Cube of Coso

The system is only as strong as its weakest control. Internal Control problems have various perspectives. Some experts have explained that Internal Control problems can be due to Managerial issues or they can be on account of Technical or Procedural issues. Weakness in one area can affect effectiveness of the other.

Internal Control frameworks like COSO have helped many corporate understand and implement Internal Controls better. However, these frameworks are not better equipped to handle Managerial issues and conflict which can affect effectiveness of Internal Controls within an organization.

If you visualize real time situations, you can enumerate many industrial and managerial issues which arise due to conflict between the Objectives of COSO Framework of Internal Control viz. Operations, Financial Reporting & Compliance. Similarly, conflicts and trade-off may be necessary within components of Internal Control namely Monitoring, Information & Control, Control Activities, Risk Assessment and control Environment. Effectiveness in one can lead to effectiveness in other or vice versa. Some components may be complimentary in nature or may be considered as an alternative Internal Control feature. So, all will not share equal place as generally shown in the popular COSO Cube diagram.

Looking at the third dimension of COSO Framework, You will again realize that one activity or business unit can affect other activities or business units. Thus it is important to know conflicts and trade off required between various businesses segments plotted on the COSO Cube.

Now let us consider degree of responsibility from bottom level management up to board of directors. Business people talk a lot of Corporate Governance and Internal Controls Convergence. We have laws like SOX and J-SOX. People want to get certified and we have SAS 70. CEOs & CFOs are required to certify adequacy and effectiveness of Internal Controls. Don't you think we are thinking too linearly and relationship between business components and objectives can be dynamic and the diagram cannot visualize multi dimensional aspects of business risk and controls?

Let us visualize that each COSO cell contains a triangle. Triangle of Responsibility. What you see? Conflicts in responsibilities! Disproportionate allocation of duties and responsibilities! Varying expertise at each level of management!

Why do you think we have cases like failing banks, workers killing CEO while on resolving industrial dispute, open disputes between brothers having legacy of a great corporate showman?

What is current state of affairs as far as Corporate Governance is concerned? Why Insider Trading is quite common.

Do we need to change our world view? Our current paradigm is not allowing us to see the reality. Whether you will consider breach of control at the lower level same as breach of control at the higher level. Will introduction of an extra control, legal provision or code of conduct be appropriate? If so, will it be treated and implemented similarly in all the cases or market forces can influence the justice or design of control itself? Overriding control is the name of the game.