In my all previous articles I have been extensively covering about the Enterprise risk management and internal control and auditor’s role within an organization. In my research I find that in US economy the  most widely used framework in the United States is the Internal Control–Integrated Framework published by COSO (Committee of Sponsoring Organizations of the Tread way Commission).

The sponsoring organizations first came together in the 1980s to address the increasing fraudulent financial reporting that was occurring at that time. COSO released the original COSO’s updated Internal Control–Integrated Framework in 1992.

The framework gained widespread acceptance following the financial failures of the early 2000s. In 2013 COSO updated, enhanced, and clarified the framework. Today, Internal Control–Integrated Framework (often referred to simply as “COSO”) is the most widely used internal control framework in the United States, and is also used throughout the world.

COSO identifies six components of internal control that support an organization in achieving its objectives.

·     Risk Assessment which involves the process for identifying and assessing the risks that may affect an organization from achieving its objectives both in the short term and long term. Risk assessment is the key factor which needs to be conducted before an organization can determine the other necessary controls.

·      Control Environment is the set of standards, processes and structures that provides the basis for carrying out internal control across the organization. If internal control does not frames the boundaries of controlling the environment of an organization then the control mechanisms would not be measured and exercised.

·    Control Activities are the actions that have been established by policies and procedures. These policies acts as a benchmark which helps the internal auditor to access the activities. Framing boundaries and creating benchmark to measure the level of control to be exercised on the activities of the organization.

·    They help ensure that management’s directives regarding internal control are carried out. Control activities occur at all levels within the organization. This is one of the key factor that should be kept in mind that control needs to be decentralized but having an reporting system to the centralized pat of the organization.

·         Decentralized process would help the internal auditor to access the risk involved in every departments and its risk affects on the enterprise as a whole. As organizations are becoming more prunes to variety of risk hence it is better to have an decentralized risk measurement and boundaries of policies and strategies for the organization.  Decentralized risk measurement would help the organization to frame better polices and strategies which would mitigate the risk of business as well as financial.

·   Information and Communication recognizes that information is necessary for an organization to carry out its internal control responsibilities. Information can come from internal and external sources. Communication is the process of providing, sharing, and obtaining necessary information. Information and communication help all relevant parties understand internal control responsibilities and how internal controls are related to achieving objectives.

·         Monitoring the risk and reporting the same at the appropriate time should be the key part of the internal auditor.

The guidance issued by COSO in 2013 recognizes that each of the five internal control components includes principles representing the fundamental concepts associated with the component. Further, supporting the 17 principles are points of focus, representing important characteristics typically associated with principles. While the COSO framework provides examples of points of focus, management needs to determine suitable and relevant points of focus that reflect the organization’s unique industry, operations, and regulatory environment.