This course is all about Enterprise Risk Management (ERM) standards.

Risk management refers to a coordinated set of activities and methods that is used to direct an organization and to control the many risks that can affect its ability to achieve its objectives.

In this course, we look at and compare two of the most popular risk management standards - the Committee of Sponsoring Organizations (COSO) framework and the International Organization for Standardization (ISO) 31000.

COSO started life in 1992 as the “Internal Control – Integrated Framework” which was updated in 2013, forming the basis for the now well-known COSO Enterprise Risk Management (or ERM) cube. The COSO framework defines internal control as a process, effected by an entity's board of directors, management and other personnel, designed to provide "reasonable assurance" regarding the achievement of effectiveness and efficiency of a firm's operations.

According to ISO 31000, risk is the “effect of uncertainty on objectives”. An “effect” is a positive or negative deviation from what is expected. This definition recognizes that we all operate in an uncertain world. Whenever we try to achieve an objective, there’s always the chance that things will not go according to plan. Every step has an element of risk that needs to be managed and every outcome is uncertain. Whenever we try to achieve an objective, we don't always get the results we expect. Sometimes we get positive results and sometimes we get negative results and occasionally, we get both. Because of this, we need to reduce uncertainty as much as possible.

COSO and ISO 31000 each represent a standard for managing risk. The key question is what do each of these standards say and most importantly how do they compare.  This is the context of this course.


Learning Objectives
  • Discover the core issues surrounding the Committee of Sponsoring Organizations (COSO) Enterprise Risk Management (ERM) framework.
  • Discover the key elements of the International Organization for Standardization (ISO) 31000 standard.
  • Explore the similarities and differences between COSO and ISO 31000.
Last updated/reviewed: August 25, 2023
6 Reviews (31 ratings)


Anonymous Author
This course provides a basic understanding of what Committee of Sponsoring Organizations (COSO) is and what International Organization for Standardization (ISO) is and how they are similar and how they are different in regards to Enterprise Risk Management (ERM).

Anonymous Author
This course had lots of information but was a little hard to follow. I was not familiar with the ISO 31000 so I liked being able to see the comparison with COSO.

Member's Profile
outline on the Australian and New Zealand contribution to world risk management and international contributions was interesting

Member's Profile
Very good clarity on the differences between COSO and ISO. Will be using this knowledge going forward.

Anonymous Author
the course was very informative; especially the "Comparison of COSO to ISO 31000 sections.

Member's Profile
Course was very interesting! Its also very useful for further understanding.

Course Complexity: Intermediate

A basic understanding of risk management and both the COSO and the ISO 31000 standard is a requirement for this course.

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
  Introduction to Enterprise Risk Management (ERM) - A Comparison of COSO & ISO6:29
  ISO 310009:38
  Principles, Framework, and Process11:34
  A Comparison of COSO to ISO 310009:47
  To Sum Up3:59
  Enterprise Risk Management (ERM) - A Comparison of COSO & ISO58:38
  Slides: Enterprise Risk Management (ERM) - A Comparison of COSO & ISOPDF
  Enterprise Risk Management (ERM) - A Comparison of COSO & ISO Glossary/IndexPDF