For many years, compliance professionals have used a widely accepted framework for compliance and ethics programs, based on the U.S. Sentencing Commission Guidelines as well as global legislation, to prevent and timely detect noncompliance and other acts of wrongdoing. The COSO ERM Framework has been used by risk professionals and others to identify and mitigate enterprise risks, including compliance risks.

The new publication describes the characteristics of effective compliance and ethics programs associated with each of the five components and 20 underlying principles of the COSO ERM Framework.

“Compliance risks are common and frequently material risks to achieving an organization’s objectives,” said COSO Chairman Paul Sobel. “This publication aims to provide guidance on the application of the COSO ERM framework to the identification, assessment, and management of compliance risks by aligning it with the [compliance and ethics] program framework, creating a powerful tool that integrates the concepts underlying each of these valuable frameworks.”

The new framework is available at

About the Authors