In my past two blogs, we have examined the risk-aware culture[i] and the risk management process[ii] as found in ISO 31000:2018 and COSO ERM 2017.  This blog will address the third structural element defined by these documents – “risk management framework.”  ISO 31000:2018 includes the risk management framework along with the risk-aware culture and the risk management process. COSO ERM 2017 is a risk management framework even though it addresses what ISO 31000:2018 addresses in its three-component risk management standard. Continue reading →