The largest differences between the COSO Integrated Control (IC) framework and the COSO Enterprise Risk Management (ERM) framework is
◦ IC is controls-based, while the ERM is risk-based.
◦ IC is risk-based, while ERM is controls-based.
◦ IC is required, while ERM is optional.
◦ IC is more applicable to international accounting standards, while ERM is more applicable to generally accepted accounting principles.