+- Accountancy Forum (https://www.accountancy.com.pk/forum)
+-- Forum: The Profession (https://www.accountancy.com.pk/forum/forumdisplay.php?fid=4)
+--- Forum: Accounting and Audit (https://www.accountancy.com.pk/forum/forumdisplay.php?fid=7)
+--- Thread: why COSO? (/showthread.php?tid=6615)
- kamranACA - 10-01-2009
Question may not be wrong but it could have lead to a wrong answer.
Anyway. No problem Astute!
- dotkom - 10-01-2009
sigh of relief...things are settled now, settled na?
so guys, come on in...put your share kindly...me and kamran will read your input and finally kamran will be providing his input (hopefully after a couple of days, right boss?)
- kamranACA - 10-01-2009
Certainly.
- dreamsunlimited - 10-02-2009
As Kamran pointed, Your question is very open and would be better repsonded if its scope is further refined. Its easy to compare a particular framework against other. Anyway here are my two cents.
All banks have to adopt some framework for its internal control. The best practice is to adopt a the COSO framework of the Treadway Commission's Internal Control--Integrated Framework as COSO is the most popular framework adopted by the entities across the globe and is popular for 404 compliance evaluation. COCO is mainly restricted to Canada, while the use of COSO is widespread. The Institute of Internal Auditors also prefers COSO over other frameworks. COSO framework shares most of its elements with other frameworks such as COCO, Cadbury, however there are certain differences as well. COCO includes the scope of control some particular aspects of management that COSO excludes objective setting, strategic planning and risk management, and corrective actions. COCO does exclude decision making from the scope of control.
The major advantage I see in COSO framework is its relative flexiblility against other frameworks. The COSO framework describes how each internal control element can be customised to smaller and less complex organizations. For example, if COSO is used as a best practice, its five following elements of internal control can be easily tailored to meet an organization's specific needs.
Looking forward to a good discussion on the topic.
- dotkom - 10-02-2009
man...your two cents are more than twenty two, i found some of the areas new for me (exclusions in COSO and COCO, IIA's preference etc.)
got a query, can i have some more info on "process re-engineering in COSO" (as you mentioned internal control element customization to smaller organizations), i am working for a company (of a friend of mine) and reviewing its processes to re-engineer them, and can you please provide the reference of exclusions in COSO and COCO and IIA's preference...thanks in advance
ps kindly keep visiting this thread, want your input and feedback
- kamranACA - 10-03-2009
Dotkom,
I have replied your e-mail
Following was the reply sent there (with bit modifications)-
This is, you know, the peak of audit season. Further, I may have to be out of the scene for some days due to my foreign visit (subject to visa availability). This has enhanced the pressure further.
I know you would be seeing me answering other questions on the forum but not yours. I answer only those questions for which I donât have to look at any material (at least in detail) and which I can write in 3 to 5 minutes or so. Your issue asks me to develop personal understanding on the subject matter before discussing it with you IN DETAIL. I was not personally engaged in any COSO audit.
However, the simple understanding about why COSO is better for banking sector (without going into a technical SWOT analysis) is that it is USA based framework that has been backed up by 5 major US institutes/associations like AICPA, IIA, Financial Executives International, American Accounting Association, and the Institute of Management Accountants (members of the Committee of Sponsoring Organizations of Treadway commission). These bodies are recognized world over and have a louder voice on the globe. Totally independent of each of the sponsoring organizations, the Commission contained representatives from industry, public accounting, investment firms, and the New York Stock Exchange as well.
All major banks deal in foreign markets either for deposits, money market transactions, raising equities and funds and capital market game play. The utmost important foreign market is US or Europe that itself is the biggest follower and is substantially influenced by US. Most of European locations have witnessed a favor given to COSO when choosing for a framework.
Further, some banks have or are in the process of listing their securities in cross border stock markets. Examples are GDRs or ADRs. Currently Pakistani Banks are focusing European markets. However, the biggest market is of US I must say and it is always in the eyes of the banking sector. This makes COSO far more attractive for banking sector so that whenever they get into that bigger global market, the compliance does not raise any issue.
Besides having louder voice, it is also a fact that members of treadway commission included the legendary institutions/people and none other framework in the world has been developed through such a long phase of developments and improvements. None of the other framework has been backed by such recognized quality institutions and accountancy legends.
You must know that the COSO's 1992 version was heavily criticized in various commentaries. Examples included the comments given by "Paisley", and "PWC". Still on certain COSO pronouncements there are coming various comments to improve certain things, like role of board of directors, non shifting of management decisions on auditors (indirectly) etc. Such comments, criticism has made COSO somewhat globally recognized, discussed, understood and accepted framework.
I am also of the view that COCO is not that attractive since it is much confined to the legal environment of one country and is not that much debated and practiced any where. Besides this, the development of COCO has not witnessed the process which COSO has undergone.
I also mention, that as per my knowledge except for COSO there is no that worldly popular and known framework available. SBP asked banks to follow some international framework for internal controls. Its circular did not mention that such framework should be COSO only. However, banks in specific and other industries in general prefer COSO.
The above mentioned is the major reason that causes attractiveness for COSO and makes it more popular. If you need to know differences with other frameworks, if any, or technical aspects, it will be a very long discussion; rather studying of a complete subject altogether.
Regards,
KAMRAN.
