Integrating Risk Management And Management Control

Integrating risk management (RM) and management control together has been considered as a significantly essential approach to bring about high quality of RM. This idea has been developed since the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published integrated framework for internal control in 1992. Ten yeas later, Section 404 compliance, which is part of Sarbanses-Oxley Act, was enacted in 2002 for the purpose of reviewing and reporting on effectiveness of internal control. In 2004, COSO also released Enterprise Risk Management (ERM), which is a framework to realize establishment of internal control and compliance with Section 404. As an initial step in developing risk management capability, this begins by†¦show more content†¦Additionally, it makes sure to keep financial reporting reliable in order not to face unnecessary trouble, such as fraud. Not only that, ensuring that enterprises follow laws and regulations thoroughly is also an essential part of this. If this is not put in place enough, organizations are very likely to damage their reputation, which is considered to be one of potential risks for them. Hence, it is clear that internal control could act as a regulator to minimize risks, which means establishing and maintaining proper internal control could be an effective way to constantly benefit from outcomes of RM. 2.2. The Coso Cube Among five interrelated factors composing internal control (Figure1: The COSO Cube), there is monitoring. This is mainly conducted by internal and external auditors to assess whether implemented internal control are functioning properly and effectively. In the course of this ongoing monitoring, if some deficiencies are to be discovered, then auditors report upstream to managers and the board. Compared with internal auditors, external auditors could bring about more