Professional Documents
Culture Documents
Running Head: Committee of Sponsoring Organizations 1
Running Head: Committee of Sponsoring Organizations 1
Student’s name
Institutional affiliation
COMMITTEE OF SPONSORING ORGANIZATIONS 2
National Commission with guidelines to prevent fraud in the enterprise financial reporting. The
commission was funded and sponsored by a group of five United States of America private,
The COSO framework enhances the internal control of an organization through outlining risk
interrelationship between processes and stakeholders. The COSO framework is appropriate for
internal control undertakings as well as providing the correct external financial reporting.
According to COSO, an effective and efficient internal control system is composed of five
components. The components are incorporated into an enterprise to enable the business to
achieve its objectives, strategies, and mission. The board of directors is a key stakeholder who is
mandated by an organization for all risk oversight, creating a business culture that focuses on
Additionally, the internal control framework provides an organization's risk assessment and
implementation structure based on the enterprise's risk vulnerability. According to COSO, any
organization should define an enterprise risk impact by prioritizing risks and reporting the
processes. Risk is dynamic and requires consistent monitoring to ensure that the organization is
protected from operational risks. The five components of the COSO framework and the impact
internal control culture. This component aims to determine whether the enterprise has a culture
influential culture starts with executive management. Setting a committee reviewing the
Therefore, top managers and the board of directors creates a tone on the significance of internal
control and ethical code of conduct. The executive management sets expectations on various
levels of an enterprise. The control environment component has enabled the organization to
retain competent workers with the right code of conduct. Moreover, the managers are equipped
to attract and develop career progress among the employees, who later reduce the enterprise's
level of incompetence. The component also provides a structure where the employees'
performance is measured, incentives provide when appropriate, and reward on merit to enforce
accountability for performance. Overall, the impact of the control environment leads to the
accountability of all levels of an enterprise, which reduces fraud and improves the production of
the organization.
The second component is risk assessment: due to globalization and advancement in technology,
the organization faces various risks resulting from internal and external forces. When a risk
occurs, it may adversely affect an enterprise's operation, hindering a business from achieving its
goals. Risk assessment is, therefore, a framework meant to identify and assess risk concerning
the achievement of the organization objectives by establishing risk tolerance. Therefore, risk
assessment determines how risk will be managed in case of occurrence. Risk management
outlines objectives in different levels of the entity regarding reporting, clarity, and compliance in
The main impact of the risk assessment is that the organization data is protected from
The third component is control activities: these are activities established through the set
procedure and policies to ensure mitigation measures to reduce or prevent risks by the
management are carried out. The control activities are exercised in all levels of the organization,
including the technological environments. Control activities may be a detective and preventive,
segregation of responsibility is not applicable, the management develops other control activities.
The main result of control activities is that crucial activities in finance cannot be handled by a
single individual without the oversight of other employees hence reducing fraudulent.
clear information from the top management to control duties and responsibilities.
Communication helps any organization to maintain a strong relationship between the internal
personnel and the external stakeholders in response to the enterprise's expectations and
requirements.
The last component is Monitoring Activities: the component ensures continuous evaluation
meant to consistently ascertain whether the internal control components are present in the
business to scrutinize all the critical areas to ensure any emergency of a mistake is fixed in time
All organizations need to note that any mistake on the technological process can compromise the
operation of the entire business organization and, hence, essential to incorporate the Information
Technology audit in the organization. IT auditing is significant in monitoring internal control and
procedures to keep the enterprises' data secure from external and internal threats. IT auditing can
cover major technical areas in the organization, such as monitoring IT programs, software,
communication channels, network systems, and all the internet gargets possessed by the
In my position, I feel it is essential for IT auditors to concentrate on the auditing of the networks
and installed software to monitor risk assessment. Data hackers always look for the accessible
vulnerability of the software and the internet systems. Crucial information can be distorted,
leading to massive loss if not recovered in time. Systems storing finances and the employees'
data like bank accounts need protection to secure illegal fund transfer caused by hackers, which
may lead to massive loss of funds or crucial financial information. Additionally, software needs
to be updated to prevent the organization from using explored outdated software that is
vulnerable to attacks.
The company I would suggest incorporating the internal control framework is a financial
company Security National Bank in Enid. A retired mayor Currier from the bank, a loan officer,
was purportedly open sixty-one fraudulent loans. The mayor used nine real individuals and
around eight fictional individuals and stole $6.2 million. The mayor was charged in the court of
law sentenced for thirteen years. The company's failure to segregate duties for crucial activities
COMMITTEE OF SPONSORING ORGANIZATIONS 6
created a loophole for money fraudulent. The mayor was the only person responsible for loan
processes in the company. The mayor used false documents to open loans went to the bank to
withdraw money without the oversight of any employee in the organization. The company
should use components of control activities to prevent money fraudulent in the future.
In conclusion, the COSO internal control framework can never be underrated since the
application of the five components in the organization offer a comprehensive framework of the
level of assurance given by the control. The reliability of an organization on the finance level
depends on the adherence to the steps outlined in the components of COSO. Information based
on the components of COSO reveals enterprise weakness and strengths, which leads to an
References
References
Cai, D., Ni, N., & Cai, J. (2014). Drawing the COSO bill internal control framework to build a
DOI:10.14257/astl.2014.53.30
The COSO internal control framework. (2015). Brink's Modern Internal Auditing, 27-58.
DOI:10.1002/9781119180012.ch3