Abstract
The Committee of Sponsoring Organizations (COSO) is a collaboration of five organizations advocating for other firms to embrace a framework of contemporary financial accounting practices (Wood, Brown & Howe, 2014). In this regard, COSO emphasizes on strong internal control systems for businesses vulnerable to risks and fraud. COSO identifies components of an effective internal control system to be used by managers, auditors and accountants. COSO’s five components of internal control system exhibit the importance of maintaining accountability by protecting assets using modern information technology and communication strategies (Moeller, 2011).
The five components of internal control systems illustrate the importance of the same for businesses that seek to remain competitive and financially sound. The change of the COSO’s framework in 2013 signifies the importance of reviewing business practices and embracing new ones. In fact, COSO’s new framework as multiyear project deemed at reviewing, refreshing and modernizing public accounting practices. Nevertheless, the new developments are based on emerging markets issues such as globalization, the increased need for shared and outsourced services (McNally, 2013). From this perspective, COSO has constantly reviewed the internal control system framework from 1992 to 2013 as a sign of embracing change (Moeller, 2011). The paper discusses COSO, internal control system framework, and changes to the same in 2013.
Internal control system and its importance in organizations
Internal control systems include policies and procedures required in managing operations, especially in financial accounting (Gelinas, Dull & Wheeler, 2011). Internal control systems entail stipulated standards of practice. Moreover, the internal control systems can be described as laws that help organizations comply with federal, state and local regulations. Goals and objectives of a business organization or financial department are part of internal control systems. Assets and financial information structures that facilitate communication within the organization provides the aspect of internal control. Finally, principles, values and code of ethics are integral elements of the internal control system. It is important to note that internal control systems are implemented by the Board of Directors, the management and financial experts.
The importance of internal control systems is critical in improving an organization’s efficiency, especially in financial activities (Gelinas, Dull & Wheeler, 2011). An effective internal control system is integral in assuring the organization’s stakeholders that financial operations are conducted in an efficient manner. In this regard, internal financial systems play a crucial role in facilitating the accuracy and reliability of financial reporting. Protecting organizational assets is the responsibility of internal control systems. From this aspect, organizational assets are accounted for in case of loss or fraud. Effective internal control systems emphasize the need to comply with federal, state and local laws and regulations on financial accounting. For example, the control systems ensure that accountants comply with auditing standards and Sarbanes-Oxley Act of 2002.
Auditors and accountants concerns
Auditors and accountants concern over effective internal control systems is driven by the importance of protecting an organization’s financial resources (Gelinas, Dull & Wheeler, 2011). It is the mandate of the auditors and accountants to account for financial resources in terms of loss, waste and fraud. Moreover, auditors and accountants are expected to present financial reports that are accurate and reliable. Apparently, the presentation of false data implies acts of fraud, forgery and incompetence (Gelinas, Dull & Wheeler, 2011).
In this context, misrepresentation of accounting data can have a detrimental impact on the organization, especially during decision-making processes. Therefore, auditors and accountants prefer having an effective internal control system that promotes efficiency. In addition, the internal control system should aid auditors and accountants in adhering to financial management policies. In any case, it is in the interest of auditors and accountants to ensure that the organization’s financial objectives are achieved through the internal control system.
COSO internal control framework components
Control environment
An effective control environment involves the promotion of integrity among managers, auditors and accountants (Wood, Brown & Howe, 2014). Moreover, the controlled environment encourages the investigation of accounting discrepancies in financial reports. Moreover, the control environment involves a designed system with delegated duties and responsibilities. The control environment is facilitated by effective communication strategies and professional attitude among accountants. A controlled environment is characterized by a management philosophy and a designed operation style.
Risk assessment
The risk assessment component involves identifying risks within the organization. The risk assessment process identifies areas where the great impact may be evidenced (Wood, Brown & Howe, 2014). In addition, this component identifies the risks involved and the respective impact on the organization’s financial system and performance. From this perspective, the organization establishes the efforts and controls required in minimizing risks. The risk assessment is better understood through a cost-benefit analysis.
Control activities
Control activities are the subject of the organization’s internal systems. From this perspective, the component addresses issues of policies and procedures to be followed by the management, auditors and accountants. In any case, the control activities are responsible for the protection of the organization’s assets (Wood, Brown & Howe, 2014). Control activities include approvals, duties and verifications. Moreover, control activities are operated either automatically or manually.
