioner, even bother to read both documents? And what should you tell an external auditor next time he recommends adopting one of the documents?

I will try and answer all these questions in the upcoming free webinar:


RISK-ACADEMY offers online courses

+ Buy now

Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

+ Buy now

ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

+ Buy now

Управление рисками

В этом коротком и очень увлекательном курсе, Алексей Сидоренко расскажет о причинах внедрения риск менеджмента, об особенностях принятия управленческих решений в ситуации неопределенности и изменениях в новом стандарте ИСО 31000:2018.


2 thoughts on “COSO ERM 2017 vs ISO31000:2018

  1. Hello Alex,

    Just wanted to know why you always focus on ISO 31000 applicability on non-financial companies. In your opinion, do you feel that COSO ERM 2017 is a more suitable framework than ISO 31000 for financial companies and why?

    1. Of course not, coso erm is rubbish for any industry. The only reason why I always say applicable to non financial is because I never worked in a bank and feel I have no right to comment on risk management in fs

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.