Committee Of Sponsoring Organizations Of The Treadway’S
Essay by 24 • January 24, 2011 • 1,652 Words (7 Pages) • 1,925 Views
Essay Preview: Committee Of Sponsoring Organizations Of The Treadway’S
Corporate Compliance Report
Tish Preston
University of Phoenix
Introduction
In the wake of high-profile corporate scandals and subsequent regulatory legislation, reporting internal controls has become a requirement. These requirements have led to organizations viewing risk management as an area of vital importance. Best practice organizations have for years looked to the Committee of Sponsoring Organizations of the Treadway’s (COSO) Internal Control Integrated Framework as the standard to build a solid system of internal controls (Managing Risk, 2003). Formed in 1985, COSO is a voluntary and independent private sector organization that sponsored the National Commission of Financial Reporting. The National Commission was made up of various industry representatives who studied the underlying causes that lead to fraudulent financial reporting. The committee developed recommendations for public companies, independent auditors, regulators, and educational organizations, which are designed to improve “the quality of financial reporting through business ethics, effective internal controls, and corporate governance” (COSO, n.d., 1). Recognizing the need for organizations to evaluate risk management efforts, COSO developed a framework for Enterprise Risk Management (ERM) that British Petroleum (BP) Oil Company and other companies can use to establish strong internal controls.
Corporate governance is the monitoring of companies and management. In recent years, due to the negligence of upper management the government has formed regulatory groups to help monitor the process. The National Commission on Fraudulent Financial Reporting, more commonly referred to as the Treadway Commission, was formed in 1985 to inspect, analyze, and make recommendations in what appeared at that time an alarming increase in fraudulent corporate financial reporting. The Commission made a number of recommendations designed for the public company, independent public accountant, the Securities and Exchange Commission, and field of education for the accountant. Treadway Commissions has made recommendations for public companies such as British Petroleum, such as: 1) The tone of management as set by the company officials 2) Careful design of the internal accounting and auditing functions 3) An audit committee composed of independent directors 4) Management and audit committee reports describing the activity and the effectiveness of internal control measures 5) More public dialogue by management when seeking a second opinion on a significant accounting issue.
Implementation plan for enterprise risk management (ERM)
British Petroleum Oil Company broke with the industry and reported the possible link between emission and global warning, so how did the CEO, John Browne wind up as the scapegoat for one of the largest oil spills in the North Slop and the worst refinery incidents in the U.S in recent years? The answer lies in the breakdown in the company’s enterprise risk management. The internal culture of the company became known as “managed risk” under the leadership of Browne due to the constant pressure to keep cost down. Problems in refineries pipelines were not addressed and inspection specialist warned superiors in British Petroleum's corrosion, inspection, and chemical team of a potential "catastrophe" and complained about "the larger lack of consistency and lack of standardization across the North Slope." (Schwartz, 2006) Minimal measures were taken by the company but by the time of the shut down, more that 70% of the wall had eroded in 12 different places. Middle management was convinced that cost could be reduced by as much as 10% and in a competitive environment, meant that each manager tried to beat the record of the his or her predecessor. The employees of British Petroleum still believe in the company ability to contain “go green” and reduce the amount of omissions and still maintain respect of upper management.
“Enterprise Risk Management, ERM, is an iterative and sequential series of steps that utilizes risk self-assessment (the process of identifying and evaluating risk with regard to their potential impact and likelihood, as well as related controls) as well as the subsequent risk management process of control evaluation, action plan definition, monitoring of risk- and implementation development.” (Minsky, 2006) “The goal of ERM is to create, protect, and enhance shareholder value by managing the uncertainties surrounding the achievement of the organization’s objectives.” (Paul J Sorbel, 2004) John Browne is determined to turn British Petroleum’s situation around by hiring outside consultants to determine what went wrong. ERM best practice process is as follows:
1. Let your line management lead the risk management process for their areas.
2. Capture this expert opinion with a framework of risk indicators and a root cause discipline to ensure the quality of capturing the expert opinion.
3. Document their self-assessments of their operating processes to identify “What could go wrong?” based on their powerful expertise gathered from intimate knowledge of the subject matter.
4. Evaluate the expert opinion to determine if action needs to be taken.
5. Formalize the mitigation process to follow-up on these instincts to craft a plan of action that takes into account historical data and traditional analysis.
6. Monitor the plan of action to make sure it actually achieves the goal rather than just appearance. (Minsky, 2006)
The plan for British Petroleum Oil will have to start with internal control consists of five interrelated components. These are derived from the way management runs a business and are integrated with the management process. The components are listed below.
1. Control Environment -The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. (COSO, 2006)
2. Risk Assessment - Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. (COSO, 2006)
3. Control Activities - Control activities are the
...
...