- kamranACA - 10-03-2009
dotcom
Following link will be beneficial for you as well as readers. It details all available frameworks and insight of a few.
www.seattle.gov/audit/training_files/control_models.ppt
Regards,
KAMRAN
- kamranACA - 10-03-2009
dotkom
COCO and COSO have already been discussed. I quote below a link that provides detailed insight about the different between the two
http//www.gov.ns.ca/nsmfc/documents/EnhancingManagementInvolvementwithInternalControl_000.pdf
There relevant paragraphs copied from above freely available link are as under
QUOTE
Comparison of COCO to COSO
There are three main differences between the American COSO and Canadian COCO framework on internal controls. The differences between the two internal control frameworks can be found in the definition and the scope, the underlying concepts, the judgment of effectiveness.
Definition and Scope
COSO defines internal control as a process, effected by a municipalityâs councilors, managers, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories
⢠Effectiveness and efficiency of operations
⢠Reliability of financial reporting
⢠Compliance with applicable laws and regulations.
COCO defines control as the elements of a municipality (including its resources, systems, processes, culture, structure, and tasks) that, taken together, support people in the achievement of the municipalityâs objectives. It defines three categories of objectives
⢠Effectiveness and efficiency of operations
⢠Reliability of internal and external reporting
⢠Compliance with applicable laws and regulations and internal policies.
Consistent with its definition, COCO includes the scope of control some particular aspects of management that COSO excludes objective setting, strategic planning and risk management, and corrective actions. COCO does exclude decision making from the scope of control.
Underlying Concepts
COCO is explicit about some concepts that are not addressed in COSO. These are
(a) Control includes the identification and mitigation of the risk failure to maintain the municipalityâs capacity to identify and exploit opportunities.
(b) Control includes the identification and mitigation of the risk of failure to maintain the municipalityâs resilience â its capacity to respond and adapt to unexpected risks and opportunities, and to make decisions on the basis of telltale indications in the absence of definitive information.
© COCO includes two criteria not explicitly addressed in COSO. They relate to mutual trust between people and the periodic challenge of assumptions. In addition, the concept of monitoring in this COCO guidance includes monitoring of the operating performance of the municipality. COSOâs discussion of monitoring could be interpreted as focused on monitoring of specific control activities.
The Judgment of Effectiveness
COSO addresses this as follows
âInternal control can be judged effective in each of the three categories, respectively, if the board of directors and management have reasonable assurance that
⢠They understand the extent to which the municipalityâs operations objectives are being achieved.
⢠Published financial statements are being prepared reliably.
⢠Compliance with applicable laws and regulations.
Determining whether a particular internal control system is effective is a subjective judgment resulting from an assessment of whether five components (control environment, risk assessment, control activities, information and communication, and monitoring) are present and functioning effectively. Their effective functioning provides the reasonable assurance regarding the achievement of one or more of the stated categories of objectives. Thus, these components are also criteria for effective internal control.
COCO differs in three important respects
(a) The judgment of effectiveness is made in relation to a specific objective, not a category of objectives.
(b) COCO asks that an assessment of the effectiveness of control be made against twenty specific criteria. COSO asks that assessment be made for each of five components, and provides illustrative issues to consider for each component.
All of COSOâs issues to consider are addressed directly or indirectly within the COCO document, except perhaps the following
⢠Receptivity of management to employee suggestions of ways to enhance productivity, quality, or other similar improvements.
⢠Extent to which personnel, in carrying out their regular activities, obtain evidence as to whether the system of internal controls continues to function.
⢠Extent to which outside parties have been made aware of the entityâs ethical standards.
⢠Extent to which training seminars, planning sessions, and other meetings provide feedback to management on whether controls operate effectively.
⢠Appropriateness of the level of documentation (of an evaluation).
© COCO includes the following definition of effective control
Control is what makes a municipality reliable in achieving its objectives. Control is effective to the extent that it provides reasonable assurance that the municipality will achieve its objectives.
UNQUOTE
I hope this will also benefit you.
Regards,
KAMRAN.
- kamranACA - 10-04-2009
Please also check the following book
"Sarbanes Oxley and the New Internal Auditing Rules"
Link is
http//books.google.com.pk/books?id=npwO9Tut79gC&pg=PA267&lpg=PA267&dq=coco+framework+of+internal+controls&source=bl&ots=F1hXCU2Y4u&sig=I4oLelWQerr8QOoo4dSRIkwYdFY&hl=en&ei=vFPHSqOYF5iY6wPPvNXyBA&sa=X&oi=book_result&ct=result&resnum=8#v=onepage&q=coco%20framework%20of%20internal%20controls&f=false
Regards,
- dotkom - 10-04-2009
whoaaa so much to read...thanks dude, its late...i'll definitely read it tomorrow,
kamran...i owe you this effort man
and for email...let me go through it, i'll get back
peace
- kamranACA - 10-04-2009
dotkom
The proposition you discussed in mail is not workable, I tell you at very outset.
You eventually found a man who didn't tell you that "it is the best idea but time is the limitation factor". Rather, I am telling you that this idea is entirely impracticable at the level you want to start. Your CFO's statement is incorrect, in my cconfirm view.
Reasons are enormous and some day I will discuss with you. Still, if you feel it is workable, you must give it a try.
I don't discuss it in detail for the reasons of confidentiality.
Best of luck!
Regards,
Kamran.
- dotkom - 10-05-2009
) meaning not possible?
i dont think anything is impracticable...i know there are limitations...many
but one day this will be done...somewhere in my heart i have a feeling...it will be done (like IFAS)
thanks dude
peace
- kamranACA - 10-05-2009
dotkom
You may have to read the exact words of my post once again to know why I said it is impracticable (in certain situation).
I did not say it is impossible any where in my post ALTHOUGH I personally believe there is no exact concept of banking in Islam (specially with the meanings we witness today). Beliefs are very personal, we should agree. IFAS; I just don't want to comment.
Regards,
KAMRAN.
- dotkom - 10-05-2009
agreed,
cent percent agreed