COSO Framework and Financial Controls


It is important to establish the reason for the substantial dedication of time and focus specifically on controls over financial reporting. Many private companies lack appropriate documentation regarding the existence of controls associated with the financial reporting and disclosure process. In each case, these controls may or may not exist. Therefore, the most practical approach for these organizations is to focus initially on analyzing and building a strong foundation of internal control through risk assessment in the area of financial reporting and disclosure. Subsequently, management may utilize that foundation as a platform for concentrating on overall risk related to the business, which will facilitate the design and implementation of a robust, holistic risk management program.

Smaller companies should consider beginning their risk assessment program by focusing initially in the area of financial reporting and disclosure. This concentration can serve as a dual-purpose initiative for an organization since risks and risk mitigation in this area fall into the overall enterprise risk management (ERM) category of financial risk and subcategory of financial reporting and disclosure. Often smaller and private organizations are lacking in internal control over financial reporting and do not have the stringent regulatory requirements of a public company (i.e., Sarbanes-Oxley). By focusing on the period-end ...

Get Enterprise Risk Management Best Practices: From Assessment to Ongoing Compliance now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.