Professional Documents
Culture Documents
Student’s name
Institutional affiliation
COMMITTEE OF SPONSORING ORGANIZATIONS 2
National Commission with guidelines to prevent fraud in the enterprise financial reporting. The
commission was funded and sponsored by a group of five United States of America private,
Internal Auditors (IIA) and American Institute of Certified Public Accountants (Cai, Ni & Cai,
2014).
The COSO framework enhances the internal control of an organization through outlining
interrelationship between processes and stakeholders. The COSO framework is appropriate for
internal control undertakings as well as providing the correct external financial reporting.
five components. The components are incorporated into an enterprise to enable the business to
achieve its objectives, strategies, and mission. The board of directors is a crucial stakeholder
mandated by an organization for all risk oversight, creating a business culture that focuses on
and implementation structure based on the enterprise's risk vulnerability. According to COSO,
any organization should define an enterprise risk impact by prioritizing risks and reporting the
processes. Risk is dynamic and requires consistent monitoring to ensure that the organization is
protected from operational risks. The five components of the COSO framework and the impact
enterprise's internal control culture. This component aims to determine whether the enterprise
has a culture of adherence to compliance, discipline, procedures, and tax policies. According to
COSO, an influential culture starts with executive management. Setting a committee reviewing
the performance of CEOs in any organization is critical to the enterprise's risk control.
Therefore, top managers and the board of directors creates a tone on the significance of
internal control and ethical code of conduct. The executive management sets expectations on
various levels of an enterprise. The control environment component has enabled the organization
to retain competent workers with the right code of conduct. Moreover, the managers are
equipped to attract and develop career progress among the employees, who later reduce the
The component also provides a structure where the employees' performance is measured,
incentives provide when appropriate, and reward on merit to enforce accountability for
performance. Overall, the control environment's impact leads to the accountability of all levels of
technology, the organization faces various risks resulting from internal and external forces.
When a risk occurs, it may adversely affect an enterprise's operation, hindering a business from
achieving its goals. Risk assessment is, therefore, a framework meant to identify and assess risk
Therefore, risk assessment determines how risk will be managed in case of occurrence. Risk
COMMITTEE OF SPONSORING ORGANIZATIONS 4
management outlines objectives in different levels of the entity regarding reporting, clarity, and
The main impact of the risk assessment is that the organization data is protected from
The third component is control activities: these are activities established through the set
procedure and policies to ensure mitigation measures to reduce or prevent risks by the
management are carried out. The control activities are exercised in all levels of the organization,
management develops other control activities. The main result of control activities is that crucial
activities in finance cannot be handled by a single individual without the oversight of other
organization to transmit clear information from the top management to control duties and
responsibilities (Klamm & Watson, 2009). Communication helps any organization to maintain a
strong relationship between the internal personnel and the external stakeholders in response to
evaluation meant to consistently ascertain whether the internal control components are present in
operations enables a business to scrutinize all the critical areas to ensure any emergency of a
All organizations need to note that any mistake on the technological process can
compromise the operation of the entire business organization and, hence, essential to incorporate
internal control and procedures to keep the enterprises' data secure from external and internal
threats. IT auditing can cover major technical areas in the organization, such as monitoring IT
programs, software, communication channels, network systems, and all the internet gargets
networks and installed software to monitor risk assessment. Data hackers always look for the
accessible vulnerability of the software and the internet systems. Crucial information can be
distorted, leading to massive loss if not recovered in time. Systems storing finances and the
employees' data like bank accounts need protection to secure illegal fund transfer caused by
hackers, which may lead to massive loss of funds or crucial financial information. Additionally,
software needs to be updated to prevent the organization from using explored outdated software
The company I would suggest incorporating the internal control framework is a financial
company Security National Bank in Enid. A retired mayor Currier from the bank, a loan officer,
COMMITTEE OF SPONSORING ORGANIZATIONS 6
was purportedly open sixty-one fraudulent loans. The mayor used nine real individuals and
around eight fictional individuals and stole $6.2 million. The mayor was charged in the court of
law sentenced for thirteen years. The company's failure to segregate duties for crucial activities
created a loophole for money fraudulent. The mayor was the only person responsible for loan
processes in the company. The mayor used false documents to open loans went to the bank to
withdraw money without the oversight of any employee in the organization. The company
should use components of control activities to prevent money fraudulent in the future.
In conclusion, the COSO internal control framework can never be underrated since the
application of the five components in the organization offer a comprehensive framework of the
level of assurance given by the control. The reliability of an organization on the finance level
depends on the adherence to the steps outlined in COSO components. Information based on the
components of COSO reveals enterprise weakness and strengths, which leads to an informed
References
Cai, D., Ni, N., & Cai, J. (2014). Drawing the COSO bill internal control framework to build a
DOI:10.14257/astl.2014.53.30
Klamm, B. K., & Watson, M. W. (2009). SOX 404 reported internal control weaknesses: A test
Systems, 23(2), 1-23.