COSO Consulting Services
Our Consulting Services:
Several audits are narrow in scope by their nature. However, operational audit concept is unlimited by design. It tends to cover everything that may not have been addressed by SOX and other more focused audits that only look at high risks and financial statement data. Such audits tend to cover about 10% of all the actual internal controls of a given audit universe. COSO Framework, on the other hand looks at the overall internal controls structure. Therefore if an Internal Audit department has not implemented operational audit concept, 80% of the auditable areas in the organization is not being addressed. Our professional competence is the cornerstone of our organization. As a result, as COSO subject matter experts, we offer the following professional services that will assist your organization in COSO services.
· Implementation of a COSO framework for your Internal Audit department which will form the foundation of your operational Audit program.
· Provide a customized COSO training program for your Internal Audit department.
· Develop the Risk Control Matrix (RCM) using the five components of COSO for your operational audits.
· Conduct Operational audits on outsourced or co-sourced basis.
· If you have implemented a COSO operational audit for your department, General Master will evaluate the program for appropriateness and possible improvements.
COSO is an acronym for The Committee of Sponsoring Organizations of the Treadway Commission. It was originally formed in 1985 in response to various financial reporting frauds.
The Sponsoring Organizations include:
American Accounting Association, American Institute of Certified Public Accountants, Financial Executives International, the Institute of Internal Auditors and the Institute of Management Accountants. The framework was specifically approved by the SEC as an appropriate standard of internal control for U.S. companies to use as a benchmark in connection with Sarbanes Oxley.
The COSO Internal Control Framework provides guidance to company’s managers and internal auditors on standards of good management practice.
The COSO Framework focuses heavily on the things that influence human behavior, and thus impact the effectiveness of employees on the job.
The COSO model expands the focus of Internal Audit to the entire management process as opposed to only detailed level transaction controls.
By utilizing the COSO model, Internal Audit can develop audit recommendations that focus on the root cause of control deficiencies.
Importance of the COSO Framework:
· The COSO Internal Control Framework provides common sense standards of good management practice that will help your organization to achieve its business objectives.
· The Corporate Internal Audit Department conducts operational internal audits based on this standard, which presents auditors with the challenge of evaluating how management is actually managing a business process or function.
· COSO recognizes that internal controls are dependent on People.
What is Internal Control?
Internal control is a process established and implemented by the Board of Directors, management, and other employees that provides reasonable assurance that a given Company will achieve its Business Objectives in the following areas:
· Effectiveness and Efficiency of Operations
· Reliability of Financial Reporting
· Compliance with Applicable Laws and Regulations
· Safeguarding of Corporate Assets
How Does Internal Control Impact the Business Operations of your Company?
· Internal Control is the sum total of the activities, plans, attitudes, policies, and efforts of all employees, and the systems and processes that they manage, working together to provide reasonable assurance that the company will achieve its business objectives.
· Internal Control should be a basic built in component of all business processes and functions of your organization, and thus an important and fundamental responsibility of all managers, from the Board of Directors down to first level supervisors.
· An Internal Control can be viewed as any resource, policy, or process established by management that supports the achievement of your Company’s business objective.
Under the COSO Framework the Internal Control Process consists of the following five components:
· Control Environment
· Risk Assessment
· Information and Communication
· Control Activities
· Monitoring
The Control Environment component:
· Sets the tone of the organization, and influences the corporate culture
· Management’s philosophy and operating style
· Integrity and ethical values
· Commitment to competence
· Organizational structure
· Assignment of authority and responsibility
· Human resource policies and procedures
· This internal control component is the foundation for all internal control at your company.
The Risk Assessment component:
· Management sets formal business objectives for the process or function.
· Management has a planning process that identifies and addresses risks and changes in the internal and external environments that could negatively impact the achievement of business objectives.
· Planning may include things like the annual budget process, periodic management meetings, etc.
· When management identifies a risk, event, or change that could negatively impact the achievement of objectives, actions are taken to mitigate and manage the risk and exposure to your organization.
Control Activities Component:
· Control Activities are the process level operating policies and procedures established by management to manage and mitigate risks that could prevent the achievement of business objectives.
· Control Activities are the preventive, detective, and corrective controls that ensure that a business process does what it is supposed to do.
· Control Activities can be applied to all operations of your company such as:
– Corporate processes and functions
– Divisional processes and functions
– Cost centers within the company
– Processes that involve both Corporate and the sub-division
– IT operations and business applications throughout the company
The Information and Communication component:
· A manager must have the right information at the right time to make the right decisions to effectively manage a business process or function.
· Employees should receive sufficient information necessary for the effective performance of their jobs.
· Information should flow up, down, sideways, etc. to wherever it is needed in the organization to support the achievement of business objectives.
The Monitoring component:
· Monitoring is any procedure used to monitor the internal controls and performance of an area of the business.
· A good manager monitors the business process or function that he/she is responsible for to determine if it is meeting its business objectives.
· If the monitoring process indicates that objectives are not being met, the manager takes corrective action to fix problems and improve the ongoing performance of the process/function so that objectives will be met.
To obtain more information about our COSO services, please complete the following form and select areas of interest. One of our staff will contact you shortly with a response.
|
