COSO Framework for an Organization Free Samples for Students

Questions: Consider the COSO Framework. Write an Internal environment that you are Familiar with and complete the COSO Framework for this Environment as outlined below. 1.State the control objectives. 2.. Identify the risk sources. 3.. Perform a risk assessment 4. Develop a risk response 5. Determine the control activities 6. Provide a method of informing and communicating the results 7.Discuss the process that is used for monitoring the information Answers: 1.Control objectives Credit should be extended to credit worthy customers. Goods should not be dispatched without an invoice being raised. Overdue accounts should be promptly followed up. Receipt from cash sales should be properly controlled. No unauthorized credit entries should be made to debtors account balances. 2.Risk sources Goods being dispatched without being involved Goods being sold to a bad credit risk Sales being invoiced but not recorded Doubtful debts 3.Risk assessment The risks involved in internal control system over sales and debtors are assessed on a residual basis and an inherent basis. The process involves determining the likelihood and impact of the risks above on the organization. Various tools such as Qualitative risk analysis, maximum loss estimation and fault tree estimation are used in determining the impact of the risks. After the risk assessment process, the risks are then prioritized in accordance to their risk rating. 4.Risk response After the risks facing the internal control system over sales and debtors have been assessed and prioritized, the best risk response is formulated. These responses include avoidance, acceptance, sharing or reduction. Some of the risks such as selling of the goods to a bad credit risk are avoided by not dealing with such customer. However, not all risks can be avoided and therefore risks such as doubtful debts can be dealt with by transferring them to a factoring company. 5.The control activities Customers are approved before a credit facility is granted. The credit limit granted is formally authorized after seeking references on the customers ability to pay. Such references are normally provided by banks suppliers and credit reference bureaus. Customers are approved for sales only when the customers credit limit has not been exceeded. The sales personnel ensure that they have up to date records of customers outstanding balances. Goods only be dispatched against a valid and an authorized sales order. All dispatches of goods and return inwards are accurately recorded All dispatches are involved. This can be achieved by checking copies of the sales order to the dispatch records the use of sequentially numbered documents would ensure that all sales are invoiced. Invoices and credit notes are accurately prepared from approved price list and all discounts or price deduction are properly approved. Price list and all trade discounts and price deduction are properly authorized. Creditors notes and other adjustments are prepared against authorized return inwards or other appropriate documents. To prevent fraud, there are proper segregation of duties such that the person who authorizes a sale is not able to authorize the issue of a credit note or other adjustments. All bad debts written off are properly authorized and recorded. Persons involved with original authorization of sales and granting credit to customers should not be involved in the authorization of bad debts write offs. Stocks records are accurately updated with all sales and sales returns All transactions are accurately posted to the ledger Sales ledger balances are regularly reconciled to sales ledger control balances to ensure completeness and accuracy of the ledger. Sales ledger balances are periodically aged and reviewed by the credit control staff. Overdue accounts are identified and followed up for collection. 6.A method of informing and communicating the results The information pertaining to the risks is disseminated through several ways including: risk reports, newsletters, notice boards, internal audit reports, electronic mail and internet websites to the appropriate personnel in the organization. 7.The process that is used for monitoring the information The entire process is monitored is closely monitored through ongoing management processes and separate evaluations. Tools used in monitoring of the risks include: Internal audit, Risk reporting, Risk register, Creation of the risk management department and Risk policies, governance and procedures.