A discussion about internal controls came up recently which reminded me of some work I had done a few years back. In summary, the problem is that most internal control frameworks are designed for corporate entities and specifically US organizations. How applicable are they to a public sector context?
Continue readingMost people have heard of the mnemonic SMART. What you may not know is that this heuristic will turn 40 next year. Written by George T. Doran, it was first published in 1981 [1].
A comprehensive list of risk categories to support a definition previously provided. Categories can be downloaded via MS Excel.
Continue readingIn a previous blog I introduced the concept of the 4 Cs: Communication, Coordination, Control & Command. These are management and organizational tools to achieve short- and long-term objectives. They also have their own individual costs, benefits and effectiveness. In this thought exercise I want to focus on the impact the above have on organizational trust.
Continue readingWhat is the role of business process mapping to internal controls? The Sheffield model outlines various purposes for mapping, including clarity, compliance, process improvement, and training. The Sheffield University guidance provides a structured approach to process mapping, with different levels and options for each purpose, emphasizing the importance of accurate documentation.
Continue readingDocument for use during the 2018-12-05 Vienna Based International Organization Presentation:
It presents concepts found in posts relating to COSO and internal control, in particular:
I introduced the ‘Management Control and Enablement Framework’ (MCEF) in a previous blog, MCEFing the Gap – Introduction. In this blog I hope to address one possible reaction, “Great, Another Friggin’ Framework”.
Continue readingOrganizations are created to achieve objectives of a board of directors or the equivalent. The challenge has been how to enable an organization but also protect the resources entrusted to it by its owners. That is, how do you both Control and Enable an organization? The COSO Framework frames the question of Control but does not address the other side of the coin, things like employee-motivation, capitalizing on opportunities, customer service or the outcomes of public policy. These are examples of what I call ‘Enablement’.
Continue readingThe author completed a COSO certification course, appreciating its quality despite previous frustrations with online learning. However, the course fell short in addressing the practical deployment of COSO, leaving gaps in internal-control specifics. Nonetheless, COSO promotes adaptability for organizations, suggesting they can customize the framework to better suit their needs.
Continue readingThe article discusses the challenge of measuring internal control effectiveness within organizations, specifically within the COSO framework. It emphasizes the need for reasonable assurance rather than absolute control, encouraging periodic checks on high-risk processes. It suggests organizations regularly review and update controls for relevance and effectiveness to ensure organizational objectives are met.
Continue reading
Organizational Biology 
