The business model created by the Committee of Sponsoring Organizations of the Treadway Commission, known as COSO’s framework, helps to achieve business objectives through internal control procedures.
Consequently, a business model created under COSO’s framework is designed not only for internal management but also for other issues a business may encounter. In order to attain a business objective, an entity will need to first design internal controls based on the objective, and then assess the risks to attain it. The objective can be expanding the business, maintaining current customer relationships, or other major issues and opportunities related to achieving or increasing profitability.
One valuable contribution of the framework is the formalization of responsibilities between management in different departments and in the layers of a company. COSO framework lays out the objectives for different layers of a company ie: companywide, divisional, departmental, and activity-level.
Typically, senior management, normally the CEO and CFO, initiate a companywide objective. In turn, the divisional management will receive direction from top management regarding how to achieve the companywide objective. Finally, when the objective reaches the activity-level, it becomes job guidance and internal control procedures for workers to follow.
Assuming the objective is attainable, would it be logical to assume that any firm who adopts COSO framework will be successful? Of course, the answer is no. To achieve the objective, each level of management needs to be held responsible for implementation of the objective. Ultimately, the working relationships in the office become task to task instead of human to human, and not everyone will be comfortable with the change.
To maximize the chances of making this new objective work, it is essential for the management members to understand and be familiar with the responsibility and treat their subobjective as the top priority above other concerns or personal interest. Unfortunately, part of human nature is maximization of self-interest which can conflict with these objectives. Even if the design or its enforcement are targeted to the objectives, it will still be easy to circumvent the objective without management’s commitment. If this becomes a company-wide pattern, a lower-level staff is not likely to treat the internal controls seriously, especially if they see company resources and incentives not being reasonably allocated.
As individualism and company politics prevail in our culture, lack of “prioritizing tasks and objectives” will prevent companies that want to use COSO models from succeeding. Only activity-level objectives will be reached, such as making sure everyone shows up on time for meetings or enforcing a dress code. For a complex objective that involves many parties, it is simply not worth the time and effort to try to implement COSO framework in many entities.
COSO created a framework so that companies can be successful. It is certainly a framework companies should aspire to a achieve.
However, if companies do not have properly aligned values, they will not be successful with that type of implementation.