The COSO Financial Controls Framework: 1992 version

This page describes the original, 1992 COSO Financial Controls Framework. See also the
2004 Enterprise Risk Management (ERM) COSO Framework

The original COSO framework is outlined in a document: 1992 COSO Report: Internal
Control – An Integrated Framework.
This document identifies what the commission believed to be the fundamental and
essential objectives of any business or government entity:

• economy and efficiency of operations, including safeguarding of assets and

achievement of desired outcomes;
• reliability of financial and management reports; and
• compliance with laws and regulations.

Purpose
Describes a unified approach for evaluation of the internal control systems that
management has designed to:

• provide reasonable assurance of achieving corporate mission, objectives, goals

and desired outcome,
• while adhering to laws and regulations
• allow the company to accurately report successes and outcomes to the public and
interested third parties.

and
• serves as a common basis for managements, directors, regulators, academics and
others to better understand enterprise risk management, its benefits and
limitations, and to effectively communicate about enterprise risk management

Control Components
The COSO Cube
The original COSO framework contains five control components needed to help assure
sound business objectives. The control components are:

• Control Environment.
• Risk Assessment.
• Control Activities.
• Information and Communication.
• Monitoring.

More specifically, the thought process behind these five components was that they would
work together to support efforts to achieve an organization's mission, strategies and
related business objectives. All five components would need to be in place to achieve an
"effective" internal control system.
Control Environment
- Integrity and Ethical Values
- Commitment to Competence
- Board of Directors and Audit Committee
- Management’s Philosophy and Operating Style
- Organizational Structure
- Assignment of Authority and Responsibility
- Human Resource Policies and Procedures

Risk Assessment
- Company-wide Objectives
- Process-level Objectives
- Risk Identification and Analysis
- Managing Change

Control Activities
- Policies and Procedures
- Security (Application and Network)
- Application Change Management
- Business Continuity / Backups
- Outsourcing

Information and Communication

- Quality of Information
- Effectiveness of Communication

Monitoring
- On-going Monitoring
- Separate Evaluations
- Reporting Deficiencies

The COSO Financial Controls Framework: 2004 Version

This page describes the 2004 Enterprise Risk Management (ERM) COSO Framework.
See also the original, 1992 COSO Financial Controls Framework

The original COSO framework is outlined in a document: 1992 COSO Report: Internal
Control – An Integrated Framework.

Why was the COSO framework updated? Here's the word from COSO:

Enterprise Risk Management — Integrated Framework (2004)

In response to a need for principles-based guidance to help entities design and
implement effective enterprise-wide approaches to risk management, COSO issued the
Enterprise Risk Management – Integrated Framework in 2004. This framework defines
essential enterprise risk management components, discusses key ERM principles and
concepts, suggests a common ERM language, and provides clear direction and guidance
for enterprise risk management. The guidance introduces an enterprise-wide approach to
risk management as well as concepts such as: risk appetite, risk tolerance, portfolio
view. This framework is now being used by organizations around the world to design and
implement effective ERM processes.

Click here to view the Executive Summary of the 2004 COSO Document: Enterprise
Risk Management (ERM) COSO Framework.

View the New COSO Cube

Overview

The new Enterprise Risk Management (ERM) COSO framework emphasizes the
importance of identifying and managing risks across the enterprise. The new COSO
framework consists of eight components:
1. Internal control environment
2. Objective setting
3. Event identification
4. Risk assessment
5. Risk response
6. Control activities
7. Information and communication
8. Monitoring.

The three new components of the COSO framework are Objective setting, Event
identification, and Risk response.

FAQs

Have questions? Click here to get answers to the following Frequently Asked Questions:

FAQs for COSO's Enterprise Risk Management — Integrated Framework A. What is the
framework and how do I get it?
1. What is in the framework?
2. Where can I find the framework?

B. Why is this a framework that organizations should support?

1. What limitations of existing enterprise risk management models prompted creation of a
new framework?
2. How might the framework assist organizations in structuring their entities to best
manage exposure to risk?
3. Is there such a thing as being overly conscientious about risk?

C. What are some of the key concepts established in this framework?

1. What is the difference between risk appetite and risk tolerance?
2. How does an organization determine the right amount of risk for the value it is trying
to create for stakeholders and how should it communicate its risk policy to stakeholders?
3. What is the relationship between effective enterprise risk management and improved
financial reporting and transparency?
4. Is this intended for private organizations? Is there any organization this is not intended
for?

D. How does this framework relate to COSO's Internal Control Framework?

1. Are you replacing the Internal Control Framework with the Enterprise Risk
Management Framework?
2. What is the relationship between technology controls and effective enterprise risk
management?
3. If you have good internal control, isn’t that a way of managing risk?
4. What does the new framework offer clients that are focusing on internal control?

