Bridging the Gap between Business Information Management and Accounting
Bridging the gap between IT and Management is why we study Business Information Management. We learn frameworks on how to manage information and IT within the company. With a rising need for a higher understanding of this topic, we are certainly not the only ones studying this in our Masters. However, when talking to an Accounting major it turned out that we had completely different ideas about the subject and the frameworks we were studying. One of the most talked about frameworks when talking about Information management within Accounting is the COSO framework, which I will explain below.
The COSO Framework
The Committee of Sponsoring Organizations of Treadway Commission (hereafter, COSO) was an initiative started in the mid 1970 in the United States. Its goal was to provide a framework for firms to help them deal with internal control issues.
Nevertheless, COSO remained unknown until the emergence of accounting scandals such as: Enron, Worldcom, Ahold, only to name a few.
These scandals all incurred in the beginning of the new millennium, and one of their common denominators was the lack of internal control within an organization. This meant that a lot of override was possible within the firm and money could be funneled out of an organization, which ultimately did not help achieve the goals of the enterprises.
After the accounting scandals a lot of effort was put into upgrading and improving COSO. This framework is composed of five essential building blocks:
- Control environment: It is the foundation of the COSO framework; it is the tone that the organization adopts. In other words it is the integrity, the ethical values, and the managers operating style. Without the control environment all other characteristics would be useless, because if a manager does not abide, promote nor enforce control activities, you can be certain that the lower level employees will not abide to it either.
- Risk assessment: It is essential that a firm is aware of the risks that it is faced with. Therefore, there is the need for it to assess its risk level. That will enable it to distinguish between the acceptable and the unacceptable risks.
- Control activities: The activities that ensure that management orders are carried out at the lower hierarchical levels. These are the activities that prevent fraud within an organization. The most common example is the segregation of duties.
- Information and communication: The importance of information system within the organization to provide reliable and relevant information to the right people.
- Monitoring: Although all the processes help avoid error or fraud, there is still the need for general monitoring of all these processes.
Looking at the exponential development in information system, will this have a marginal benefit towards the goals of COSO and will help avoid fraud within companies?
Committee of Sponsoring Organizations of the Treadway Commission. (2015). Retrieved September 23, 2015