Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
why COSO?
10-01-2009, 08:24 PM
Post: #31
 
Question may not be wrong but it could have lead to a wrong answer.

Anyway. No problem Astute!
Visit this user's website Find all posts by this user
Quote this message in a reply
10-01-2009, 09:47 PM
Post: #32
 
sigh of relief...things are settled now, settled na?

so guys, come on in...put your share kindly...me and kamran will read your input and finally kamran will be providing his input (hopefully after a couple of days, right boss?)
Visit this user's website Find all posts by this user
Quote this message in a reply
10-01-2009, 10:19 PM
Post: #33
 
Certainly.
Visit this user's website Find all posts by this user
Quote this message in a reply
10-02-2009, 12:15 AM
Post: #34
 
As Kamran pointed, Your question is very open and would be better repsonded if its scope is further refined. Its easy to compare a particular framework against other. Anyway here are my two cents.

All banks have to adopt some framework for its internal control. The best practice is to adopt a the COSO framework of the Treadway Commission's Internal Control--Integrated Framework as COSO is the most popular framework adopted by the entities across the globe and is popular for 404 compliance evaluation. COCO is mainly restricted to Canada, while the use of COSO is widespread. The Institute of Internal Auditors also prefers COSO over other frameworks. COSO framework shares most of its elements with other frameworks such as COCO, Cadbury, however there are certain differences as well. COCO includes the scope of control some particular aspects of management that COSO excludes objective setting, strategic planning and risk management, and corrective actions. COCO does exclude decision making from the scope of control.

The major advantage I see in COSO framework is its relative flexiblility against other frameworks. The COSO framework describes how each internal control element can be customised to smaller and less complex organizations. For example, if COSO is used as a best practice, its five following elements of internal control can be easily tailored to meet an organization's specific needs.

Looking forward to a good discussion on the topic.
Visit this user's website Find all posts by this user
Quote this message in a reply
10-02-2009, 12:54 AM
Post: #35
 
man...your two cents are more than twenty two, i found some of the areas new for me (exclusions in COSO and COCO, IIA's preference etc.)

got a query, can i have some more info on "process re-engineering in COSO" (as you mentioned internal control element customization to smaller organizations), i am working for a company (of a friend of mine) and reviewing its processes to re-engineer them, and can you please provide the reference of exclusions in COSO and COCO and IIA's preference...thanks in advance

ps kindly keep visiting this thread, want your input and feedback
Visit this user's website Find all posts by this user
Quote this message in a reply
10-03-2009, 11:21 PM
Post: #36
 
Dotkom,

I have replied your e-mail

Following was the reply sent there (with bit modifications)-

This is, you know, the peak of audit season. Further, I may have to be out of the scene for some days due to my foreign visit (subject to visa availability). This has enhanced the pressure further.

I know you would be seeing me answering other questions on the forum but not yours. I answer only those questions for which I don’t have to look at any material (at least in detail) and which I can write in 3 to 5 minutes or so. Your issue asks me to develop personal understanding on the subject matter before discussing it with you IN DETAIL. I was not personally engaged in any COSO audit.

However, the simple understanding about why COSO is better for banking sector (without going into a technical SWOT analysis) is that it is USA based framework that has been backed up by 5 major US institutes/associations like AICPA, IIA, Financial Executives International, American Accounting Association, and the Institute of Management Accountants (members of the Committee of Sponsoring Organizations of Treadway commission). These bodies are recognized world over and have a louder voice on the globe. Totally independent of each of the sponsoring organizations, the Commission contained representatives from industry, public accounting, investment firms, and the New York Stock Exchange as well.

All major banks deal in foreign markets either for deposits, money market transactions, raising equities and funds and capital market game play. The utmost important foreign market is US or Europe that itself is the biggest follower and is substantially influenced by US. Most of European locations have witnessed a favor given to COSO when choosing for a framework.

Further, some banks have or are in the process of listing their securities in cross border stock markets. Examples are GDRs or ADRs. Currently Pakistani Banks are focusing European markets. However, the biggest market is of US I must say and it is always in the eyes of the banking sector. This makes COSO far more attractive for banking sector so that whenever they get into that bigger global market, the compliance does not raise any issue.

