New From COSO, SCCE, and HCCA – Compliance Risk Management: Applying the COSO ERM Framework

This month (November 2020) COSO (the Committee of Sponsoring Organizations of the Treadway Commission) made available its new publication Compliance Risk Management: Applying the COSO ERM Framework which is authored by the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA), and is the product of the SCCE & HCCA Working Group on the Application of ERM to Compliance Risk. COSO commissioned the project.

COSO is a private sector initiative that is jointly sponsored and funded by the American Accounting Association, the American Institute of CPAs, Financial Executives International, the Institute of Management Accountants, and the Institute of Internal Auditors.

In and by itself the fact of the publication does not mandate by law that the publication or any part of it must be followed or implemented by any particular organization. Of course, however, licensing or regulatory bodies could mandate the use of the publication or parts thereof, or an organization itself also could by choice decide to use and implement the publication. The publication is noteworthy for its detail and specifics, because of the reputations and followings of the authoring and commissioning organizations, and because its contents, if they are read and implemented, appear to move ERM in the context of compliance significantly forward from earlier materials. The materials are detailed (29 pages of detail and specifics, plus Appendix 1 and Appendix 2).

I wanted to make you aware of these new materials, although it will take me a while to study and discuss them in detail. The Introduction in part states “This publication aims to provide guidance on the application of the COSO ERM framework to the identification, assessment, and management of compliance risks by aligning it with the C&E program framework, creating a powerful tool that integrates the concepts underlying each of these valuable frameworks.” For the purpose of the publication the “C&E program framework” is described in Appendix 1 Elements of an Effective Compliance and Ethics Program.

The following is a link to a pdf of Compliance Risk Management: Applying the COSO ERM Framework, from the website:

That’s all for now. More to follow.

Best to you. David Tate, Esq.


Remember, every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this post. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly. And please also subscribe to this blog and my other blog (see below), and connect with me on LinkedIn and Twitter.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only

Litigation, Disputes, Mediator & Governance: Business, Trust/Probate, Real Property, Governance, Elder Abuse, Investigations, Other Areas

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations

Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance and governance committee, responsibilities and rights, compliance, investigations, and risk management

My law practice primarily involves the following areas and issues:

Trust, Estate, Probate Court, Elder and Dependent Adult, and Disability Disputes and Litigation

  • Trust and estate disputes and litigation, and contentious administrations representing fiduciaries, beneficiaries and families; elder abuse; power of attorney disputes; elder care and nursing home abuse; conservatorships; claims to real and personal property; and other related disputes and litigation.

Business, Business-Related, and Workplace Disputes and Litigation: Private, Closely Held, and Family Businesses; Public Companies; Nonprofit Entities; and Governmental Entities

  • Business v. business disputes including breach of contract; unlawful, unfair and fraudulent business practices; fraud, deceit and misrepresentation; unfair competition; licensing agreements, breach of the covenant of good faith and fair dealing; etc.
  • Misappropriation of trade secrets.
  • M&A disputes.
  • Founder, officer, director and board, investor, shareholder, creditor, VC, control, governance, decision making, fiduciary duty, conflict of interest, independence, voting, etc., disputes.
  • Buy-sell disputes.
  • Funding and share dilution disputes.
  • Accounting, lost profits, and royalty disputes and damages.
  • Insurance coverage and bad faith.
  • Access to corporate and business records disputes.
  • Employee, employer and workplace disputes and processes, discrimination, whistleblower and retaliation, harassment, defamation, etc.

Investigations, Governance, and Responsibilities and Rights

  • Corporate, business, nonprofit and governmental internal investigations.
  • Board, audit committee, governance committee, and special committee governance and processes, disputes, conflicts of interest, independence, culture, ethics, etc.; and advising audit committees, governance committees, officers, directors, and boards.

Mediator Services and Conflict Resolution

* * * * *