COSO Enterprise Risk Management (ERM) Framework (2017)
COSO Enterprise Risk Management framework (2017 edition, Integrating with Strategy and Performance), structured as five interrelated components (Governance and Culture; Strategy and Objective-Setting; Performance; Review and Revision; Information, Communication, and Reporting) and 20 principles. Copyrighted by COSO/AICPA; full control text requires a licensed copy.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (5)
Governance and Culture
| Code | Title |
|---|---|
| GOV-1 | Exercises Board Risk Oversight |
| GOV-2 | Establishes Operating Structures |
| GOV-3 | Defines Desired Culture |
| GOV-4 | Demonstrates Commitment to Core Values |
| GOV-5 | Attracts, Develops, and Retains Capable Individuals |
Information, Communication, and Reporting
| Code | Title |
|---|---|
| INFO-18 | Leverages Information and Technology |
| INFO-19 | Communicates Risk Information |
| INFO-20 | Reports on Risk, Culture, and Performance |
Performance
| Code | Title |
|---|---|
| PERF-10 | Identifies Risk |
| PERF-11 | Assesses Severity of Risk |
| PERF-12 | Prioritizes Risks |
| PERF-13 | Implements Risk Responses |
| PERF-14 | Develops Portfolio View |
Review and Revision
| Code | Title |
|---|---|
| REV-15 | Assesses Substantial Change |
| REV-16 | Reviews Risk and Performance |
| REV-17 | Pursues Improvement in ERM |
Strategy and Objective-Setting
| Code | Title |
|---|---|
| STR-6 | Analyzes Business Context |
| STR-7 | Defines Risk Appetite |
| STR-8 | Evaluates Alternative Strategies |
| STR-9 | Formulates Business Objectives |
Frequently Asked Questions
What is COSO Enterprise Risk Management (ERM) Framework (2017)?
COSO Enterprise Risk Management (ERM) Framework (2017) is a compliance framework from International (COSO) with 5 domains and 20 controls. COSO Enterprise Risk Management framework (2017 edition, Integrating with Strategy and Performance), structured as five interrelated components (Governance and Culture; Strategy and Objective-Setting; Performance; Review and Revision; Information, Communication, and Reporting) and 20 principles. Copyrighted by COSO/AICPA; full control text requires a licensed copy. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does COSO Enterprise Risk Management (ERM) Framework (2017) have?
COSO Enterprise Risk Management (ERM) Framework (2017) has 20 controls organised across 5 domains. The largest domains are Governance and Culture (5 controls), Performance (5 controls), Strategy and Objective-Setting (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does COSO Enterprise Risk Management (ERM) Framework (2017) map to?
COSO Enterprise Risk Management (ERM) Framework (2017) does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with COSO Enterprise Risk Management (ERM) Framework (2017) compliance?
Start your COSO Enterprise Risk Management (ERM) Framework (2017) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about COSO Enterprise Risk Management (ERM) Framework (2017) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 20 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.
Get Started Free →Free forever — no credit card required