COSO Integrated Framework (Essay Sample)

COSO Framework
Author
Institution
Date
Introduction
Internal controls assist a company in realizing important objectives and sustaining performance. An example of internal control is the Committee of Sponsoring Organizations of the Tread Commission (COSO) integrated framework and empowers entities to effectively establish systems for internal control which can adapt to dynamic business environments, reduce the risk degree to an acceptable level, support systematic decision making and governance across the business. Fourie and Ackermann (2013) explain that the COSO framework has the ultimate goal of assuring that business objectives can be achieved in demanding domains of operations, compliance, and reporting.
For the board of directors and the organization management, the framework provides a method of implementing internal control on any type of organization despite its legal structure or operational unit; it provides a principal-based stratagem providing flexibility in designing and implementing internal controls (Committee of Sponsoring Organizations of the Treadway Commission, 2013). For other shareholders interacting with the company, for instance, clients, the internal control provides greater confidence in realizing its objectives and the ability to identify and respond to risks in the business environment. COSO's components of internal control include “control environment, risk assessment, control activities, information and communication, and monitoring activities”.
Control environment
The component provides a set of standards and structures that provide a background for conducting internal control across the organization. The senior management and the board of directors are responsible for setting an example of the importance of internal controls on all levels across the business. The control environment recognizes the organizational ethical and integrity values, dimensions facilitating the senior management and the board of directors to provide governance, the procedure to creating and developing competent workers, and rewards propagating accountability for performance (Committee of Sponsoring Organizations of the Treadway Commission, 2013).
The component impacts COSO's objectives as it insists on moral and ethical values, oversight, commitment to aptitude, liability, and organizational structure. The component sets integrity and moral tone from the senior management to other levels across the organization. It outlines the inclusive board authority, spearheads that all employees should be trained, supports accountability to maximize performance, and highlights the board's responsibility and independence.
Risk assessment
A risk is a probability that an event, either positive or negative, will occur and can adversely influence the achievements of objectives. Every organization faces risks, either from internal or external sources. The component of risk assessment is concerned with identifying and appraisal of risks to maximize the achievement of objectives (Committee of Sponsoring Organizations of the Treadway Commission, 2013). The component provides a background and reference point for determining how risks will be identified, assessed, and managed across the organization. Before performing a risk assessment, the preliminary step is setting objectives concerning operations, reporting, and compliance. Risk assessment necessitates the management to consider the impact of possible changes across its model and in the external environment.
Innumerable organizations leverage the COSO framework to assess whether it's affected by existing risks and determine the acceptable level of the risks to the organization. The component supports COSO objectives as it specifies suitable objectives at various levels of the organization, identifies risks that can affect the objectives, and assesses significant changes. The component determines internal and external changes that may affect the risks and evaluates technology, processes, and people to determine how they undermine security controls.
Control activities
Control activities are addressed through procedures and policies and assist the management in reducing the risk of not achieving the objectives. The control activities are implemented at all levels of the organization, within the technology environment and business processes. The control activities can be preventive or detective in nature and may entail automated or manual processes such as authentication, authorization, or process evaluation. The control activities establish risk mitigation by an organization's management structure. An example of control activity is the separation of duties, such as making the role of account receivables and payable separate.
The control activities impact the COSO objectives as the activities promote the selection and development of control activities, general controls over technology, and deploy the control activities through procedures and policies (Graham, 2015). The component develops control activities that principally concentrate on risk mitigation, establishing control activities over technology supports the realization of the objectives and the policies define what is expected by all members, processes, and technology.
Information and communication
Information is a key driver to internal control responsibilities and realization of objectives. A company generates quality information from internal and external sources to support other internal control components—factors such as constant communication supports the collection of the necessary information to support the organization's objectives. Internal communication enables a smooth flow of information from the board of directors, senior management to other members across all organization levels. External communication provides relevant information that supports its objectives to external stakeholders. The information and communication component promote the gathering and sharing of information to further support external and internal controls.
Information and communication influence the COSO objectives as it ensures that only relevant information is used and promotes