Internal Control Entity and Organizational GRC Relationships
ALL TOO OFTEN, ENTERPRISE MANAGERS looked at the original COSO internal control framework by viewing only the front-facing elements and all but ignoring the upper and side components of the framework model. To provide a better introduction to this internal control framework model, Chapters 9 through 11 discussed the key internal control elements usually shown on the top side of the COSO framework. We also sometimes forget that important internal control organizational elements are usually depicted on the right side of the framework.
This chapter flips that framework model around again and focuses on organization-level internal controls, ranging from total enterprise entity-wide internal controls down to issues in operating departments and units. The idea here is that enterprise internal controls should be consistent throughout, but their level and focus may vary at different levels.
These separate organization-level internal controls also translate into a set of governance processes for an enterprise. This chapter discusses the importance of having strong governance processes in place over all aspects of an enterprise. An expression that really did not exist with the original COSO framework, governance, risk, and compliance, or GRC, are important concepts for building and establishing effective internal controls. This chapter relates GRC concepts to the COSO internal controls framework. Although it is important ...