Question

In: Accounting

Discuss how the COSO's Enterprise Risk Management — Integrated Framework relates to internal Control for Technology

Discuss how the COSO's Enterprise Risk Management — Integrated Framework relates to internal Control for Technology

Solutions

Expert Solution

Internal control is an integral part of enterprise risk management. This enterprise risk management framework encompasses internal control, forming a more robust conceptualization and tool for management. Internal control is defined and described in Internal Control – Integrated Framework. Because that framework has stood the test of time and is the basis for existing rules, regulations, and laws, that document remains in place as the definition of and framework for internal control. While only portions of the text of Internal Control – Integrated Framework are reproduced in this framework, the entirety of that framework is incorporated by reference into this one.

There have been a wide variety of frameworks utilized across companies and across countries. Some of these focus narrowly on risk management (rather than enterprise risk management). Others focus on specific industries or specific types of risk. In addition, many of these focus on mechanisms for reducing — rather than managing — risk. By contrast, the COSO Enterprise Risk Management – Integrated Framework addresses enterprise risk management applicable to all industries and encompassing all types of risk. Moreover, the framework recognizes that an effective enterprise risk management process must be applied within the context of strategy setting. This is a fundamental difference from most risk models used to date. It starts with the top of the organization and supports an organization’s major mission. In addition, many of the pre-existing frameworks stood by themselves, and thus tended to be implemented within functions. As a result, many risk management practices have been implemented in silos (i.e., in one part or one function, of the organization). Consequently, risk management may be done very well in one section, but not consider how actions of other parts of the organization affect their risks, or it might not capture the overall significant risks that the organization faces. The Enterprise Risk Management – Integrated Framework presents an enterprise-wide perspective of risk and standardizes terms and concepts to promote effective implementation across the organization.

There are natural linkages between enterprise risk management, improved financial reporting and transparency. The Enterprise Risk Management – Integrated Framework requires that organizations establish a risk appetite, measure actions and decisions against that risk appetite and communicate results. Communication of enterprise risk management to users of financial information clearly enhances transparency.The Enterprise Risk Management – Integrated Framework requires feedback of information from throughout the company. This information must be current and accurate and must be robust enough to support the analysis of different risk responses. Therefore, the technology that provides this data must have the highest levels of integrity and controls. Enterprise risk management cannot be effective if the technology that provides the data used to manage risk is flawed. Controls related to technology, also referred to as general computer controls, were also discussed in the Internal Control – Integrated Framework.

The Internal Control – Integrated Framework is conceptually sound and has stood the test of time. The Enterprise Risk Management – Integrated Framework is a broader framework that incorporates the internal control framework within it. In other words, one approach to risk is to develop controls to mitigate the risks. The frameworks are compatible and are based on the same conceptual foundation. We believe the consistent conceptual underpinnings are a major strength of the two models. Appendix C of the Enterprise Risk Management – Integrated Framework provides a detailed discussion of the relationship to Internal Control – Integrated Framework.The Enterprise Risk Management – Integrated Framework requires feedback of information from throughout the company. This information must be current and accurate and must be robust enough to support the analysis of different risk responses. Therefore, the technology that provides this data must have the highest levels of integrity and controls. Enterprise risk management cannot be effective if the technology that provides the data used to manage risk is flawed. Controls related to technology, also referred to as general computer controls, were also discussed in the Internal Control – Integrated Framework.

A strong system of internal control supports the achievement of the organization’s business objectives and therefore good internal control is a way of managing risk. However, enterprise risk management is much broader than internal control. In addition to supporting management’s efforts to achieve business objectives, it aligns risk management with strategy setting and aids a company’s ability to assess whether the organization is accepting risk appropriately.

Thank you.


Related Solutions

Enterprise Risk Management. The enterprise risk management (ERM) framework was developed by COSO to provide managers...
Enterprise Risk Management. The enterprise risk management (ERM) framework was developed by COSO to provide managers a formalized methodology to evaluate risk in their businesses. Required: Explain how management would use the ERM framework to manage business risk.
The purpose of the COSO Enterprise Risk Management framework is A) to improve the organization's risk...
The purpose of the COSO Enterprise Risk Management framework is A) to improve the organization's risk management process. B) to improve the organization's financial reporting process. C) to improve the organization's manufacturing process. D) to improve the organization's internal audit process
Explain COSO internal control-integrated framework? Give example of Saudi organizations that uses COSO framework? (write with...
Explain COSO internal control-integrated framework? Give example of Saudi organizations that uses COSO framework? (write with max 200 words with evidence in your own words) Accounting Information System
What is COSO? Describe the five elements of COSO's Internal Control - Integrated framework. Provide an...
What is COSO? Describe the five elements of COSO's Internal Control - Integrated framework. Provide an example of each of those components and explain why they are important in providing "Reliable Financial Reporting" for a company.
Explain how the risk management framework relates to processes: Lead and establish accountability Align and integrate...
Explain how the risk management framework relates to processes: Lead and establish accountability Align and integrate Allocate resources Communicate and report
Explain Risk Response, one of the 8 interrelated risk and control components of enterprise risk management...
Explain Risk Response, one of the 8 interrelated risk and control components of enterprise risk management . (You’ll need to write about 5 sentences.)
How can risk management be integrated into corporate culture?
How can risk management be integrated into corporate culture?
Describe five crucial components of the COSO Framework: Internal Environment (Control Environment), Risk Assessment, Control Activities,...
Describe five crucial components of the COSO Framework: Internal Environment (Control Environment), Risk Assessment, Control Activities, Information and Communication, and Monitoring. Explain what is included in the component and how that component impacts the rest of the internal control system (i.e., the other four components). Please help me to answer this question.
Describe the internal control principle of “Risk Assessment” as presented in COSO’s 2013 Framework, SOX 2002...
Describe the internal control principle of “Risk Assessment” as presented in COSO’s 2013 Framework, SOX 2002 Sections 404 & 302, and PCAOB’s AS 5. Compare the internal control effectiveness of the Internal Control-Integrated Framework issued by COSO, the Sarbanes-Oxley Act of 2002, Section 404 “Internal Control over Financial Reporting Requirements”, and PCAOB’s AS 5 “an Audit of Internal Control over Financial Reporting that is integrating with an Audit of Financial Statements.”
Discuss enterprise risk management (ERM) in its most current form and how it has evolved to...
Discuss enterprise risk management (ERM) in its most current form and how it has evolved to assess risk management in today's environment.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT