Sarbanes Oxley Corporate Law & Marketing Accountability for CFO CIO CEO & CMO by Dean Gill
The Magic Words Internal Control Structure Procedures In 1985 inspired by an alarming increase in fraudulent corporate financial reporting a consortium of the largest accounting professional associations formed the National Commission on Fraudulent Financial Reporting more commonly referred to as The Treadway Commission. Each member of the consortium also participates in a supporting organization COSO " literally the Counsel of Supporting Organizations. COSO works on ethical professional issues for the accounting profession. Periodically it comes out with a report. These reports their recommendations have a powerful self governing influence on accountants.
In a 1992 report COSO defined the ambiguous phrase internal control Internal control is broadly defined a process effected by an entitys board of directors management other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories 1 effectiveness efficiency of operations; 2 reliability of financial reporting; 3 compliance with applicable laws regulations.
To be expressed as written policy for tracking reporting purposes the COSO report states that internal control process manifests as a framework. COSO identifies eight core elements in its integrated framework for internal control. 404 specifically calls for just such an internal control structure that management has to describe adjudge as to its effectiveness in the companys annual report. The SEC mentions COSO by name in its rules for 404 declines making it the official legal standard only because foreign companies doing business in the United States might use a different structure. Thus in practice if not by law the COSO framework probably will be the benchmark standard of internal control structure procedures for US companies complying to 404. In part the SEC says:
The COSO Framework satisfies our criteria may be used as an evaluation framework for purposes of managements annual internal control evaluation disclosure requirements.
Using the COSO Framework for Sarbanes Oxley Internal Control Compliance The draft COSO framework covers a wide swath of territory " ranging from declaratory statements about a company's values culture to specific parameters around data storage integrity. Each element contributes to the overall evaluation of the companys exposure to risk " market or regulatory.
Here are highlights of the framework where an effective analytical capability would be especially useful:
" Event Identification This is company's ability to draw insight from its information flag the contingencies upon which the objectives are premised. Aggregate analytical capabilities would be critical in some cases it may be useful to group potential events into categories. By aggregating events horizontally across an entity vertically within operating units management develops an understanding of the interrelationships between events gaining enhanced information as a basis for risk assessment.
" Risk Assessment This is the assessment of the probability of those contingencies. Risk assessment employs both qualitative quantitative analytic methods"and evaluates potential uncertainties as they unfold whether they are internally or externally generated.
" Control Activities These are policies procedures ensure that risk responses are carried out efficiently. Here too is point which calls for analytic capabilities in two key areas. 1 COSO identifies general controls as encompassing IT infrastructure management security management software. 2 Application controls are designed to ensure completeness accuracy validity of data capture processing.
" Information Communication Analytics is the solution for COSOs information communication element of internal control. COSO says information is needed at all levels of an organization to identify assess respond to risk. Pertinent information from both internal external sources must be captured shared in a form time frame that equips personnel to react quickly efficiently. Effective communication also involves the exchange of relevant data with external parties such as customers vendors regulators shareholders. Effective enterprise risk management relies on both historical current data. Historical data tracks actual performance against targets identifies trends correlates results forecasts performance. Historical data also provides early warning signals concerning potential risk related events. Current data gives management a real time view of risks inherent in a process function or unit. This enables an organization to alter its activities as needed in keeping with its risk appetite. Continued Part 4
Disclaimer
The information opinions expressed on this paper are not intended to be a comprehensive description nor to provide legal advice should not be treated as a substitute for specific advice concerning individual situations. While the author Upper Quadrant has made every attempt to ensure that the information contained in this document is accurate neither the author nor Upper Quadrant is responsible for any errors or omissions or for the results obtained form use of this information.
[youtube:MjT33VCraUw;This video is great example of [link:marketing software that uses dynamic marketing dashboards]; youtube. com watch v=MjT33VCraUw feature=related]
This article is written by Dean Gill is copyrighted by Mr. Gill his employer Upper Quadrant. For additional information or if you would like to contact Mr. Gill directly you may do so by email at dgill@upperquadrant. com or call 703 476 1992. Alternatively you can visit Upper Quadrants website upperquadrant. com or Marketing ROI ROMI website. Sarbanes Oxley Corporate Law & Marketing Accountability for CFO CIO CEO & CMO
