In the United States, COSO published its Enterprise Risk Management - Aligning Risk with Strategy and Performance (COSO ERM, or ERM framework) in 2017.

In 2004, COSO identified a need for a robust framework to help companies effectively identify, assess, and manage risk. The resulting risk management framework expanded on the Internal Control Integrated Framework, incorporating all key aspects of the framework in the broader ERM framework. COSO updated its Internal Control - Integrated Framework in 2013 and released an update to the 2004 ERM framework in 2017.

COSO defines ERM as the culture, capabilities, and practices, integrated with strategy-setting and its execution, that organizations rely on to manage risk in creating, preserving, and realizing value.

In 2009. the International Organization issued its standard ISO 31000:2009 (ISO 31000), the first globally recognized standard related to risk management. ISO 31000 was developed to provide a globally accepted way of viewing risk management, taking into consideration principles, frameworks, models, and practices that were evolving around the world. ISO 31000 includes three sections principles, framework, and process.

(i) Perform research on these two (2) globally recognized frameworks. Compare and contrast these frameworks. How do they differ?

(ii) How work steps for each component. are similar?