Skip to main content

What Is The Coso Framework?

Information Technology Blog - - What Is The Coso Framework? - Information Technology Blog

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed in 1985. It guides businesses to help them manage risk, detect fraud, and enable overall good governance. COSO also helps organizations conform to laws such as the Sarbanes-Oxley Act (SOX) and the Foreign Corrupt Practices Act (FCPA).

Businesses in the United States have widely adopted the COSO framework for internal control. In 2013, COSO released the new framework, which took over from its predecessor in 1992. The Internal Control-Integrated Framework is a comprehensive document that guides effective internal control.

While the COSO Framework is widely accepted, it’s not mandatory. However, your organization stands to benefit from compliance because the cost of recovering from theft, fraud, and legal suits is higher than the cost of compliance.

The COSO History

COSO was formed in 1985 by five American organizations in auditing and finance to sponsor the National Commission on Fraudulent Reporting (NCFR). The goal was to study organizations, understand fraud and false reporting, and device ways to tackle fraudulent activity and protect all stakeholders. However, to manage reporting and controls, the members had to create a standard description for internal control, which led to publishing the first framework in 1992.

Since the business world is continuously changing, primarily due to technological and legal innovations, an update was well overdue. In 2013, COSO published an updated framework that could address internal control in current businesses.

Understanding the COSO Framework

The Internal Control-Integrated Framework provides a clear and acceptable definition for internal control and also provides a standard against which businesses can evaluate their internal control. The definition sheds light on several aspects of internal control that all business executives and members can follow to achieve organizational objectives.

  • Creating internal control is continuous rather than the last stop. The business environment is always changing, and making changes to internal controls is essential for survival.
  • Internal controls can help businesses achieve operational, compliance, and reporting objectives.
  • The people in the organization, whether directors, management, or staff, put internal controls into effect. In this aspect, internal control and company culture are entwined.
  • Organizations can adopt internal control into their subsidiaries and divisions to streamline business structure.
  • While internal controls provide adequate assurance but aren’t absolute- the effectiveness of internal controls is not pegged on their existence but their application.

COSO Framework – Main Elements

The COSO Framework lists five elements of internal control. Each component has several principles that businesses can use to measure their effectiveness. These controls work as a foundation for establishing unique internal control.

Control Environment

  • Commit to being proficient by seeking and retaining competent people.
  • Maintain ethical values and hold people accountable for their actions.
  • Create an independent board and audit committee.
  • Structure of the responsibilities and authority lines should support the operating styles.

Risk Assessment

  • Specify company objectives.
  • Conduct a risk assessment to identify the risks that come with all business objectives.
  • Establish procedures for change management.

Control Activities

  • Follow company policies.
  • Apply change management policies.
  • Boost business security
  • Establish business fallback plans when changing
  • Outsource skills

Information and Communication

  • Establish processes to control the quality of information used internally and externally.
  • Ensure the effectiveness of information and communication.

Monitoring

  • Monitor ongoing performance.
  • Conduct evaluations to measure performance.
  • Report any shortages.

The Types of Internal Control

The components of the COSO Framework establish a guideline for achieving three types of objectives:

Operations objectives: These objectives apply to an organization’s operational and financial objectives that protect the business against losses.

Reporting objectives: Concerns any controls over the transparency, aptness, accountability, and reliability of both financial and non-financial reporting.

Compliance objectives: These objectives apply to relevant policies and compliance with regulations.

Where Does the COSO Framework Apply?

The application of internal control applies to the organizational structure. Organizations can use the internal framework to gauge the effectiveness of internal control at the:

  • Entity level
  • Division level
  • Operating Unit
  • Function level

The application of the COSO Framework changes as we move up the organization. At the entity level, the management has an indirect relationship to operations, which makes it’s harder to track them. The size and complexity of the company also affect controls at higher levels.

Implementing the COSO Framework

Appoint a team: Directors should delegate the planning and application of internal control to an internal committee. The team should have managers and competent staff who can advise on what the organization needs.

Create a plan: The team should forge a plan to implement controls. The plan should detail the team member’s responsibilities, the implementation schedule, and scope.

Evaluate the framework: The team should analyze the framework and assess it against the organization’s structure.

Evaluate the organization: An analysis of the organization’s structure, risks, gaps and performance

Design and test: Once the gaps are identified, the team should create and implement controls and measure their effectiveness in the organization.

Optimize controls: After designing and testing, approved controls should be optimized to achieve business goals.

Bottom line

Effective internal control ensures that all stakeholders benefit from transparent processes, and organizations achieve their objectives. It also helps businesses comply with regulations and manage risk and change.

The post What Is The Coso Framework? appeared first on Information Technology Blog.



Udimi - Buy Solo Ads from Information Technology Blog https://ift.tt/3c944ao
via IFTTT

Comments

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi...

How to Stay Creative and Keep SEO in Mind

Information Technology Blog - - How to Stay Creative and Keep SEO in Mind - Information Technology Blog Search engine optimization (SEO) refers to customizing your website’s content to ensure that web browsers give your website a high SEO score. The sites with the highest SEO scores are featured on the search engine’s first page of search results for relevant searches.  71%  of the click-throughs happen with articles listed on the first page of results on the search engine. This means that if your website’s article is the second (or third, or fourth page), it’s less likely the search user will even see your article. You want your article to be ranking as close to the top of the first page of results as possible. In order to have a good SEO score your site’s content needs to feature keywords and relevant phrases. It must be optimized for easy navigation between pages. It also needs to be referenced via external links that drive traffic to your site. Incorporating all of t...

Everything we know about HHS Protect, a secretive government project with Peter Thiel's Palantir that helps brief Trump's coronavirus task force

A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus .  Dubbed "HHS Protect," the effort tracks information from around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  HHS uses Palantir Technologies , a data firm cofounded by Peter Thiel, to distill that information for the White House coronavirus task force. Visit Business Insider's homepage for more stories . A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus.  Dubbed "HHS Protect," the effort includes roughly 2.5 billion pieces of data from healthcare providers, government officials, and labs around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  The goal is learn about the progress...