Besides having louder voice, it is also a fact that members of treadway commission included the legendary institutions/people and none other framework in the world has been developed through such a long phase of developments and improvements. None of the other framework has been backed by such recognized quality institutions and accountancy legends.

You must know that the COSO's 1992 version was heavily criticized in various commentaries. Examples included the comments given by "Paisley", and "PWC". Still on certain COSO pronouncements there are coming various comments to improve certain things, like role of board of directors, non shifting of management decisions on auditors (indirectly) etc. Such comments, criticism has made COSO somewhat globally recognized, discussed, understood and accepted framework.

I am also of the view that COCO is not that attractive since it is much confined to the legal environment of one country and is not that much debated and practiced any where. Besides this, the development of COCO has not witnessed the process which COSO has undergone.

I also mention, that as per my knowledge except for COSO there is no that worldly popular and known framework available. SBP asked banks to follow some international framework for internal controls. Its circular did not mention that such framework should be COSO only. However, banks in specific and other industries in general prefer COSO.

The above mentioned is the major reason that causes attractiveness for COSO and makes it more popular. If you need to know differences with other frameworks, if any, or technical aspects, it will be a very long discussion; rather studying of a complete subject altogether.

Regards,


KAMRAN.
Visit this user's website Find all posts by this user
Quote this message in a reply
10-03-2009, 11:41 PM
Post: #37
 
dotcom

Following link will be beneficial for you as well as readers. It details all available frameworks and insight of a few.

http://www.seattle.gov/audit/training_fi...models.ppt


Regards,


KAMRAN
Visit this user's website Find all posts by this user
Quote this message in a reply
10-03-2009, 11:58 PM
Post: #38
 
dotkom

COCO and COSO have already been discussed. I quote below a link that provides detailed insight about the different between the two

http//www.gov.ns.ca/nsmfc/documents/EnhancingManagementInvolvementwithInternalControl_000.pdf

There relevant paragraphs copied from above freely available link are as under

QUOTE

Comparison of COCO to COSO

There are three main differences between the American COSO and Canadian COCO framework on internal controls. The differences between the two internal control frameworks can be found in the definition and the scope, the underlying concepts, the judgment of effectiveness.

Definition and Scope

COSO defines internal control as a process, effected by a municipality’s councilors, managers, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories

• Effectiveness and efficiency of operations

• Reliability of financial reporting

• Compliance with applicable laws and regulations.

COCO defines control as the elements of a municipality (including its resources, systems, processes, culture, structure, and tasks) that, taken together, support people in the achievement of the municipality’s objectives. It defines three categories of objectives

• Effectiveness and efficiency of operations

• Reliability of internal and external reporting

• Compliance with applicable laws and regulations and internal policies.

Consistent with its definition, COCO includes the scope of control some particular aspects of management that COSO excludes objective setting, strategic planning and risk management, and corrective actions. COCO does exclude decision making from the scope of control.

Underlying Concepts


COCO is explicit about some concepts that are not addressed in COSO. These are

(a) Control includes the identification and mitigation of the risk failure to maintain the municipality’s capacity to identify and exploit opportunities.

(b) Control includes the identification and mitigation of the risk of failure to maintain the municipality’s resilience – its capacity to respond and adapt to unexpected risks and opportunities, and to make decisions on the basis of telltale indications in the absence of definitive information.

© COCO includes two criteria not explicitly addressed in COSO. They relate to mutual trust between people and the periodic challenge of assumptions. In addition, the concept of monitoring in this COCO guidance includes monitoring of the operating performance of the municipality. COSO’s discussion of monitoring could be interpreted as focused on monitoring of specific control activities.

The Judgment of Effectiveness

COSO addresses this as follows

“Internal control can be judged effective in each of the three categories, respectively, if the board of directors and management have reasonable assurance that

• They understand the extent to which the municipality’s operations objectives are being achieved.

