Question

What are the elements of the corporate culture? How do the standards in SAS No. 55 and the work of COSO help to define a strong control environment?

Answer 1

The corporate culture is the set of beliefs that an organization holds and it influences every area of a business. If you are starting a business or running an existing one, the culture that it has is essential to the overall success of your company. Several elements contribute to a strong corporate culture.

Clear Mission

One of the elements of a strong organizational culture is a clear mission and purpose. When a company has a clearly defined mission statement and everyone in the company understands it, this is a sign of a potentially strong culture. Many successful companies know what they are trying to accomplish and are moving in a clear direction. Without this type of guiding mission statement, companies often struggle to find an identity and may not separate themselves from competitors, notes Beryl Cos.' CEO Paul Spiegelman in an article on the Inc. website.

Respect

Another sign of a strong corporate culture is respect among employees. The upper management of a business should treat its lower-level employees with respect and strive to make them happy in their jobs. When employees feel respected by management, they tend to perform better and stay actively engaged in their jobs. When employees and managers do not respect one another, it can lead to a chaotic culture that has a high turnover rate.

Solid Communication

Another common thread found in companies with strong organizational cultures is solid communication. This means that upper-level executives freely communicate with lower-level employees and vice versa. These companies often implement an open-door communication policy with their employees. When a company has good communication between its employees, it can often avoid conflict as employees work through problems they may have. Companies that are not transparent and do not disseminate information well to everyone may have a hard time staying in business.

Superior Performance

While this may not always be the case, many companies with a strong culture also tend to produce superior results. When a culture is strong, it leads to happy employees and happy managers. When communication is strong, it helps departments and employees work together better. With these factors in play, many companies perform better and put out better results.. They produce products with higher-quality and produce at a higher rate than those with a poor culture.

COSO is a widely used and accepted internal control framework in today’s growing corporate governance initiatives. It’s also heavily found in Statement on Auditing Standards No. 70 (SAS 70) audits.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework essentially defines internal control as a process, effected by an entity’s board of directors, management and other personnel. This process is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.

1. Internal control is a process. It is a means to an end, not an end in itself.
2. Internal control is not merely documented by policy manuals and forms. Rather, it is put in by people at every level of an organization.
3. Internal control can provide only reasonable assurance, not absolute assurance, to an entity’s management and board.
4. Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.

What’s notable about the relationship with COSO and SAS 70 are COSO’s framework for internal control, which consists of the following five (5) broad based themes:

1. Control Environment
2. Control Activities
3. Risk Assessment
4. Information and Communication
5. Monitoring

Many SAS 70 Type I and Type II audit reports will discuss, in narrative form, these above five areas and how they relate to the organization undergoing the SAS 70 audit and what specific controls they have in place in relation to these five areas.

And let’s not forget the Statement on Auditing Standards (SAS pronouncements) that help bring these five internal control themes to light.

In 1988, the American Institute of Certified Public Accountants (AICPA) issued SAS 55, which describes internal control in terms of its three major components: control environment, accounting system, and control procedures. Shortly thereafter, the Committee of Sponsoring Organizations (COSO) released the following: Internal Control: Integrated Framework, in which internal control was characterized as five components: control environment, control activities, risk assessment, information and communication, and monitoring.

Thus, in 1995, the AICPA adopted COSO’s definition and it’s five components of internal control, issuing SAS No. 78 to supplement SAS No. 55.

So, you should be able to now clearly see the relationship with SAS 70 and COSO and the relationship with SAS 70 and other SAS pronouncements, specifically, SAS 55 and SAS 78.