COSO FRAMEWORK
A model of internal control gets established by COSO framework. The board of directors mainly enforce the framework for assurance that the objectives of the organization get achieved. Five components make the organization achieve its goals through the mission of an organization. The five elements include control activity, control of the environment, risk assessment, monitoring and communication and information. First, is control environment that gets concerned primarily on the management enforcement of procedures and policies of the organization. It is also about concerned about the administration tone that gets put in place, so that organization members know the restrictions that get effective in the operation and even, they achieve the results required. The power of the environment has an impact mainly on the organization objectives. The effect includes the following; exercising of the integrity and the ethical values, the commitment of competence gets made, and the procedures and policies of the human resources get utilized. The management philosophy and styles of operation get facilitated through control environment. The directors and the audit committee get used, and there is an issue of assignment to the authority. The second component is a risk assessment on the business for identification of drawbacks that may affect the success of the organization in achieving their objectives. There is a creation of companywide goals through evaluation (Fox, 2018). The analysis and identification of risk in the organization get done through this component. Don't use plagiarised sources.Get your custom essay just from $11/page
The management change gets also enforced a thorough assessment of risk. Thirdly, is information and communication that is mainly concerned about the pass of information to the internal and the external users. The main impact here is that the measure of the data should be of adequate and quality when it gets communicated. The fourth component is the monitoring of the activities that get concerned about the function s of the organization. Events that are not working well get also identified. The ongoing performance of the organization receives also monitored. The last component is the activity control that is concerned on the already existing power that gets put in place. The impact here is that there are policies and procedures followed, and there is an improvement in security.
Audit concern during IT audit
An IT auditor should always get concerned about the following; testing, development, implementation and procedures of evaluation that get followed in an organization. The audit standards also should get concerned by the auditor during the auditing process. The verification method extends to the programs, communication system, systems of security, software, network and other infrastructures concerned on technology (Cannon & Bedard, 2017). The technical errors that occur during the process of auditing should get traced so that it can get avoided, which may make the company ripple down. The internal control of the company should also get monitored by the auditor so that the information receives evaluated so as there is a security of data from external and internal threats.
Integration of COSO framework
Through the internal control, the COSO framework can get integrated. COSO makes a framework in respect of executive of the organization so that there are need and effectiveness of control. For example, I consider a company like Apple that can use authorities of the company to achieve their goals and objectives. The company has a correlation between their operation, compliance of rules and regulations and also their reporting procedures. The suggestion here is that the Apple company should guide and monitor their system of internal control (Wang, 2019). The components of the COSO framework considers monitoring process as an essential activity. The development of guidance by the COSO framework will help the organization to monitor the quality of the internal control system. The usage of derivates in the internal control system is also a suggestion in the company. The reason to use derivatives is that derivative-related problem gets responded by the use of guidance.
References