Information and communication
This component involves generating information required by the financial management personnel. From this information generation, communication strategies and responsibilities are developed to facilitate operations of the internal control system. Major activities that characterize this component include employee training and assigning of duties (Wood, Brown & Howe, 2014). Communication at this stage promotes good working relationships among the employees. Through information and communication, organizational problems are identified and solved amicably.
Monitoring
Monitoring involves constant reviewing of the internal control activities. A periodic assessment of the systems provides the management with assurance that the organization is performing at the required capacity (Wood, Brown & Howe, 2014). Through monitoring, the management initiates corrective measures in case of a problem. Nevertheless, monitoring is an ongoing process aimed at improving the design and operations of internal control systems.
Importance of the COSO framework
The COSO framework is guidance and means of achieving the organizational goals. A framework is an operation tool for people at all levels of the organization work towards a common goal (Gelinas, Dull & Wheeler, 2011). By using the COSO framework, managers, auditors and accountants are provided with a reasonable assurance of the competence and capability for the internal control systems. Over the years, COSO has proved to be an important element in emphasizing the significance of internal control phenomenon among businesses, accountants and auditors. COSO’s framework addresses changes in business practices, especially in technology, accounting and global markets (PricewaterhouseCoopers, 2014). From this perspective, firms, auditors and accountants are able to establish internal control systems to align organizational practices with new standards. Therefore, achieving organizational goals through reporting and compliance with new laws and regulations is made effective (PricewaterhouseCoopers, 2014).
COSO’s main changes in the 2013 framework update
The COSO 2013 framework has included 17 new principles to the five previous components (Wood, Brown & Howe, 2014). For example, the control environment now includes independence of management and oversight over internal control activities. The risks assessment is to involve fraud as part of evaluating the organization against goal achievement. In addition, control activities are to be developed for risk mitigation and achievement of objectives. Information and communication component is to include external parties in managing internal control systems. Finally, monitoring is to ensure control deficiencies are communicated to the stakeholders, especially the senior management and board of directors.
However, “COSO’s new framework is still the same in terms of the materiality concept” (The Updated COSO Internal Control Framework, 2013, p.3). The main changes are geared toward establishing a broad-based compliance framework (Protiviti, 2013). Therefore, the 17 principles named are explicitly broadened to emphasize the significance of internal control’s fundamental concepts (DeLoach & Kawashima, 2013).
COSO framework in companies’ internal control processes
Through COSO’s new changes, organizations should gain confidence in financial matters by reflecting on the current environment and develop flexible and customized business objectives (Wood, Brown & Howe, 2014). COSO’s new change should help organizations remove bottlenecks by identifying problems and keeping up with changes in the business world. New changes in COSO help organizations gain control through people and technology. In fact, organizations are expected to reduce risks associated with business operations to acceptable levels that allow achieving of goals. Therefore, an effective managerial judgement is crucial in reducing deficiencies in internal control systems (Assurance Services, 2013). Finally, organizations can apply internal control systems to deliver objectives effectively and efficiently.
References
Assurance Services. (2013). Dataline: COSO issues the updated internal control-integrated framework and related illustrative documents (No. 2013-09). Web.
DeLoach, J. & Kawashima, K. (2013). COSO 2013: What’s new, what’s changed, why does it matter and other FAQs. Web.
Gelinas, U., Dull, R. & Wheeler, P. (2011). Accounting information systems. Boston, MA: Cengage Learning. Web.
McNally, S. (2013). The 2013 COSO framework & SOX compliance. Web.
Moeller, R. R. (2011). COSO enterprise risk management: establishing effective governance, risk, and compliance (GRC) processes. Hoboken, NJ: John Wiley & Sons. Web.
PricewaterhouseCoopers. (2014). Committee of Sponsoring Organizations of the treadway commission (COSO). Web.
Protiviti. (2013). The updated COSO internal control framework. Frequently asked questions. Web.
Wood, J., Brown, W. & Howe, H. (2014). IT auditing and application controls for small and mid-sized enterprises: revenues, expenditure, inventory, payroll, and more. Hoboken, NJ: John Wiley & Sons. Web.