ISO Internal Control and Risk Management Standards
CHAPTER 11 DISCUSSED THE COSO internal control element that call for compliance with laws and regulations and outlined some of the many areas that need to be on enterprise management’s “radar screen.” Some of these laws and regulations are all but mandatory, with penalties to the enterprise operation that violates them. Others are more like standards that recommend practices that an enterprise should follow. This chapter looks at several of the ISO or International Standards Organization materials and defines preferred practices in some areas of enterprise operations.
There are some 20,000 ISO standards today, covering a wide range of areas in business operations, from the dimensions of a plastic credit card to standards for building railway bridges and much more. This chapter looks at two standards that are important for building effective COSO internal controls: the standards for enterprise risk management and the general standards for establishing enterprise internal control processes. With the exception of ISO standards covering product quality processes, many of these had been viewed as “too European” and have been all but ignored by many US business executives in the past. As we are operating today in an increasing global economy, all enterprise executives should be aware of the importance of ISO standards and how they support the internal control processes.
BACKGROUND AND IMPORTANCE OF ISO STANDARDS IN A GLOBAL ...