A more effective audit after COSO ERM 2017 or after ISO 31000:2009?

  • Alcina A. de Sena Portugal Dias Instituto Superior de Contabilidade e Administração do Porto (ISCAP) – Politécnico do Porto


This paper seeks to consider the better effectiveness of an audit after the use of ERM 2017 or ISO 31000. To this effect, is COSO existence and evolution will be considered and related to the biggest financial scandals and its output in terms of control schedules. Some criticisms to COSO Cube will be pointed out, and the new ERM 2017 will be described.  ISO 31000 will be considered as an alternative guideline to be used for Risk Management purposes in any organization. A comparison is made between the two sets of Risk management. The audit process will be developed after grasping that the company has a risk management implemented in a more certain fashion, as objectives are different but schemes of risk management control are valid. In terms of future research perspective, one could suggest the identification of organizations using one scheme (ERM) or another (ISO), analysing them and comparing them in order to evaluate their particular effectiveness and accrued value. 


La descarga de datos todavía no está disponible.


Accounting Theory, (2004) 4th Edition, U.K, Business Press Thomson Learning

Anomaly, Jonny & Brennan, Geoffrey (2014). Social Norms, The Invisible Hand, and the Law. University of Queensland Law Journal 33 (2).

Bruton, Ahlstrom, Li (2010) Institutional Theory and Entrepreneurship: Where Are We Now and Where Do We Need to Move in the Future? Entrepreneurship Theory and Practice,3 (3) pp 421–440

Dermot Williamson (2007). The COSO ERM framework: a critique from systems theory of management control, International Journal of Risk Assessment and Management, 7(8), pp 1089-1119 doi: http://dx.doi.org/10.1504/IJRAM.2007.015296

Dion, M.( 2001), ‘Corporate Citizenship and Ethics of Care: Corporate Values, Codes of Ethics and Global Governance’, in J. Andriof and M. McIntosh (ed.), Perspectives on Corporate Citizenship (Greenleaf, Sheffield, UK), pp. 118–138

Donaldson, Preston (1995) The Stakeholder Theory of the Corporation: Concepts, Evidence, and Implications Academy of Management Review, vol. 20 , 1, pp 65-91

Elena Demidenko, Patrick McNutt (2010). “The ethics of enterprise risk management as a key component of corporate governance”, International Journal of Social Economics, 37 (10), pp.802-815, doi: 10.1108/03068291011070462

Frynas G., Stephan S., (2015) Political Corporate Social Responsibility: Reviewing Theories and Setting New Agendas, International Journal of Review Management, 17(4), pp. 483–509

IIA Institute of Internal Auditors - Global Technology Audit Guide (GTAG®) 1 Information Technology Risk and Controls (2012)

Mark C. Suchman (1995) Managing Legitimacy: Strategic and Institutional Approaches ,Academy Management Review , 20(3) 571-610;

Merton, R., Peron, A.,(1993) Theory of risk capital in financial firms, Applied Corporate Finance, 6 (3), pp 16–32

OECD (2014), Risk Management and Corporate Governance, Corporate Governance, OECD Publishing. http://dx.doi.org/10.1787/9789264208636-en

Omolehinwa, O. (2003), Foundation of Accounting, Lagos Pumark Nigeria Ltd.

Ponemon Institute LLC (2013), The State of Risk-Based Security.

Schroeder, H. (2014), “An art and science approach to strategic risk management”, Strategic Direction, Vol. 30 No 4 2014, pp. 28-30.

Wolk Harry I, Dodd James L and Rozycki John J (2008). Accounting Theory: Conceptual Issues in a Political and Economic Environment, 7th edition, Sage Publications Inc. California

World Business Council for Sustainable Development (WBCSD) http://www.wbcsd.org/.

World Economic Forum (2016), The Global Risks Report 2016, 11th edition.

On line references

Canada Survey (2007): na.theiia.org/standardsguidance/Public%20Documents/IIA_Risk_Summit_Practitioner_Answers.pdf

COSO ERM 2017 https://commsrisk.com/new-coso-erm-framework-out-for-comment

ISO 31000:2009 http://broadleaf.com.au/resource-material/iso-31000-2009-setting-a-new-standard-for-risk-management

Cómo citar
Portugal Dias, A. (2017). A more effective audit after COSO ERM 2017 or after ISO 31000:2009?. Revista Perspectiva Empresarial, 4(2), 73-82. https://doi.org/10.16967/rpe.v4n2a8