A comprehensive list of risk categories to support a definition previously provided. Categories can be downloaded via MS Excel.
Continue readingThe Categorically Complete (ish) List of Risk Categories
Reply
Category Archives: MCEF
Defining Risk Categories
A survey of definitions for ‘risk category’ results in one that is organization focused: A risk category allows for the grouping of one or more risks in a manner that is meaningful to the organization and its key external-stakeholders such as investors, citizens, auditors. etc.
Continue readingBusiness Process Documentation or Borrowing from Sheffield
What is the role of business process mapping to internal controls? The Sheffield model outlines various purposes for mapping, including clarity, compliance, process improvement, and training. The Sheffield University guidance provides a structured approach to process mapping, with different levels and options for each purpose, emphasizing the importance of accurate documentation.
Continue readingPractical COSO – VBIO
Document for use during the 2018-12-05 Vienna Based International Organization Presentation:
2018-12-PracticalCOSO
It presents concepts found in posts relating to COSO and internal control, in particular:
MCEF – Not Another Framework!
I introduced the ‘Management Control and Enablement Framework’ (MCEF) in a previous blog, MCEFing the Gap – Introduction. In this blog I hope to address one possible reaction, “Great, Another Friggin’ Framework”.
Continue readingMCEFing the Gap – Introduction
Organizations are created to achieve objectives of a board of directors or the equivalent. The challenge has been how to enable an organization but also protect the resources entrusted to it by its owners. That is, how do you both Control and Enable an organization? The COSO Framework frames the question of Control but does not address the other side of the coin, things like employee-motivation, capitalizing on opportunities, customer service or the outcomes of public policy. These are examples of what I call ‘Enablement’.
Continue readingCOSO – Mind the Gap
The author completed a COSO certification course, appreciating its quality despite previous frustrations with online learning. However, the course fell short in addressing the practical deployment of COSO, leaving gaps in internal-control specifics. Nonetheless, COSO promotes adaptability for organizations, suggesting they can customize the framework to better suit their needs.
Continue readingMeasuring Control – Challenges
The article discusses the challenge of measuring internal control effectiveness within organizations, specifically within the COSO framework. It emphasizes the need for reasonable assurance rather than absolute control, encouraging periodic checks on high-risk processes. It suggests organizations regularly review and update controls for relevance and effectiveness to ensure organizational objectives are met.
Continue readingCOSOPS: COSO for the Public Service
COSOPS is a modified version of the COSO framework applied to public sector organizations. COSOPS highlights internal controls aimed at efficiency, reliability of reporting, and compliance with laws. Key changes include emphasizing public accountability, the role of civil service, fiscal matters, and external oversight, aiming for improvement in public policy functions.
Continue readingCOSO Competitors
This is the third in a series of the internal control. The first blog, Internal Control and COSO, introduced this framework including highlighting some of its short comings. The second blog, A List of Internal Controls, attempted to create the most comprehensive list of controls ever constructed (or that at least I could find). This blog asks the question, “does COSO have competitors or is there a better control framework out there?“.
Continue reading
Organizational Biology 
