For over 10 years, the Committee of Sponsoring Organizations of the Tradeway Commission (COSO) gave guidelines to help businesses and organizations examine and improve internal control systems. The mechanism has over time been embraced by several business enterprises in their policies, systems, and regulations to their activities so as to achieve their set goals and objectives. Over the past few years, concerns have been raised on the need for risk management. It, therefore, became necessary that organizations have to put up mechanisms that can effectively discover and deal with risks. At the time the framework was developing, scandals were on the rise especially on high profile businesses and investments whereby staff of companies and other stakeholders experienced huge losses. The consequences led to renewed calls for risk management with new policies, principles, and regulations for company governance. Therefore, according to COSO, there is a need to come up with a framework that is acceptable to all companies and organizations.
Sabarnes Oxley act is one of the legislation that was put in place in the United States to regulate the management of internal controls in public companies. The law was enacted in the year 2002 and requires companies to institute measures of internal controls, expelling them to confirm the effectiveness of their systems. Internal control mechanisms serve to satisfy the reporting standards that are widely accepted. Enterprise risk management broadens the aspect of internal control within organizations, providing a more elaborate and broad spotlight on the measures of business risk management. The intention of enterprise risk management is not to do away with the internal control framework, but rather to be incorporated in the internal control systems so that a company may move a step higher towards achieving complete risk management practice. COSO is overseeing the implementation of these activities so that businesses can have ethics within their controls.
Implementation of monitoring as recommended by COSO can be a big step for a company to improve its chances of realizing its objectives of improving internal control framework while at the same time minimizing expenses by making sure that internal controls work effectively. COSO established that there is a need for management to change its strategies of managing risks because risks keep on changing over time. Miller (1991) wrote that a company needs to address emerging risks and address them accordingly. According to his argument, the management of a company should assess the emergence of new risks and evaluate the relevance of the existing measures of control to determine whether they are still applicable to current risks. COSO beliefs that observation should be based on the primary examination of risks and considering how the controls are going to curb those risks.
COSO proposed a framework that can guide organizations to approach internal control frameworks. The framework clearly states that monitoring should: assess the systems of internal control and its ability to manage risks and not just based on individuals’ efficacy in internal control in isolated cases; monitoring should be applied to all factors and not only to monetary objectives. Risk management has to be involved in all the components of an organization which include the risks involved in assessment, the environment of the business, business activities, feedback, and supervision. All the five components outlined in the COSO framework are important for an organization to achieve its objectives. The presence of all the five components does not mean they should work perfectly, a deficit in one component can be compensated by the other (Sims, 1994).
Due to the nature of the global business environment and its complications, the risks of ethical misconduct have not been very severe. But as the world continues to increase rules and regulations as well as scrutiny by stakeholders, cases of ethical misconduct can be expected. In order to understand ethics in business one should take the views of a person and focus on his morals and character. In this approach, it is assumed that high moral values of honesty and truthfulness are easy to be applied in a difficult business environment. It is therefore necessary for people with questionable and unacceptable moral behaviors as recommended by COSO (Schaefer, 2002).
COSO also recommends that an organization should set up values that restrict people in the organization from engaging in unethical behaviors. Maignan (2006) suggested that companies should come up with programs that compel workers to be compliant with the values of the company and organize training programs to help in the awareness of the values. Some examples of ethical misconduct have occurred because workers intentionally break the law. COSO has therefore recommended that organizations implement ethics and compliance programs in their internal controls to prevent employees from engaging in ethical misconduct.
COSO has also suggested that business leaders need to understand the criteria for making business decisions and the environment in which they can operate smoothly. Though the managers also face the same risk of ethical misconduct as the employees, they should be at the forefront to control risks that are attached to customer interaction. As much the objective of teaching employees the benefits of ethics is to help them live a good life, they should be helped to have a holistic approach to understanding business ethics (Jones, 1991).
Jones, T. (1991). Ethical Decision Making by Individuals in Organization Vol. 16. New Yolk: Bradshaw.
Maignan, O.C. (2004). Corporate Social Responsibility and Marketing. London: Oxford University Press.
Miller, R.L. (1991). A Stakeholder Approach to Marketing Management Using the Value Exchange Models. Vol. 25. London: Liverpool University Press.
Schaefer, R.T. (2002). Sociology: A Brief Introduction. 4th ed. Boston: McGraw Hill.
Sims, R.L. (1994). The Influence of Ethical Fit on Employee Satisfaction, Commitment and Turnover.Nairobi: Mc Milan.