The COSO Framework for Internal Control

Admin

February 7, 2025

Admin's other articles

4349 The World without Bankruptcy Laws

Bankruptcy is one of the natural states which a company may find itself in. Entrepreneurship is primarily about taking risks. When companies take risks, some of them succeed, whereas others fail. Hence failure is a natural part of the business. However, many critics of bankruptcy laws believe that there isn’t a need for an elaborate […]

 4348 The Wirecard and Infosys Scandals are a Lesson on How NOT to Treat Whistleblowers

What is the Wirecard Scandal all about and Why it is a Wakeup Call for Whistleblowers Anyone who has been following financial and business news over the last couple of years would have heard about Wirecard, the embattled German payments firm that had to file for bankruptcy after serious and humungous frauds were uncovered leading […]

 4347 Why the Digital Age Demands Decision Makers to be Like Elite Marines and Zen Monks

How Modern Decision Makers Have to Confront Present Shock and Information Overload We live in times when Information Overload is getting the better of cognitive abilities to absorb and process the needed data and information to make informed decisions. In addition, the Digital Age has also engendered the Present Shock of Virality and Instant Gratification […]

 4346 Why Indian Firms Must Strive for Strategic Autonomy in Their Geoeconomic Strategies

Geopolitics, Economics, and Geoeconomics In the evolving global trading and economic system, firms and corporates are impacted as much by the economic policies of nations as they are by the geopolitical and foreign policies. In other words, any global firm wishing to do business in the international sphere has to be cognizant of both the […]

 4345 Why Government Should Not Invest Public Money in Sports Stadiums Used by Professional Franchises

In the previous article, we have already come across some of the reasons why the government should not encourage funding of stadiums that are to be used by private franchises. We have already seen that the entire mechanism of government funding ends up being a regressive tax on the citizens of a particular city who […]
See More Article from Admin

Categories

It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout.

Visit Us

Our Partners

Search with tags

  • No tags available.

Internal frauds are a big part of the operational risk faced by any organization. This is truer of multinational companies who have business interests in various countries across the globe. This is because there are thousands of people in important positions making business decisions on behalf of the company. Hence, ensuring that all these employees always act in conformity with the company’s principles is a difficult task.

This issue shot into prominence during the turn of the century. The Enron scandal which shook the entire world economy in the early 2000’s also accentuated the need for having proper internal controls in any organization. In response to the Enron Scandal, the United States government passed a landmark piece of legislation called the Sarbanes Oxley Act or SOX. As per the provisions of this act, the management and the auditors of the company are jointly responsible for clearly documenting the internal controls processes and having them certified.

Research has suggested that the lack of properly defined internal controls is the reason for more than 50% of internal frauds in the world. Now, since each company has to document these processes, the Committee of Sponsoring Organizations (COSO) has come up with a framework that can be followed by all organizations in order to develop and document their internal controls. This system has been designed by experts and can be used by any organization to augment its risk management endeavors. The COSO is a committee which composes of five major associations

What is the COSO Framework?

The COSO framework was first developed in the year 1992. Over the years, it has gone through several iterations and has been revised several times. The model has three dimensions which are why it is often displayed on a cube.

The First Dimension: The Functions

The COSO framework mentions actions that need to be taken within three different functions. They are:

  1. Operations: The COSO framework suggests that the operations of the organization be thoroughly studied in order to develop internal controls

  2. Reporting: The COSO framework also suggests that any information source which feeds into internal or external reporting must be audited for accuracy. These audits must happen at periodic intervals and must ensure that the information system of the company work in a timely, reliable, and transparent manner

  3. Compliance: Lastly, the internal control goals must be aligned with the different laws and regulations that the company is supposed to follow.

The Second Dimensions: The Levels

The COSO framework suggests that the organization must be divided into various levels for the purpose of managing internal controls. The internal controls should be continuously monitored at various levels such as subsidiary level, business-unit level, division level as well as entity level.

The Third Dimension: The Environment

  1. Internal Environment: The internal environment of the company refers to the culture propagated by the top management. One of the reasons behind the debacle at Enron was that the unethical values propagated by the top management seeped through in lower levels of management. It is for this reason, the board of directors, as well as outside parties, are supposed to keep a keen eye on whether the top management is committed to maintaining a fraud-free internal environment in the company.

  2. Risk Assessment: This refers to a system of routinely identifying and classifying the various types of risks. The organization should have a system of scanning its environment for possible causes which could lead to failure in the future.

  3. Control Activities: Control procedures are activities listed out by the management in order to mitigate the threats that may arise. These are activities such as approvals, reconciliations, and verifications which are performed in order to identify whether any risk is being missed. Internal controls help point out the flaws in the system.

  4. Information and Communication: This step involves building a strong internal communication system. This means that all the internal parties must be clear about what their responsibilities are. Also, the expectations should also be made clear with external parties. The protocols to escalate any risks amongst the internal as well as external parties in order to ensure a speedy resolution must be put into place.

  5. Monitoring: The last step includes continuously monitoring all the steps which have been taken in the earlier steps. It is as important to monitor a system for internal controls as it is important to create one.

The COSO model emphasizes that all five components work together as an integrated system. The malfunction of any one component would also impact all the other components as well. The idea behind the framework is to provide a set of tools that will have to be used by every company. The specific organization can then go ahead and decide on the specific methods that they want to follow for controls or for information management. The standardized model makes the implementation of risk management comparatively easier.

Article Written by

Admin

Leave a reply

Your email address will not be published. Required fields are marked *

Related Posts

Decision Making

Why the Digital Age Demands Decision Makers to be Like Elite Marines and Zen Monks

Admin

February 7, 2025

Corporate Dressing

Personal Grooming Tips for Women

Admin

February 7, 2025

Organizational Behaviour

Politics in Virtual Workplace

Admin

February 7, 2025