ISO 31000 vs. COSO ERM – The Great Debate Part II: Taking the Right Level of the Right Risks for Success

Join us for the second instalment of our three-part series regarding ISO 31000 vs. COSO ERM – The Great Debate. More than 700 people registered for the last debate and hundreds more watched the replay.

17 MAY 2018, 5PM EUROPE


In the Great Debate, the panellists all agreed that decision-making is the heart of risk management. Decisions are how risks are taken. The focus of risk management should not be limited to avoiding harms, but instead enable informed decisions that lead organizations to achieve objectives. They also agreed that the COSO 2017 update was an improvement on the 2004 version, but it does not provide sufficient guidance on decision-making and the need to ‘balance’ the potentials for harm and reward.

Since the first Great Debate, ISO has published the 2018 update to their global risk management standard. The panellists will share their thoughts on whether the latest edition provides the guidance on decision-making that we need. Finally, the panellists will debate whether using the word ‘risk’ in risk management is actually leading practitioners, regulators, and other stakeholders astray.



  • Tim Leech, provocative COSO critic in the past, who has now publicly endorsed the new COSO 2017 ERM framework – “the right emphasis at the right time”
  • Norman Marks, retired CAE and CRO; and evangelist for better run business. Outspoken critic of the new COSO 2017 ERM framework – “not what the world needed now”
  • Alex Sidorenko, participant in the development of ISO 31000 scheduled for release in 2018 – “neither efforts are really hitting the mark”
  • Scott Mitchell, OCEG Founder, recognized Influencer in Corporate Governance, Risk and Compliance, host and moderator

Check out other decision making books

RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.