Corporate Compliance Report
Join now to read essay Corporate Compliance Report
In the wake of high-profile corporate scandals and subsequent regulatory legislation, reporting internal controls has become a requirement. These requirements have led to organizations viewing risk management as an area of vital importance. Best practice organizations have for years looked to the Committee of Sponsoring Organizations of the Treadway’s (COSO) Internal Control Integrated Framework as the standard to build a solid system of internal controls (Managing Risk, 2003). Formed in 1985, COSO is a voluntary and independent private sector organization that sponsored the National Commission of Financial Reporting. The National Commission was made up of various industry representatives who studied the underlying causes that lead to fraudulent financial reporting. The committee developed recommendations for public companies, independent auditors, regulators, and educational organizations, which are designed to improve “the quality of financial reporting through business ethics, effective internal controls, and corporate governance”(COSO, n.d., 1). Recognizing the need for organizations to evaluate risk management efforts, COSCO developed a framework for Enterprise Risk Management (ERM) that Morrison Management Specialists and other companies can use to establish strong internal controls.
Enterprise Risk Management
ERM is a controlled approach to help management identify and manage uncertainties and reach certain risk objectives. COSO’s ERM framework concentrates on the development of a strategy that includes the importance of a risk and internal control “consciousness” throughout an organization. COSO’s framework introduces eight key principles for ERM: “internal environment; objective setting; event identification; risk assessment; risk response; control activities; information and communication; and monitoring” (Managing Risk, 2003, p. 2). COSO’s framework also includes four objectives categories; these are: strategy; operations; financial reporting; and compliance. COSCO intended this framework to be an effective tool for keeping stakeholders and board directors informed about organizational procedures and processes. The framework could also be used to help an organization respond to uncertainties that will help directors to measure how well their organizations are managing its own risks.
The most crucial aspect of ERM is the establishment of effective internal controls with respect to organizational risk. COSO’s objective of internal controls is to establish a set of conditions within an organization to minimize the potential risk of misuse, loss, waste or fraud in financial reporting. Internal controls can be preventative, detective, or corrective. Preventative controls identify the steps that an organization takes to ensure compliance with polices and procedures. Detective controls are designed to uncover problems after they have occurred. For example, a corporation could conduct random compliance checks. Corrective controls are the actions that an organization will take to resolve issues of noncompliance and could entail education, training, severe discipline, or the time spent in rehabilitating a firm’s public image While detective controls are necessary, they are less desirable than preventing a risk even from happening in the first place. Furthermore, without the presences of correction and severe penalties, detective controls are not a sufficient deterrent (Lousteau & Reid, 2006).
COSCO’s ERM framework recognizes the need for organizations to interlace risk management into strategic objectives and organizational culture. By developing a risk culture, risk is seen to affect all layers of an organization and so all parts of an organization must determine how its actions generate or protect against the occurrence of a risk event. According to the Institute of Internal Auditors (2004), every company must recognize that risk exists to realize value for its stakeholders. With this in mind, the steps to implementing ERM include: the development of an organizational strategy that includes risk management; the determination of corporate philosophy and the delegation of risk controls; the performance of risk assessments and determining how much risk the organization is willing to undertake to generate value; identifying risk responses, communicating and analyzing risk results; and continued managerial review and oversight to ensure compliance. The steps that Morrison needs to take during the implementation process should result in establishing a risk management program that establishes an organizational framework that functions interdependently. This means that directors, senior management, auditors, and risk owners must overlap their interests and align corporate governance with risk management (Sobel & Redding, 2004).