COSO Model Can Be Used for Internal Controls for Grants and Cyberspace

January 28, 2015 | By Jerry Ashworth | Post a Comment

hand-over-keyboard-1377963-mThe grants community is becoming aware of the importance of having internal controls, and using the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) internal control model to ensure that their grant programs aren’t targets of fraud, waste and abuse is a useful tool. The COSO model was even mentioned in §200.303 in the Office of Management and Budget’s uniform grant guidance as a key reference for internal controls. Now the COSO model, otherwise known as the Internal Control-Integrated Framework, has potential in another arena — cyberspace.

A recent COSO report found that while the growth of the Internet has boosted productivity and expanded markets, it also has fueled the growth of online hackers that steal critical data and create other cyberattacks. The report provides direction on how the Internal Control-Integrated Framework and COSO’s Enterprise Risk Management-Integrated Framework can help organizations effectively and efficiently evaluate and manage cyber risks.

The report states that the COSO internal control model can provide direction on identifying and implementing internal control components and principles, from demonstrating commitment to integrity and ethical values, to risk analysis, and evaluating and communicating deficiencies.

“There is growing concern at all levels of industry about the challenges posed by cybercrime,” said COSO Chairman Robert B. Hirth Jr. “This new guidance helps put organizations on the right path toward confronting and managing the frightening number of cyberattacks.”

Organizations concerned about their online security can use the report to determine whether they:

  • are focused on the right things?
  • are proactive or reactive?
  • are adapting to change?
  • have the right talent? and
  • are incentivizing openness and collaboration?

Also, the COSO model helps executive management to determine if they can articulate their cyber risks and explain their approach and response to such risks. “Cyber risk will only continue to be more difficult to manage as time passes, technology evolves and hackers become more sophisticated,” the report adds. The COSO model “can be used to guide a transformation that supports an organization’s efforts to design, evaluate and maintain an environment of being secure, vigilant and resilient in a cyberdriven world.”

What do you think about this expanded use of the COSO model? Let us know.



Post a Comment

Your email is never shared. Required fields are marked *