Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Beyond COSO", Steven J. Root

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKBECOSO.RVW 20070218 Beyond COSO , Steven J. Root, 1998, 0-471-39112-3, U$65.00/C$84.99 %A Steven J. Root %C 5353 Dundas Street West, 4th Floor,
    Message 1 of 1 , Mar 29, 2007
      BKBECOSO.RVW 20070218

      "Beyond COSO", Steven J. Root, 1998, 0-471-39112-3, U$65.00/C$84.99
      %A Steven J. Root
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 1998
      %G 0-471-39112-3
      %I John Wiley & Sons, Inc.
      %O U$65.00/C$84.99 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0471391123/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0471391123/robsladesin03-20
      %O Audience i Tech 1 Writing 2 (see revfaq.htm for explanation)
      %P 340 p.
      %T "Beyond COSO: Internal Control to Enhance Corporate Governance"

      In the preface, the author notes that it is impossible to have
      complete control of any situation: problems and fraud will happen
      despite all of our efforts. Root recommends that companies should
      implement internal controls as suggested by COSO (the Committee of
      Sponsoring Organizations of the Treadway Commission), but must also go
      beyond them, in a manner similar to the layered defence or defence in
      depth models.

      Chapter one contains an analysis of the limitations of the COSO
      directives (and ends with a rather odd overview of the book itself).
      The concepts of, and problems with, internal control is covered in
      chapter two. Chapter three presents a history of twentieth century
      corporate frauds and the attempts to restrict them. Business ethics
      and values are discussed in chapter four.

      Chapter five outlines the COSO framework, noting that internal
      controls provide assurance of the efficiency of operations and
      reliability of financial reporting--as long as there is compliance
      with the laws and regulations. (As this material is based on the 1992
      version of COSO, it is interesting to note that the components of risk
      management are pretty much the same, but that the dimensions of
      objectives categories and unit-levels had not yet been added to the
      model.) Further concerns and limitations of COSO are expressed and
      analyzed. Additional frameworks are reviewed in chapter six. Using a
      hybrid of devices from these other frameworks, chapter seven suggests
      the extension of internal controls with additional management aspects.
      Chapter eight recommends that an oversight process be established for
      internal controls, noting particularly legal obligations and related
      factors such as standards of care, generic corporate organization and
      business roles and tasks. The oversight issues are extended in
      chapter nine, looking in more detail at job roles, and also insights
      that arise from chaos theory. Chapter ten finishes off the book with
      a review of the reporting of internal controls: much of this is
      concerned with the wording used in such statements, and the
      ineffectiveness of such reports to control incidents and fraud.

      Despite its age, this book is one of the more useful guides in the
      area of governance and controls in corporations. Root was willing to
      go beyond the usual promotional jobs that masquerade as management
      advice. While he does not solve the problem, he at least makes the
      issues clearer, and raises interesting points in regard to solutions.

      copyright Robert M. Slade, 2007 BKBECOSO.RVW 20070218

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      And the tubby beard went on.
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.