“In 1992, the Committee of Sponsoring Organizations (COSO)1 of the National Commission on Fraudulent Financial Reporting (also known as the Treadway Commission) published a document called Internal ControlIntegrated Framework”(AICPA, 2008) Ten years later “corporate scandals and diminished confidence in financial reporting among investors and creditors have renewed corporate governance as a top-of-mind priority for boards of directors, management, auditors, and stakeholders.” (Sobel and Reding, 2004) The federal government response was to enact Sarbanes-Oxley act of which section 404 requires the company to report on the effectiveness of their internal controls. The goal of this paper is to explain the differences between three types of internal controls preventive, detective, and corrective, while outlining a plan to implement enterprise risk management (ERM) based on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) for Comcast Cable Corporation
To implement corporate compliance processes a company needs to develop internal controls and corporate governance processes. The Committee of Sponsoring Organizations (COSO) defines “ internal control as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in three categories:
1. Effectiveness and efficiency of operations.
2. Reliability of financial reporting.
3. Compliance with applicable laws and regulations.” (AICPA, 2008)
“The new Sarbanes-Oxley act has a requirement that the auditing firm pass judgment on the company’s internal controls.” (Chew and Gillian, 2005, p 138) These internal controls can fall into three categories preventive controls, detective controls and corrective controls. Preventive controls are proactive actions or processes that a company develops in an attempt to prevent illegal or unethical actions from occurring. Preventive...