Using COSO Principles to Improve Performance

You may be familiar with the COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework for internal control. We have discussed it in past articles, and it has received significant attention when referenced by the Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB) as an example of an “internal control” system as required by Sarbanes-Oxley Act (SOX) sections 302 and 404.

SOX, in general, has generated a lot of discussion about internal controls: what are they and what do they do? Historically, for business finance and accounting processes, controls have typically referred to preventing fraud and abuse. Increasing regulatory requirements have caused compliance to tax & public company financial reporting regulations to become part of control system goals.

In this view, a financial control system identifies who approves expenditures, signs checks, and reviews ledgers to accounts, as well as listing the required records and who keeps them. Is this really all an internal control system does?

What Is the Purpose of an Internal Control System?

Financial reporting and compliance are two areas which COSO explicitly claims to address with its integrated framework. However, COSO also lists a third area where internal controls play a vital business role – effectiveness (reaching objectives) and efficiency (required resources) of operations.

As we have stated in past articles, if you develop and implement an internal control system and the only objectives are to prevent fraud and comply with laws and regulations, then you are missing an important opportunity. The same internal controls can also be used to systematically improve your business, particularly in regard to effectiveness and efficiency.

COSO Describes a Control System Framework

COSO lists five components that must be in place to some degree for an internal control system to be effective:

• Control Environment (The tone and culture of an organization)
• Risk Management (Event identification, risk assessment, risk response in recognizing threats)
• Control Activities (Policies and Procedures in place to direct key organizational activities)
• Information/Communication (Capturing and disseminating information throughout the organization)
• Monitoring (Evaluating operations through measurement, auditing, etc;)

Using a Control System to Drive Improvement

Let’s look at how effectiveness and efficiency of operations is played out using one example of the five components in the internal control framework – Control Environment.

The Control Environment of an organization is described as the foundation for the other components of internal control. It is the tone and culture of the organization upon which all other activities are conducted, and in most organizations it flows from the top. More specifically, how involved is management in setting realistic goals and then ensuring the organization has the resources to carry them out?

We can look at two contrasting styles. In the first, organizational goals fall from the sky with no involvement from those tasked with carrying out activities to reach objectives. Then results are either ignored altogether, or they are ignored until the end of the period; upon which you receive a nod of the head or a wag of the finger – depending on performance.

On the other end of the spectrum, management sets goals and objectives using a corroborative process. Management regularly reviews progress and performance along with leading indicators to determine if objectives will be met, and if not, identify if any d corrective action should be taken.

Sometimes there may be valid reasons for missing objectives: how well they are considered and absorbed into the organizational knowledge is also a function of the Control Environment. Participative management is one of the most important ways to set a proper environment or tone where using resources to reach objectives actually means something, not empty phrasing.

We could find examples of how control systems improve performance in all components. Through Control Activities, for example, policies and procedures can also incorporate the idea of setting process objectives along with regular measurement and review, as well as creating communication channels between key departments. In fact, all the procedures found in our policies and procedures manuals follow the Plan-Do-Check-Act philosophy of continually improving processes, including our soon to be released Finance Policies and Procedures Manual.

Communication activities can be built into the processes and procedures, creating communication channels that seem to frequently be lacking in organizations. These communication channels help create and communicate strategic level goals and objectives, which inform departments and segment level goals and objectives (which are also created as part of the control system). This kind of strategic alignment of objectives creates synergistic power in an organization.

COSO certainly fits our philosophy of control systems – where control isn’t only about preventing fraud and complying with regulations. Control is about having the philosophy and tools in place to be effective and efficient: and that is about doing things a little better tomorrow, next week, next month, and next year.

To learn more about changing your paradigm and using process improvement programs for your organization then attend the next How to Align a System of People and Processes for Results class. If you are eager to learn more about creating more order out of the chaos you are feeling at work then the How to Create Well-Defined Processes class is right for you.

ISO 9000 Internal Auditor classes are forming now. Call for information on having your own private in-house classes today.

 Email     Print   

Licensed under a Creative Commons Attribution 3.0 United States License.

This article can be reproduced freely ONLY with the following attribution:

Originally published in 2008 by Bizmanualz, Inc. under the title Using COSO Principles to Improve Performance. All rights reserved. Reproduction permitted with attribution only. www.bizmanualz.com