E. How might organizations view the framework in the context of their Sarbanes-Oxley
404 compliance process?
1. With the significant amount of implementation efforts companies are currently
undertaking for Sarbanes-Oxley compliance and adoption of new accounting standards,
why should companies be motivated to implement enterprise risk management?
2. What makes this different from the internal control framework? How does it relate to
Sarbanes-Oxley reporting?

F. How do people in an organization intersect with this framework?

1. What is the role of the board in enterprise risk management? How does this framework
help them?
2. What is the role of the CFO and others in the financial management organization in
enterprise risk management? How will this framework help them?
3. What is the role of internal auditors in enterprise risk management? How will this
framework help them?
4. Who are the potential implementers of the framework?

Why the focus on Enterprise Risk Management?

Here's what COSO says:

Value is maximized when management sets strategy and objectives to strike an optimal
balance between growth and return goals and related risks, and efficiently and effectively
deploys resources in pursuit of the entity’s objectives. Enterprise risk management
encompasses:

• Aligning risk appetite and strategy – Management considers the entity’s risk
appetite in evaluating strategic alternatives, setting related objectives, and
developing mechanisms to manage related risks.
 • Enhancing risk response decisions – Enterprise risk management provides the
rigor to identify and select among alternative risk responses – risk avoidance,
reduction, sharing, and acceptance.
• Reducing operational surprises and losses – Entities gain enhanced capability to
identify potential events and establish responses, reducing surprises and
associated costs or losses.
• Identifying and managing multiple and cross-enterprise risks – Every enterprise
faces a myriad of risks affecting different parts of the organization, and
enterprise risk management facilitates effective response to the interrelated
impacts, and integrated responses to multiple risks.
• Seizing opportunities – By considering a full range of potential events,
management is positioned to identify and proactively realize opportunities.
• Improving deployment of capital – Obtaining robust risk information allows
management to effectively assess overall capital needs and enhance capital
allocation.

These capabilities inherent in enterprise risk management help management achieve the
entity’s performance and profitability targets and prevent loss of resources. Enterprise
risk management helps ensure effective reporting and compliance with laws and
regulations, and helps avoid damage to the entity’s reputation and associated
consequences. In sum, enterprise risk management helps an entity get to where it wants
to go and avoid pitfalls and surprises along the way.
IS-54 and IS-136 are second-generation (2G) mobile phone systems, known as Digital
AMPS (D-AMPS). It was once prevalent throughout the Americas, particularly in the
United States and Canada. D-AMPS is considered end-of-life, and existing networks
have mostly been replaced by GSM/GPRS or CDMA2000 technologies.

This system is most often referred to as TDMA. That name is based on the acronym for
time division multiple access, a common multiple access technique which is used by
multiple protocols, including GSM, as well as in IS-54 and IS-136. However, D-AMPS
has been competing against GSM and systems based on code division multiple access
(CDMA) for adoption by the network carriers, although it is now being phased out in
favor of GSM/GPRS and CDMA2000 technology.

D-AMPS uses existing AMPS channels and allows for smooth transition between digital
and analog systems in the same area. Capacity was increased over the preceding analog
design by dividing each 30 kHz channel pair into three time slots (hence time division)
and digitally compressing the voice data, yielding three times the call capacity in a single
cell. A digital system also made calls more secure because analog scanners could not
access digital signals. Calls were encrypted, although the algorithm used (CMEA) was
later found to be weak.[1]

IS-136 added a number of features to the original IS-54 specification, including text
messaging, circuit switched data (CSD), and an improved compression protocol. SMS
and CSD were both available as part of the GSM protocol, and IS-136 implemented them
in a nearly identical fashion.

Former large IS-136 networks included AT&T in the United States, and Rogers Wireless
in Canada. AT&T and Rogers Wireless have upgraded their existing IS-136 networks to
GSM/GPRS. Rogers Wireless removed all 1900 MHz IS-136 in 2003, and has done the
same with their 800 MHz spectrum as the equipment failed. Rogers deactivated their IS-
136 network (along with AMPS) on May 31, 2007. AT&T soon followed in February
2008, shutting down both TDMA and AMPS.

Alltel, who primarily uses CDMA2000 technology but acquired a TDMA network from
Western Wireless, shut down their TDMA and AMPS networks in September 2008. US
Cellular, who now also primarily uses CDMA2000 technology, shut down their TDMA
network in February 2009.

IS-54 is the first mobile communication system which had provision for security, and the
first to employ TDMA technology.

