What is the difference between ISO 31000 and COSO framework and Mwongozo Code?

ISO 31000 and COSO ERM, along with the Mwongozo Code, are frameworks and guidelines for risk management and corporate governance. Here’s a comparison of each:

ISO 31000

ISO 31000 is an international standard for risk management. It provides guidelines, principles, a framework, and a process for managing risk. Key aspects include:

  1. Principles: Establishes a set of principles for managing risk effectively.
  2. Framework: Outlines a risk management framework that integrates risk management into the overall governance, strategy, and planning.
  3. Process: Defines a process for identifying, analyzing, evaluating, and treating risk.


COSO ERM (Committee of Sponsoring Organizations of the Treadway Commission’s Enterprise Risk Management) is a widely-used framework for risk management. It helps organizations improve their ability to manage uncertainty and increase value. Key components include:

  1. Governance and Culture: Emphasizes the importance of governance and organizational culture.
  2. Strategy and Objective-Setting: Aligns risk management with strategy and objective-setting.
  3. Performance: Helps organizations understand how risk affects performance.
  4. Review and Revision: Encourages continuous improvement in risk management.
  5. Information, Communication, and Reporting: Focuses on the importance of information and communication in risk management.

Mwongozo Code

Mwongozo Code is a governance code for State Corporations in Kenya. It provides guidelines for good corporate governance and is specific to public sector entities. Key elements include:

  1. Leadership and Strategic Management: Defines the role of the board and management in strategic direction.
  2. Transparency and Disclosure: Stresses the importance of transparency and full disclosure in governance.
  3. Accountability: Establishes mechanisms for accountability within organizations.
  4. Ethics and Corporate Citizenship: Promotes ethical behavior and corporate social responsibility.
  5. Risk Management and Internal Control: Provides guidelines for effective risk management and internal control systems.
  6. Stakeholder Relations: Encourages positive relationships with stakeholders.

Mwongozo code of governance pdf – Download Mwongozo -The Code of Governance for State Corporations

Key Differences

  • Scope: ISO 31000 is a general standard for risk management applicable to any organization, while COSO ERM is more detailed and specific to enterprise risk management, integrating with organizational strategy. Mwongozo Code is specific to Kenyan State Corporations, focusing on governance and risk management.
  • Applicability: ISO 31000 is used globally across various sectors. COSO ERM is widely adopted in corporate environments. Mwongozo Code is mandated for public sector organizations in Kenya.
  • Focus Areas: ISO 31000 focuses on a structured approach to risk management. COSO ERM integrates risk management with strategic planning and performance management. Mwongozo Code emphasizes governance, ethics, and accountability in addition to risk management.

These frameworks can complement each other, providing a comprehensive approach to risk management and governance in organizations.

No comments yet


Hello, Thank you for contacting Sentinel Africa. How may i assist you?

× WhatsApp