COSO’s Enterprise Risk Management Framework. The GRI Standards. The SASB Standards. The Integrated Reporting Framework. The Sustainable Development Goals.

These are the models and metrics that have been introduced (or modified) during the past few years to help organizations and societies account for environmental, social, and economic risks. The coronavirus (COVID-19) pandemic, of course, is responsible for many such risks. How do the profession’s standards stack up against the new pandemic risks? Are they sufficiently robust to address the challenges of the coronavirus era? These questions are urgent and timely because accountants are now making important decisions about modifying their internal control and risk management systems. Should they look to these standards for guidance? Fortunately, the major sets of standards provide relevant information for all accountants who are modifying their business practices to account for pandemic risks.

COSO’s Enterprise Risk Management Framework

COSO’s Enterprise Risk Management Framework ( defines 19 principles that address an entity’s ability to manage risk. Its June 2017 publication “Enterprise Risk Management: Integrating with Strategy and Performance” also presents numerous examples of potential application.

The very first example in the publication is Example 1.1, Crisis Management Plan. It describes a cruise ship that experiences a viral outbreak and prepares to engage in special sanitizing, disinfecting, “deep cleaning,” and scheduling practices. Incidentally, it acknowledges that “a cruise ship does not have the capability to quarantine passengers during an outbreak,” an obvious fact that was sadly ignored by certain ship operators at the outset of the COVID-19 pandemic.

The 19 principles also provide guidance about the evaluation of alternative strategies (principle #8), the identification, assessment, and prioritization of risks (#10, #11, and #12), the implementation of responses (#13), and the assessment of substantial change (#15). These principles, and the illustrative examples in the 2017 publication, can clearly assist organizations in addressing pandemic risk.

Global Reporting Initiative (GRI) Standards

The GRI Standards (, unlike the ERM Framework, are not designed to address specific principles. Instead, they present sets of metrics that define outcomes for business organizations. Several of these sets can be applied to assess organizational readiness to address pandemic risks. According to GRI Standard 204 on Procurement Practices, for example:

When reporting its management approach for procurement practices, the reporting organization can … describe actions taken to identify and adjust the organization’s procurement practices that cause or contribute to negative impacts in the supply chain … [these] can include stability or length of relationships with suppliers, lead times, ordering and payment routines, purchasing prices, changing or cancelling orders.

Thus, organizations that are now confronting significant supply chain disruptions as a result of COVID-19 can address such difficulties through the implementation of GRI Standard 204.

Sustainability Accounting Standards Board (SASB) Standards

The SASB Standards ( resemble the GRI Standards in purpose and format. However, the SASB defines its standards on an industry-by-industry basis, whereas the GRI does so on a function-by-function basis.

As is true of the GRI Standards, several of the SASB Standards can be applied to address pandemic readiness. The Biotechnology & Pharmaceuticals Standard for the Health Care Sector, for example, includes “Access to Medicines” and “Supply Chain Management” among its topics, and the number of drugs in R&D among its activity metrics. Furthermore, the Health Care Delivery Standard includes “Employee Health & Safety” among its topics; its metrics include incident rates and days-away rates.

Thus, any biotechnology or pharmaceutical facility that is now facing significant challenges involving the manufacturing and sale of treatment medications can assess its readiness through the implementation of the SASB Standards. Likewise, any healthcare provider (or, in SASB’s language, “health care deliverer”) that is now struggling to protect its clinical personnel from COVID-19 can do so too.

Integrated Reporting Framework

The International Integrated Reporting Council (IIRC; has developed an Integrated Reporting (IR) Framework. Resembling the COSO Framework’s presentation of principles, the IR Framework presents a set of content elements that can be utilized to define priorities, policies, practices, and outcome metrics.

IR Framework Element 4C, for instance, is the Business Model. It defines the inputs, business activities, outputs, and long-term outcomes of an organization. Supply chain disruptions are clearly addressed in this element. Furthermore, Element 4D addresses risks and opportunities, and 4E addresses resource allocation. These elements play key roles in the design and operation of systems to manage pandemic risk.

Although the movement toward adopting ESG reporting is hastening the employment of these tools, universal adoption remains in the future.

United Nations Sustainable Development Goals (SDG)

Among the 17 United Nations Sustainable Development Goals (SDG) are goal #3, Good Health and Well Being ( development). That goal clearly addresses the elimination of communicable diseases (target 3.3) and access to vaccines (targets 3.8 and 3.b).

Regrettably, the indicators that are associated with target 3.3 only focus on HIV, tuberculosis, malaria, hepatitis, and “neglected tropical diseases.” None of these indicators is sufficiently robust to address COVID-19.

The indicators that are associated with target 3.8, however, include a service coverage index that addresses tracer interventions for infectious diseases. Tracing capabilities are often cited as an important capability for reopening economies after COVID-19 lockdowns.

Although the indicators that are associated with target 3.b focus on diphtheria, tetanus, pertussis (whooping cough), measles, and pneumococcal conjugate, they also address support for medical research and basic health sectors. Thus, these indicators can also help address COVID-19 concerns.

Accounting for Crises

The COVID-19 pandemic is an example of a dramatic crisis that emerged from the natural environment, that was not foreseen by most organizations, and that is doing great harm to the U.S. society and economy. During such crises, it is tempting to assume that our current standards and frameworks are insufficient to meet our critical challenges.

Nevertheless, the professional sustainability standards that are reviewed in this article appear to be sufficiently robust to account for pandemic risk. Indeed, each set of standards contains at least some explicit guidance that is directly applicable to the COVID-19 pandemic.

Unfortunately, most organizations are not required to utilize sustainability and environmental, social, and corporate governance (ESG) guidance in its entirety. Although the movement toward adopting ESG reporting is hastening the employment of these tools, universal adoption remains in the future. It is quite possible that full adoption by all entities will never be completely achieved.

And yet, as accountants develop new policies and procedures to help their organizations and clients address pandemic risk, one must remember that there is no need to reinvent the wheel. Indeed, there are many “wheels” that have already been crafted by credible standards-setting bodies and are ready to roll.

Michael Kraten, PhD, CPA is professor of accounting at Houston Baptist University, Houston, Texas, where he serves as chair of the accounting, finance, and economics programs. He is a member of The CPA Journal Editorial Advisory Board.