Present Status of Telecom Services

The telecommunication service in World had a great leap within a last few year. . 6
billion people own a mobile phones so we are going to analyze the various generations of
cellular systems as studied in the evolution of mobile communications from 1st
generation to 5th generation .Now almost all the service providers as well as the
customers seek for availing these 3G and 4G services. We can analyze that this could be
due to increase in the telecoms customers day by day. In the present time, there are four
generations in the mobile industry. These are respectively 1G the first generation, 2G the
second generation, 3G the third generation, and then the 4G the forth generation. Ericson
a Swedish company is launching this high tech featured mobile into the market. It is
being first introduced in the Swedish Capital city, Stockholm.

Present Status of Telecommunication Services in Asian

Countries
Now we are in the midst of 4G. In China, the 3G service came into existence only by last
February. Therefore, that it may take time for exposing to other states. But we should also
realize many other countries such as the Asian countries were using these services since
last decade. Due to these reasons, we can hope that the 4G may enter within a few years.
The 3G (Third Generation) had also reached India recently. There is no doubt that within
a few years India will be the first in telecom users also.

What's 4G Mobile Technology by Prof. Willie Lu,

3G and 4G Services

See all 17 photos

3G and 4G Services
Analysis of Telecom Services
Let us examine what these 3G & 4G have rather than that of 1G and 2G.

Analysis of 1G and 2G services

In 1G, Narrow band analogue wireless network is used, with this we can have the voice
calls and can send text messages. These services are provided with circuit switching.
Today’s the usual call starts from the beginning pulse to rate to the final rate. Then in
case of 2G Narrow Band Wireless Digital Network is used. It brings more clarity to the
conversation and both these circuit-switching model.

Both the 1G and 2G deals with voice calls and has to utilize the maximum bandwidth as
well as a limited till sending messages i.e. SMS. The latest technologies such as GPRS, is
not available in these generations. But the greatest disadvantage as concerned to 1G is
that with this we could contact with in the premises of that particular nation, where as in
case of 2G the roaming facility a semi-global facility is available.

2.5 Generation
In between 2G and 3G there is another generation called 2.5G. Firstly, this mid
generation was introduced mainly for involving latest bandwidth technology with
addition to the existing 2G generation. To be frank but this had not brought out any new
evolution and so had not clicked to as much to that extend.

HubPoll: 5G Wireless Systems

Interesting applications of 4G Mobile Phone
What is 3G Generation
But to overcome the limitations of 2G and 2.5G the 3G had been introduced. In this 3G
Wide Brand Wireless Network is used with which the clarity increases and gives the
perfection as like that of a real conversation. The data are sent through the technology
called Packet Switching .Voice calls are interpreted through Circuit Switching.

What is Packet Switching

This is actually done by supplying various addressed packets, which will be
interconnected to have the conversation. It is not necessary to create a new dedicated path
for sending the data. It had been modified in such a way that the data can be send through
any path; hence, this data will be received at a less time as compared to that of voice
calls.

Packet Switching in Computer networks

The data packs are also used in computer that is when we connected with internet this
data pack helps to download the web pages that is being displayed in the monitor. For a
Data Pack it does not need any separate path for downloading or displaying any objects
in the computer or any other equipment. This is due to the reason that by networking,
separate paths are being created and after analyzing each, the data are being transferred to
the correct access point.

Evolution of Mobile phones - Analog Motorola

DynaTAC 8000X to Hitachi 3D Display Phones
Click thumbnail to view full-size
1983 Motorola DynaTAC 8000X Analog Motorola DynaTAC 8000X Advanced Mobile
Phone System mobile phone as of 1983.

3G and 4G Featuress
Main 3G Services
With the help of 3G, we can access many new services too. One such service is the
GLOBAL ROAMING. Another thing to be noted in case of 3G is that Wide Band Voice
Channel that is by this the world has been contracted to a little village because a person
can contact with other person located in any part of the world and can even send
messages too. Then the point to be noted is that 3G gives clarity of voice as well can talk
with out any disturbance. Not only these but also have entertainments such as Fast
Communication, Internet, Mobile T.V, Video Conferencing, Video Calls, Multi Media
Messaging Service (MMS), 3D gaming, Multi-Gaming etc are also available with 3G
phones.

Main 4G Features
Then with the case of Fourth Generation that is 4G in addition to that of the services of
3G some additional features such as Multi-Media Newspapers, also to watch T.V
programs with the clarity as to that of an ordinary T.V. In addition, we can send Data
much faster that that of the previous generations.

What is the reason for delay in implementing 3G and

4G Mobile services?
It is very sad to say that the 3G services had only reached with in some towns of china, so
that it may take time to reach to Other countries. Another major defect of this is that
Wide Band Frequency Spectrum, which is needed for 3G, is lacking. Another reason for
this is that it a cost bearing item especially for sending data. So for us it is a higher one
which could be used only by upper classes. If it should be accepted among all customers,
firstly it should be availed at a lower rate, for which the rate of spectrum should be
declined.