COSO Principle 14 – Communicates Internally

Technology to enable communication of objectives, expectations, roles, policy and procedures is available and essential to the modern organization. Technology to manage execution of internal controls should be viewed more broadly as technology to ensure execution against organizational objectives with effective internal controls as a consequence of execution. Cascading strategic objectives to operational and compliance objectives can be actuated in many available GRC solutions.

Continue Reading »

COSO Principle 13 – Obtain/Generate Information to Support Internal Control

Compliance teams should seek a role in developing new technology to automate and capture control-based information to improve processes and the functioning of internal control. As Paul Ford makes clear in the recent published Bloomberg Businessweek Code Issue , we must understand the technology to effectively utilize our hard-earned expertise to develop transformative solutions for our clients and/or organizations.

Continue Reading »

COSO Principle 11 – Selects & Develops GCCs

For many organizations, implementing effective technology general controls over financial reporting to satisfy the requirements of SOX was challenging. As the landscape has become more challenging due to PCI, HIPPA, Dodd-Frank, hacking/cybersecurity and other requirements it becomes clear that financial reporting is the tail that wags the dog. Beyond financial fraud threats, it appears some of the most significant IT threats are more likely to cause financial loss through theft, fines, and other compensation with this loss then presented in financial reports.

Continue Reading »

COSO Principle 10 – Selects & Develops Control Activities

“The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.” (COSO Principle 10 – Selects & Develops Control Activities COSO Framework) is the first of the three principles relating to the Control Activities component of internal control.  The COSO authors go on to […]

Continue Reading »

COSO Principle 9 – Identify & Assess Significant Changes

We compliance professionals know the frustration of working at organizations that overlook a formal process to identify change, report the impact and take timely actions. It is at the core of what we do to help organizations implement protective safeguards and yet the data indicates that the majority of organizations are not effectively monitoring and managing change.

Continue Reading »

COSO Principle 8 – Consider Potential for Fraud

With President Obama weighing in with his thoughts last Friday (2/13/15) at the White House Summit on Cybersecurity and Consumer Protection (http://bit.ly/1ySH8B3 ), it is time for board-level conversations related to fraud risks threatening their organizations, if these conversation were not yet occurring. An integrated risk assessment process inclusive of fraud risk that occurs at both the entity and business process levels allows all of our organizations to leverage compliance for business excellence and protection of assets.

Continue Reading »

COSO Principle 6 – Specifies Clear Objectives

The auditors, accounting and compliance teams understand how the Framework will keep the organization on track and lead to successful operations, financial, compliance (and strategic) objectives. Such success requires that organizations fully adopt the Framework for all of their objectives, communicate these benefits and lead training of the non-compliance functions that have been left out of this discussion at many organizations in the past.

Continue Reading »

COSO Principle 5 – Enforces Accountability

“The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.” (Revised COSO Principle 5 – http://www.coso.org/IC.htm) is the final of the five principles relating to the Control Environment component of internal control. The first four principles require a culture of compliance and a structure to enable competent employees to exercise internal control responsibilities in the achievement of objectives. This fifth principle demands consistent and fair monitoring of the activities including taking corrective actions to reinforce a culture of compliance from all stakeholders (board members, employees, partners, vendors, etc.).

Continue Reading »