A comparison of key risk management frameworks: COSO-ERM, NIST RMF, ISO 31.000, COBIT

Home Page
About
Submit A Journal
Submit A Conference
Submit Paper/Book
- Submit a Preprint
- Submit a Book
Publisher/Editor Panel
- Sign In/Sign Up

Denetim ve Güvence Hizmetleri Dergisi
Volume:3 Issue:2
A comparison of key risk management frameworks: COSO-ERM, NIST RMF, ISO 31.000, COBIT

A comparison of key risk management frameworks: COSO-ERM, NIST RMF, ISO 31.000, COBIT

Authors : Ahmet EFE

Pages : 185-205

View : 145 | Download : 220

Publication Date : 2023-07-31

Article Type : Review Paper

Abstract :Risk management frameworks play an essential role in identifying, assessing, and mitigating risks to ensure the effective governance and operation of organizations. It is also one of the key elements of assurance and consultancy services of internal auditing in risk-based audit plans and programs. This study aims to provide an in-depth comparison of four widely used risk management frameworks: the Committee of Sponsoring Organizations of the Treadway Commission Enterprise Risk Management insert ignore into journalissuearticles values(COSO-ERM);, the National Institute of Standards and Technology Risk Management Framework insert ignore into journalissuearticles values(NIST RMF);, the International Organization for Standardization 31000 insert ignore into journalissuearticles values(ISO 31.000);, and Control Objectives for Information and Related Technologies insert ignore into journalissuearticles values(COBIT);. The analysis is conducted based on their underlying principles, structure, risk assessment methodologies, and applicability in various industries. We evaluate the strengths and weaknesses of each framework, including their adaptability and relevance in addressing emerging risks, such as cybersecurity and data privacy. It is found that implementing ISO 31000 and COBIT frameworks requires addressing challenges and limitations, including commitment from top management, knowledge and training, customization, and monitoring. To succeed, organizations should demonstrate commitment, provide training, customize the frameworks, and establish robust monitoring systems. The findings from this study serve as a guide for organizations seeking to adopt or transition between risk management frameworks, ultimately enabling them to select the most suitable approach tailored to their specific needs and risk landscape.
Keywords : Risk yönetimi çerçeveleri, COSO ERM, NIST RMF, ISO 31 000, COBIT

ORIGINAL ARTICLE URL

VIEW PAPER (PDF)