COSO Principle 11 – Selects & Develops GCCs

For many organizations, implementing effective technology general controls over financial reporting to satisfy the requirements of SOX was challenging. As the landscape has become more challenging due to PCI, HIPPA, Dodd-Frank, hacking/cybersecurity and other requirements it becomes clear that financial reporting is the tail that wags the dog. Beyond financial fraud threats, it appears some of the most significant IT threats are more likely to cause financial loss through theft, fines, and other compensation with this loss then presented in financial reports.

Continue Reading »

COSO Principle 10 – Selects & Develops Control Activities

“The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.” (COSO Principle 10 – Selects & Develops Control Activities COSO Framework) is the first of the three principles relating to the Control Activities component of internal control.  The COSO authors go on to […]

Continue Reading »