Professional Documents
Culture Documents
Control Activities: COSO Framework Script
Control Activities: COSO Framework Script
Control Activities: COSO Framework Script
The COSO (that is, the committee of sponsoring organizations) framework was developed in order to
provide a roadmap to developing efficient internal control systems.
The types of activities that fall under this framework can be categorized into 4:
· Control activities, which are tasks and activities that help you achieve your internal control
objectives such as authorizations and approvals, verifications, reconciliations, and business
performance reviews.
o The fact that the top management wasn’t suspicious when Nick was making
abnormal profits in Singapore, even after knowing that he falsely claimed that there
was no pending court judgement against him while applying for a City of London
trading license showcases the management’s level of ignorance
o This nature of the management again comes into light when the top brass neglected
a warning posed by the firm’s internal auditors regarding the potential conflict of
interest due to Nick’s dual role at the front and back offices
o The firm also neglected the suggestion from James Bax (Head of Barings Singapore
office) for a change in internal reporting structure that would have facilitated closer
monitoring of Nick’s activities
o The firm conveniently forgot about the creation of a second error account (88888),
which Nick later leveraged to hide loss making transactions, and as a result claim
huge sums from the head office on the pretext of covering margin calls
o In an attempt to disguise unauthorized trading losses, Nick claimed that a sum of 50
million pounds was receivable from SIMEX, but that a delay had occurred because
an over the counter trade had been incorrectly booked. Such an anomaly should
have been investigated thoroughly.
· Risk Assessment activities, which involves (1) the organization’s analysis of the risks posed
by internal and external changes, (2) its ability to establish objectives and determine their
suitability for your business and (3) the process for weighing risks versus risk tolerances
o The firm neglected the risks associated with the internal change of assigning dual
roles of managing the front and back offices to Nick.
o Furthermore, when Nick asked for large sums from the head office on the pretext of
covering margin calls, the firm should have assessed the level of risk it was willing to
tolerate instead of blindly transferring funds based on perceived past performance.
· Information and communication activities stresses the importance of relevant and high-
quality information to control functions. Additionally, there needs to be internal messages
that emphasize the importance of control responsibilities, in addition to clear
communication of expectations with external parties.
· Monitoring activities involves the use of ongoing evaluations that are built into business
processes as well as regular separate evaluations, which may vary based on the level of risk,
system effectiveness and regulation requirements.
o Given the extent of leverage and authority assigned to Nick, the firm should have
incorporated processes to monitor the flow of funds. The lack of such a system
enabled Nick to conceal unauthorized activities performed by him. None of the
margin demands were doubted due to the firm’s short-sightedness.
o The firm did not monitor his activities in the front and back offices. Had it done so,
they would have been able to connect the dots early enough to reveal the true
nature of the firms Singapore operations early on.
o The fact that the firm was willing to go on Nick’s word regarding the 50 million
pounds that were apparently due from SIMEX goes to show the firms belief on Nick
to act in good faith. Nick leveraged this situation to forge documents to fake such a
fund transfer.