Explain how coso framework can be applied in a computerised environment - Essay Example

COSO is an internal auditing standard. Internal control activities include all procedures required for ensuring financial statements that are true and correct, not tainted with errors or frauds. The COSO framework helps entities improve the management of the economy and efficiency of business operations (Cascarino, 2012). Control Activities: Control activities focus on ensuring all management policies and directives are implemented. The control activities include gathering valid and relevant data.

Data pertains to the competitors, economy, and regulatory measure compliance. Management uses the control activities to reduce the effects of risks (Regan, 2004). Policies and Procedures. Management responsibilities include the implementation of the COSO Framework’s internal control policies and procedures. The aspects focus on being aware of any possible operational risks. Being aware includes pinpointing current and future business and other computerised environment risks. Consequently, management should focus the COSO Framework on resolving current and future risks that crop up during each business operation.

For example, policies and procedures include requiring the cashiers to issue official receipts for each computer generated sales activity. The official receipts are evidences of the day’s total generated cash collections. The computerised printout of a day’s total sales should include the official receipts, or purchase order forms. The store personnel must ensure the physical count of store or office supplies is equal to the quantity of each supply type shown in the computerised database list (Pfister, 2009).

Security (application and Network). The COSO Framework’s internal control activities require that all individuals must use passwords in order to prevent the unauthorised persons from viewing, adding, or deleting the computerised database. Likewise, security guards and other company personnel shall prevent the entry of unauthorised persons into confidential computerised environments. For example, only the authorised inventory personnel cannot enter and change the details of the inventory department’s computersied inventory database.

Likewise, only authorised employees are allowed to open, append and edit the accounting database. The Information Technology department allows authorised employees to access certain databases such as the inventory and receivables databases. Lastly, the company should affix CCTV cameras on all floors, offices, rooms, entrances, and exits within the computerised entities’ premises (Moeller, 2011). Further, the COSO Framework’s internal control activities incorporate a computerised generation of assigned performances.

The computerised performance results will help management implement remedial measures. Remedial measures are used to correct lackluster performances. For example, the computerised report indicating a sales person generated low sales performance will persuade management to increase the advertising budgets (Moeller, 2011). Further, management must ensure that segregation of computerised database access is implemented. For example, the cashier cannot access the accounting department’s database.

Likewise, the accounting department personnel cannot access the inventory dep