KnowledgeLeader Blog

Segregation of duties (SODs) is an important concept to internal control frameworks, financial reporting and regulatory compliance, including the Sarbanes-Oxley Act (SOX). It is a component of an effective control environment. The overall effectiveness of management’s internal controls depends on SoDs to a large extent. For effective internal controls, there needs to be an adequate division of responsibilities.

Topics: COSO, Internal Controls, IT Controls, Process-Level Control, Segregation of Duties

WHAT DOES COSO STAND FOR?

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed a COSO Framework for evaluating internal controls. This model has been adopted as the generally accepted framework for internal control and is widely recognized as the definitive standard against which organizations measure the effectiveness of their systems of internal control. 

Topics: Enterprise Risk Management, Corporate Governance, COSO, Audit Committee & Board

Everyone talks about the need for good risk management programs, but nobody seems to know how to audit them to ensure that they work. The people that bear responsibility for setting the parameters of an enterprise risk management (ERM) program is pretty clear: the board of directors and the C-level executives. They decide what the risks are, what level of risk they’re willing to tolerate and what risks they do not want to tolerate. They are responsible for monitoring and responding to ERM outputs and obtaining assurance that the organization’s risks are acceptably managed within the specified boundaries.

 

Topics: Enterprise Risk Management, Internal Audit, COSO, Risk Assessment, Audit Committee & Board, Governance, Risk & Compliance

 

In January 2013, the updated version of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Integrated Internal Control Framework went into effect (https://www.coso.org/). If you’re wondering what this model is, you probably work for a privately held corporation or a non-profit or are very new to internal audit.

 

Topics: Compliance, COSO, Internal Controls, Risk Assessment, Entity-Level Control

What is the Second Line of Defense?

Essential to effective risk management, the lines-of-defense model is implicit in COSO’s internal control framework through the control environment, control, activities, monitoring and other components of an internal control system. It provides assurance to the board of directors, as the elected representatives of the shareholders to oversee the organization’s operations on their behalf, that risks are reduced to a manageable level as dictated by the organization’s appetite for risk. Much more than “segregating incompatible duties” and “ensuring checks and balances,” the lines-of defense model emphasizes a fundamental concept of risk management: From the boardroom to the customer-facing processes, managing risk is everyone’s responsibility.

Topics: Enterprise Risk Management, Corporate Governance, Internal Audit, COSO, Audit Committee & Board, Strategic Risk