Database Reference
In-Depth Information
Selecting controls framework
An essential task of the program office is to establish a framework that will be used
to assess organizational risks and verify the controls mitigating those risks. There
are a number of well-established controls frameworks that can be selected based
on the overall control objectives of the organization. For example, InFission has
selected the Committee of Sponsoring Organization of the Treadway Commission
(COSO) framework that is most prevalent among publically traded companies. This
framework is implemented to provide assurance of internal controls over financial
statements. InFission has selected the COBIT (Control Objectives for Information and
related Technology framework), which is commonly used for IT controls. These two
frameworks are described as follows:
The COSO framework
The COSO framework consists of five interrelated components: Control
Environment, Risk Assessment, Controls Activities, Information and
Communication, and Monitoring. These are derived from the way management
runs a business, and are integrated with the management process. Although the
components apply to all entities, small and mid-size companies may implement
them differently to large ones. Smaller organizations may have controls that are
less formal and less structured, yet such an organization can still have effective
internal control.
Monitoring
Information &
Communication
Control Activities
Risk Assessment
Control Environment
Search WWH ::
Custom Search