New research from the Committee of Sponsoring Organizations of the Treadway Commission outlines practical steps for moving enterprise risk management from documentation to action.
The new paper released on May 4, From Guidance to Action: Exploring Practical Enterprise Risk Management, aims to help organizations strengthen the strategic relevance, decision-making, and real‑world impact of their ERM programs.
Commissioned by COSO and authored by Ryan Luttenton, Stefany Samp, and Alexa Stone of top 15 accounting firm Crowe LLP, the paper draws on a global survey of risk leaders and practitioners, as well as in‑depth conversations with senior executives across industries and regions.
The research examines how ERM is experienced in practice today, including where it delivers value, where it becomes overly abstract or compliance-driven, and what differentiates risk programs that meaningfully support strategy and decision-making.
“Organizations today face unprecedented complexity, and ERM must evolve to keep pace,” Lucia Wind, executive director and chair of COSO, said in a statement. “This paper provides practical, experience‑based guidance that helps leaders move beyond risk documentation toward embedded, real-time decision‑led practices that strengthen performance, resilience, and governance.”
According to COSO, the findings reveal a clear implementation gap. While ERM programs often mature and generate extensive documentation, their influence on real decisions remains inconsistent.
More than half of survey respondents said their ERM programs are still viewed primarily as compliance or assurance functions, and only 7% reported that ERM is fully integrated into strategy decisions. Yet 98% believe ERM should play a more strategic role—one that accelerates decision‑making by clarifying trade‑offs, triggers, and ownership.
From Guidance to Action provides practical steps to close this gap, COSO says. The paper outlines how organizations can apply the COSO ERM Framework as a toolkit for embedding risk thinking into everyday decision‑making.
It includes real‑world examples of ERM in action, a model for linking strategy and risk at key decision points, and a set of operating disciplines that help teams deliver timely, decision‑ready insights even under real‑world constraints.
“Risk management programs don’t need to be perfect, just effective. Build a program that is sustainable and delivers clear, decision-ready insights. Keep it simple. Be intentional. Be Innovative. Complexity is optional; clarity is not,” Luttenton, a risk consulting partner at Crowe, said in a statement. “At its best, risk management helps organizations protect and pursue value. This paper shares practical insights and perspectives that we hope inspires new ideas and ways of thinking.”
Photo caption: Lucia Wind, executive director and chair of COSO. (Lucia Wind/LinkedIn/Drew Xeron)
Sign in to get access to this free resource, and all of our whitepapers and reports.
Download this content today!
Register Now Already registered? Click here to Log In
