Question

In Chapter 3 you learned about COSO's internal control framework. In this chapter, we took a look at COSO's enterprise risk management framework. COSO went to great lengths to explain why the ERM framework was needed and how it relates to the internal control framework. Read their explanation at the COSO web site. Open your browser and type the address as www.coso.org There is a thought paper on the home page you may find helpful.

Are both frameworks needed? Do both frameworks add value to organizations? Justify your responses.

Your initial post should contain at least 8 sentences. Your replies to classmates should contain at least 4 sentences.

Answer 1

1. The Committee of Sponsoring Organisation ('COSO') was set in 1980 up by Private organisations to study the factors that lead to fradulent financial reporting. Their study reveal that most of fradulent reporting is happening due to ineffectiveness of internal control.
2. In 1992, COSO issued Internal Control - Integrated Framework to assist organisations in developing comprehensive assessment of effective internal control. This was further updated in 2013.
3. It is used by the Management and Board of Directors to get understand of what is effective internal control and also gives insights of how it is applied within the organisations
4. Components of this frameworks are control enviornment, risk assessment, control activities, information & communication and monitoring. These all components work towards achieving operation, reporting and compliance objectives of the organisation
5. In addition to Internal Control framework, COSO also felt need to develop appropriate framework for assessment of risk and hence they issued "Enterprise Risk Management (ERM) framework to assist Business in developing comprehensive response to risk management.
6. While both framework are deal with same issue .... to strengthen internal control effectiveness, ERM goes one step ahead and help in managing the business risk. Focus of ERM to also cover strategic objectives in addition to objectives as covered by internal control framework.
7. Thus ERM focus on broader aspects. At the same time, internal control's other components help in building efffectiveness of internal control, both frameworks are as important for setting and implementation of efffective system of internal control.
8. ERM deals with risk by identifyng the events affecting the organisations, identify risk of each event and evaluate it throgh its likelyhood and its severity, develop risk response by either a) avoiding the risk, b) reducing the risk; c) sharing of the risk or d) Accepting the risk. For each risk response, specific action is identified.
9. While COSO Internal Control framework also involve risk assessment, ERM framework provide more detailed and effectual risk assessment. Since ERM involve a detailed action plan, it becomes costly for implementation than regular internal control framework and therefore, both frameworks are required as of today.