Auditing Section Research Summaries Space

A Database of Auditing Research - Building Bridges with Practice

This is a public Custom Hive  public

research summary

    Hybridized professional groups and institutional work: COSO...
    research summary posted February 16, 2015 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.02 Changes in Audit Standards, 06.0 Risk and Risk Management, Including Fraud Risk 
    Hybridized professional groups and institutional work: COSO and the rise of enterprise risk management
    Practical Implications:

    The results of this study provide insights into the rise of COSO’s ERM framework.  More broadly, it highlights key features that enabled the ERM framework to successfully diffuse internationally.

    Practitioners looking to “popularize” an idea or new business tool in their organization might benefit by considering a wide variety of activities to (1) disrupt the use of existing organizational practices; (2) create (or adopt) a tool with characteristics that are more likely to pique organizational members’ interest and encourage their actual use of the tool; and (3) maintain and provide guidance to address problem areas that might affect adoption.  The use of groups that span multiple functional domains – either within an organization or beyond an organization’s boundaries – might also be strategically used to further the creation, adoption and implementation of ideas and business tools in an organization.

    For more information on this study, please contact Christie Hayne.


    Hayne, C. and C. Free. 2014. Hybridized professional groups and institutional work:  COSO and the rise of enterprise risk management. Accounting, Organizations and Society 39 (5): 309-330.

    Risk management; COSO; Hybridized professional groups; Diffusion; Institutional work
    Purpose of the Study:

    In 2004, the Committee of Sponsoring Organizations (COSO) released a framework purporting to help organizations manage risk (titled “Enterprise Risk Management – Integrated Framework”). The purpose of this study is to understand how and why COSO’s framework emerged as the dominant standard in the field.  Not only has COSO’s enterprise risk management (ERM) framework been criticized for being especially challenging for organizations to successfully implement but it has also been seen to be not markedly different from other competing frameworks. Despite this, COSO’s ERM framework has been consistently named as a world-level template for best practice and thus has received attention from organizations across the world.

    This study is important because though a significant collection of research has examined the diffusion of important management tools, it has focused on the features of the tool or the characteristics of adopting organizations to explain their dominance.  Instead, we focus on an under-explored perspective by examining the “supply side” such that COSO (which we conceive of as a hybridized professional group) performed a number of activities (what we call institutional work) to create, distribute and promote their ERM framework. 

    Design/Method/ Approach:

    Between May 2010 and September 2012, the authors conducted field research by interviewing key individuals holding authorship, guidance or oversight roles throughout the creation of COSO’s Enterprise Risk Management – Integrated Framework.  Many of the interview participants had prior or current relationships with COSO, but some individuals had no formal connections to COSO and were instead drawn from industry and/or practice.  The authors consulted a variety of COSO’s “thought papers” and guidance including the Enterprise Risk Management – Integrated Framework, Internal Control – Integrated Framework and more recent ERM-related guidance.  The authors also reviewed four practitioner focused magazines in order to trace and understand the growing prevalence of key risk terminology.

    • The authors find that COSO employed a comprehensive collection of political, cultural and technical activities to facilitate the diffusion of their ERM framework. This institutional work included activities such as (1) highlighting deficiencies in organizations’ existing ways of mitigating risk, (2) designing a risk framework with the same look and feel of COSO’s previously successful internal control framework, (3) designing an abstract and flexible framework that would appear relevant to a wide group of potential adopters, (4) leveraging a large network of supporters through the five professional accounting bodies associated with COSO, and (5) continuing to develop accessible how-to guides and conducting other promotional activities aimed at generating mass market awareness. Indeed, the popularization of COSO’s ERM framework is explained through varied and overlapping types of institutional work.
    • Unlike other management tools that are created by one group of individuals and then popularized by another, the authors identify COSO as a unique group that was able to traverse both the creation and dissemination role.  Presented as a “hybridized professional group”, COSO brought together consultants that understood organizations’ challenges with risk management, university professors that were familiar with emerging research, and members from industry that spoke to the needs and preferences of key corporates. COSO’s composition not only benefited from members drawn from diverse industries but they also held a range of job positions and functional expertise (e.g., internal control, risk, financial management).
    Risk & Risk Management - Including Fraud Risk, Standard Setting
    Changes in Audit Standards