Running Head: COMMITTEE OF SPONSORING ORGANIZATIONS 1

Committee of Sponsoring Organizations

Student’s name

Institutional affiliation
 COMMITTEE OF SPONSORING ORGANIZATIONS 2

Committee of Sponsoring Organizations (COSO) was initially established to provide the

National Commission with guidelines to prevent fraud in the enterprise financial reporting. The

commission was funded and sponsored by a group of five United States of America private,

professional organizations which were: Financial Executive International (FEI), Institute of

Management Accounting (IMA), American Accounting Organization (AAA), Institute of

Internal Auditors (IIA) and American Institute of Certified Public Accountants (Cai, Ni & Cai,

2014).

The COSO framework enhances the internal control of an organization through outlining

risk management guidelines of an organization. COSO framework aims at enhancing a clear

interrelationship between processes and stakeholders. The COSO framework is appropriate for

internal control undertakings as well as providing the correct external financial reporting.

According to COSO, an effective and efficient internal control system is composed of

five components. The components are incorporated into an enterprise to enable the business to

achieve its objectives, strategies, and mission. The board of directors is a crucial stakeholder

mandated by an organization for all risk oversight, creating a business culture that focuses on

minimizing daily operation risks, and determining risk tolerance levels.

Additionally, the internal control framework provides an organization's risk assessment

and implementation structure based on the enterprise's risk vulnerability. According to COSO,

any organization should define an enterprise risk impact by prioritizing risks and reporting the

processes. Risk is dynamic and requires consistent monitoring to ensure that the organization is

protected from operational risks. The five components of the COSO framework and the impact

they have on the organizations are discussed below.

 COMMITTEE OF SPONSORING ORGANIZATIONS 3

The first component is Control Environment: It is a representation framework of the

enterprise's internal control culture. This component aims to determine whether the enterprise

has a culture of adherence to compliance, discipline, procedures, and tax policies. According to

COSO, an influential culture starts with executive management. Setting a committee reviewing

the performance of CEOs in any organization is critical to the enterprise's risk control.

Therefore, top managers and the board of directors creates a tone on the significance of

internal control and ethical code of conduct. The executive management sets expectations on

various levels of an enterprise. The control environment component has enabled the organization

to retain competent workers with the right code of conduct. Moreover, the managers are

equipped to attract and develop career progress among the employees, who later reduce the

enterprise's level of incompetence.

The component also provides a structure where the employees' performance is measured,

incentives provide when appropriate, and reward on merit to enforce accountability for

performance. Overall, the control environment's impact leads to the accountability of all levels of

an enterprise, which reduces fraud and improves the organization's production.

The second component is risk assessment: due to globalization and advancement in

technology, the organization faces various risks resulting from internal and external forces.

When a risk occurs, it may adversely affect an enterprise's operation, hindering a business from

achieving its goals. Risk assessment is, therefore, a framework meant to identify and assess risk

concerning the achievement of the organization objectives by establishing risk tolerance.

Therefore, risk assessment determines how risk will be managed in case of occurrence. Risk
 COMMITTEE OF SPONSORING ORGANIZATIONS 4

management outlines objectives in different levels of the entity regarding reporting, clarity, and

compliance in identifying and analyzing those objectives.

The main impact of the risk assessment is that the organization data is protected from

interference by an unauthorized entity or an individual. Physical security is also enhanced to

protect tangible organization assets, including internet connectivity.

The third component is control activities: these are activities established through the set

procedure and policies to ensure mitigation measures to reduce or prevent risks by the

management are carried out. The control activities are exercised in all levels of the organization,

including the technological environments.

Control activities may be a detective and preventive, including reconciliations, enterprise

performance reviews, verifications, approvals, and authorizations. Through control activities,

segregation of responsibilities is to build; if segregation of responsibility is not applicable, the

management develops other control activities. The main result of control activities is that crucial

activities in finance cannot be handled by a single individual without the oversight of other

employees hence reducing fraudulent.

The fourth component is Information and communication: sharing of information is an

iterative and continuous process in any organization. Communication facilitates the

dissemination of information throughout the organization. The component enables an

organization to transmit clear information from the top management to control duties and

responsibilities (Klamm & Watson, 2009). Communication helps any organization to maintain a

strong relationship between the internal personnel and the external stakeholders in response to

the enterprise's expectations and requirements.

 COMMITTEE OF SPONSORING ORGANIZATIONS 5

The last component is Monitoring Activities: the component ensures continuous

evaluation meant to consistently ascertain whether the internal control components are present in

the organization and functioning (Cote, 2010). Continuous monitoring of the organization

operations enables a business to scrutinize all the critical areas to ensure any emergency of a

mistake is fixed in time before it can cause losses in the enterprise.

All organizations need to note that any mistake on the technological process can

compromise the operation of the entire business organization and, hence, essential to incorporate

the Information Technology audit in the organization. IT auditing is significant in monitoring

internal control and procedures to keep the enterprises' data secure from external and internal

threats. IT auditing can cover major technical areas in the organization, such as monitoring IT

programs, software, communication channels, network systems, and all the internet gargets

possessed by the employees or the organization.

In my position, I feel it is essential for IT auditors to concentrate on the auditing of the

networks and installed software to monitor risk assessment. Data hackers always look for the

accessible vulnerability of the software and the internet systems. Crucial information can be

distorted, leading to massive loss if not recovered in time. Systems storing finances and the

employees' data like bank accounts need protection to secure illegal fund transfer caused by

hackers, which may lead to massive loss of funds or crucial financial information. Additionally,

software needs to be updated to prevent the organization from using explored outdated software

that is vulnerable to attacks.

The company I would suggest incorporating the internal control framework is a financial

company Security National Bank in Enid. A retired mayor Currier from the bank, a loan officer,
 COMMITTEE OF SPONSORING ORGANIZATIONS 6

was purportedly open sixty-one fraudulent loans. The mayor used nine real individuals and

around eight fictional individuals and stole $6.2 million. The mayor was charged in the court of

law sentenced for thirteen years. The company's failure to segregate duties for crucial activities

created a loophole for money fraudulent. The mayor was the only person responsible for loan

processes in the company. The mayor used false documents to open loans went to the bank to

withdraw money without the oversight of any employee in the organization. The company

should use components of control activities to prevent money fraudulent in the future.

In conclusion, the COSO internal control framework can never be underrated since the

application of the five components in the organization offer a comprehensive framework of the

level of assurance given by the control. The reliability of an organization on the finance level

depends on the adherence to the steps outlined in COSO components. Information based on the

components of COSO reveals enterprise weakness and strengths, which leads to an informed

decision on the organization's operations.

 COMMITTEE OF SPONSORING ORGANIZATIONS 7

References

Cai, D., Ni, N., & Cai, J. (2014). Drawing the COSO bill internal control framework to build a

central enterprise tax-related risk management internal control system.

DOI:10.14257/astl.2014.53.30

Cote, M. (2010). Committee of sponsoring organizations (COSO). Encyclopedia of Information

Assurance, 491-498. DOI:10.1081/e-eia-120046562

Klamm, B. K., & Watson, M. W. (2009). SOX 404 reported internal control weaknesses: A test

of COSO framework components and information technology. Journal of Information

Systems, 23(2), 1-23.