• Published financial statements are being prepared reliably.

• Compliance with applicable laws and regulations.

Determining whether a particular internal control system is effective is a subjective judgment resulting from an assessment of whether five components (control environment, risk assessment, control activities, information and communication, and monitoring) are present and functioning effectively. Their effective functioning provides the reasonable assurance regarding the achievement of one or more of the stated categories of objectives. Thus, these components are also criteria for effective internal control.

COCO differs in three important respects

(a) The judgment of effectiveness is made in relation to a specific objective, not a category of objectives.

(b) COCO asks that an assessment of the effectiveness of control be made against twenty specific criteria. COSO asks that assessment be made for each of five components, and provides illustrative issues to consider for each component.

All of COSO’s issues to consider are addressed directly or indirectly within the COCO document, except perhaps the following

• Receptivity of management to employee suggestions of ways to enhance productivity, quality, or other similar improvements.

• Extent to which personnel, in carrying out their regular activities, obtain evidence as to whether the system of internal controls continues to function.

• Extent to which outside parties have been made aware of the entity’s ethical standards.

• Extent to which training seminars, planning sessions, and other meetings provide feedback to management on whether controls operate effectively.

• Appropriateness of the level of documentation (of an evaluation).

© COCO includes the following definition of effective control

Control is what makes a municipality reliable in achieving its objectives. Control is effective to the extent that it provides reasonable assurance that the municipality will achieve its objectives.


UNQUOTE

I hope this will also benefit you.


Regards,


KAMRAN.
Visit this user's website Find all posts by this user
Quote this message in a reply
10-04-2009, 12:04 AM
Post: #39
 
Please also check the following book

"Sarbanes Oxley and the New Internal Auditing Rules"

Link is

http//books.google.com.pk/books?id=npwO9Tut79gC&pg=PA267&lpg=PA267&dq=coco+framework+of+internal+controls&source=bl&ots=F1hXCU2Y4u&sig=I4oLelWQerr8QOoo4dSRIkwYdFY&hl=en&ei=vFPHSqOYF5iY6wPPvNXyBA&sa=X&oi=book_result&ct=result&resnum=8#v=onepage&q=coco%20framework%20of%20internal%20controls&f=false


Regards,
Visit this user's website Find all posts by this user
Quote this message in a reply
10-04-2009, 06:21 AM
Post: #40
 
whoaaa so much to read...thanks dude, its late...i'll definitely read it tomorrow,

kamran...i owe you this effort man

and for email...let me go through it, i'll get back

peace
Visit this user's website Find all posts by this user
Quote this message in a reply
10-04-2009, 08:40 PM
Post: #41
 
dotkom

The proposition you discussed in mail is not workable, I tell you at very outset.

You eventually found a man who didn't tell you that "it is the best idea but time is the limitation factor". Rather, I am telling you that this idea is entirely impracticable at the level you want to start. Your CFO's statement is incorrect, in my cconfirm view.

Reasons are enormous and some day I will discuss with you. Still, if you feel it is workable, you must give it a try.

I don't discuss it in detail for the reasons of confidentiality.

Best of luck!

Regards,


Kamran.
Visit this user's website Find all posts by this user
Quote this message in a reply
10-05-2009, 02:47 AM
Post: #42
 
) meaning not possible?

i dont think anything is impracticable...i know there are limitations...many

but one day this will be done...somewhere in my heart i have a feeling...it will be done (like IFAS)

thanks dude

peace
Visit this user's website Find all posts by this user
Quote this message in a reply
10-05-2009, 04:21 AM
Post: #43
 
dotkom

You may have to read the exact words of my post once again to know why I said it is impracticable (in certain situation).

I did not say it is impossible any where in my post ALTHOUGH I personally believe there is no exact concept of banking in Islam (specially with the meanings we witness today). Beliefs are very personal, we should agree. IFAS; I just don't want to comment.


Regards,


KAMRAN.
Visit this user's website Find all posts by this user
Quote this message in a reply
10-05-2009, 04:29 PM
Post: #44
 
agreed,

cent percent agreed
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)