Running Head: COMMITTEE OF SPONSORING ORGANIZATIONS 1

Committee of Sponsoring Organizations

Student’s name

Institutional affiliation
 COMMITTEE OF SPONSORING ORGANIZATIONS 2

Committee of Sponsoring Organizations (COSO) was initially established to provide the

National Commission with guidelines to prevent fraud in the enterprise financial reporting. The

commission was funded and sponsored by a group of five United States of America private,

professional organizations which were: Financial Executive International (FEI), Institute of

Management Accounting (IMA), American Accounting Organization (AAA), Institute of

Internal Auditors (IIA) and American Institute of Certified Public Accountants.

The COSO framework enhances the internal control of an organization through outlining risk

management guidelines of an organization. COSO framework aims at enhancing a clear

interrelationship between processes and stakeholders. The COSO framework is appropriate for

internal control undertakings as well as providing the correct external financial reporting.

According to COSO, an effective and efficient internal control system is composed of five

components. The components are incorporated into an enterprise to enable the business to

achieve its objectives, strategies, and mission. The board of directors is a key stakeholder who is

mandated by an organization for all risk oversight, creating a business culture that focuses on

minimizing daily operation risks, and determining risk tolerance levels.

Additionally, the internal control framework provides an organization's risk assessment and

implementation structure based on the enterprise's risk vulnerability. According to COSO, any

organization should define an enterprise risk impact by prioritizing risks and reporting the

processes. Risk is dynamic and requires consistent monitoring to ensure that the organization is

protected from operational risks. The five components of the COSO framework and the impact

they have on the organizations are discussed below.

 COMMITTEE OF SPONSORING ORGANIZATIONS 3

The first component is Control Environment: It is a representation framework of the enterprise's

internal control culture. This component aims to determine whether the enterprise has a culture

of adherence to compliance, discipline, procedures, and tax policies. According to COSO, an

influential culture starts with executive management. Setting a committee reviewing the

performance of CEOs in any organization is critical to the enterprise's risk control.

Therefore, top managers and the board of directors creates a tone on the significance of internal

control and ethical code of conduct. The executive management sets expectations on various

levels of an enterprise. The control environment component has enabled the organization to

retain competent workers with the right code of conduct. Moreover, the managers are equipped

to attract and develop career progress among the employees, who later reduce the enterprise's

level of incompetence. The component also provides a structure where the employees'

performance is measured, incentives provide when appropriate, and reward on merit to enforce

accountability for performance. Overall, the impact of the control environment leads to the

accountability of all levels of an enterprise, which reduces fraud and improves the production of

the organization.

The second component is risk assessment: due to globalization and advancement in technology,

the organization faces various risks resulting from internal and external forces. When a risk

occurs, it may adversely affect an enterprise's operation, hindering a business from achieving its

goals. Risk assessment is, therefore, a framework meant to identify and assess risk concerning

the achievement of the organization objectives by establishing risk tolerance. Therefore, risk

assessment determines how risk will be managed in case of occurrence. Risk management

outlines objectives in different levels of the entity regarding reporting, clarity, and compliance in

identifying and analyzing those objectives.

 COMMITTEE OF SPONSORING ORGANIZATIONS 4

The main impact of the risk assessment is that the organization data is protected from

interference by an unauthorized entity or an individual. Physical security is also enhanced to

protect tangible organization assets, including internet connectivity.

The third component is control activities: these are activities established through the set

procedure and policies to ensure mitigation measures to reduce or prevent risks by the

management are carried out. The control activities are exercised in all levels of the organization,

including the technological environments. Control activities may be a detective and preventive,

including reconciliations, enterprise performance reviews, verifications, approvals, and

authorizations. Through control activities, segregation of responsibilities is to build; if

segregation of responsibility is not applicable, the management develops other control activities.

The main result of control activities is that crucial activities in finance cannot be handled by a

single individual without the oversight of other employees hence reducing fraudulent.

The fourth component is Information and communication: sharing of information is an iterative

and continuous process in any organization. Communication facilitates the dissemination of

information throughout the organization. The component enables an organization to transmit

clear information from the top management to control duties and responsibilities.

Communication helps any organization to maintain a strong relationship between the internal

personnel and the external stakeholders in response to the enterprise's expectations and

requirements.

The last component is Monitoring Activities: the component ensures continuous evaluation

meant to consistently ascertain whether the internal control components are present in the

organization and functioning. Continuous monitoring of the organization operations enables a

 COMMITTEE OF SPONSORING ORGANIZATIONS 5

business to scrutinize all the critical areas to ensure any emergency of a mistake is fixed in time

before it can cause losses in the enterprise.

All organizations need to note that any mistake on the technological process can compromise the

operation of the entire business organization and, hence, essential to incorporate the Information

Technology audit in the organization. IT auditing is significant in monitoring internal control and

procedures to keep the enterprises' data secure from external and internal threats. IT auditing can

cover major technical areas in the organization, such as monitoring IT programs, software,

communication channels, network systems, and all the internet gargets possessed by the

employees or the organization.

In my position, I feel it is essential for IT auditors to concentrate on the auditing of the networks

and installed software to monitor risk assessment. Data hackers always look for the accessible

vulnerability of the software and the internet systems. Crucial information can be distorted,

leading to massive loss if not recovered in time. Systems storing finances and the employees'

data like bank accounts need protection to secure illegal fund transfer caused by hackers, which

may lead to massive loss of funds or crucial financial information. Additionally, software needs

to be updated to prevent the organization from using explored outdated software that is

vulnerable to attacks.

The company I would suggest incorporating the internal control framework is a financial

company Security National Bank in Enid. A retired mayor Currier from the bank, a loan officer,

was purportedly open sixty-one fraudulent loans. The mayor used nine real individuals and

around eight fictional individuals and stole $6.2 million. The mayor was charged in the court of

law sentenced for thirteen years. The company's failure to segregate duties for crucial activities
 COMMITTEE OF SPONSORING ORGANIZATIONS 6

created a loophole for money fraudulent. The mayor was the only person responsible for loan

processes in the company. The mayor used false documents to open loans went to the bank to

withdraw money without the oversight of any employee in the organization. The company

should use components of control activities to prevent money fraudulent in the future.

In conclusion, the COSO internal control framework can never be underrated since the

application of the five components in the organization offer a comprehensive framework of the

level of assurance given by the control. The reliability of an organization on the finance level

depends on the adherence to the steps outlined in the components of COSO. Information based

on the components of COSO reveals enterprise weakness and strengths, which leads to an

informed decision on the organization's operations.

 COMMITTEE OF SPONSORING ORGANIZATIONS 7

References

References

Cai, D., Ni, N., & Cai, J. (2014). Drawing the COSO bill internal control framework to build a

central enterprise tax-related risk management internal control system.

DOI:10.14257/astl.2014.53.30

The COSO internal control framework. (2015). Brink's Modern Internal Auditing, 27-58.

DOI:10.1002/9781119180012.ch3

Cote, M. (2010). Committee of sponsoring organizations (COSO). Encyclopedia of Information

Assurance, 491-498. DOI:10.1081/e-eia-120046562