Instructor for this course

This course is all about Enterprise Risk Management (ERM) standards.

Risk management refers to a coordinated set of activities and methods that is used to direct an organization and to control the many risks that can affect its ability to achieve its objectives.

In this course, we look at and compare two of the most popular risk management standards - the Committee of Sponsoring Organizations (COSO) framework and the International Organization for Standardization (ISO) 31000.

COSO started life in 1992 as the “Internal Control – Integrated Framework” which was updated in 2013, forming the basis for the now well-known COSO Enterprise Risk Management (or ERM) cube. The COSO framework defines internal control as a process, effected by an entity's board of directors, management and other personnel, designed to provide "reasonable assurance" regarding the achievement of effectiveness and efficiency of a firm's operations.

According to ISO 31000, risk is the “effect of uncertainty on objectives”. An “effect” is a positive or negative deviation from what is expected. This definition recognizes that we all operate in an uncertain world. Whenever we try to achieve an objective, there’s always the chance that things will not go according to plan. Every step has an element of risk that needs to be managed and every outcome is uncertain. Whenever we try to achieve an objective, we don't always get the results we expect. Sometimes we get positive results and sometimes we get negative results and occasionally, we get both. Because of this, we need to reduce uncertainty as much as possible.

COSO and ISO 31000 each represent a standard for managing risk. The key question is what do each of these standards say and most importantly how do they compare.  This is the context of this course.


Learning Objectives

  • Discover the core issues surrounding the Committee of Sponsoring Organizations (COSO) Enterprise Risk Management (ERM) framework.
  • Discover the key elements of the International Organization for Standardization (ISO) 31000 standard.
  • Explore the similarities and differences between COSO and ISO 31000.
Last updated/reviewed: June 17, 2021

5 Reviews (21 ratings)Reviews

Anonymous Author
This course provides a basic understanding of what Committee of Sponsoring Organizations (COSO) is and what International Organization for Standardization (ISO) is and how they are similar and how they are different in regards to Enterprise Risk Management (ERM).
Anonymous Author
This course had lots of information but was a little hard to follow. I was not familiar with the ISO 31000 so I liked being able to see the comparison with COSO.
Member's Profile
outline on the Australian and New Zealand contribution to world risk management and international contributions was interesting
Anonymous Author
the course was very informative; especially the "Comparison of COSO to ISO 31000 sections.
Member's Profile
Course was very interesting! Its also very useful for further understanding.


Course Complexity: Intermediate

A basic understanding of risk management and both the COSO and the ISO 31000 standard is a requirement for this course.

Education Provider Information

Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Syllabus
  6:29Introduction to Enterprise Risk Management (ERM) - A Comparison of COSO & ISO
  9:38ISO 31000
  11:34Principles, Framework, and Process
  9:47A Comparison of COSO to ISO 31000
  3:59To Sum Up
  58:38Enterprise Risk Management (ERM) - A Comparison of COSO & ISO
  PDFSlides: Enterprise Risk Management (ERM) - A Comparison of COSO & ISO
  PDFEnterprise Risk Management (ERM) - A Comparison of COSO & ISO Glossary/Index