Control Framework

COSO’s Internal Control Framework

The Committee of Sponsoring Organization (COSO) consists of

the American Accounting Association, the American Institute of Certified
Public Accountants, The Institute of Internal Auditors, the Institute of
Management Accountants, and the Financial Executives Institute. COSO
issued Internal Control-Integrated Framework (IC) in 1992, that
recognized as competence of internal control and divided into policies,
rules, and regulations that utilized to control business activities.

COSO’s Enterprise Risk Management Framework

The second control framework developed by COSO is Enterprise Risk

Management-Integrated Framework (ERM), purposed to improve risk
management process. The basic principles of ERM:

1. Companies are formed to create value for their owners.

2. Management must decide how much the uncertainty it will accept

when it creates value.

3. Uncertainty contains risk, which can probably bring negative effect

to the company as it creates or preserves value.

4. Uncertainty contains opportunity, which can probably bring positive

effect to the company as it creates or preserves value.

5. The ERM framework can supervise uncertainty as well as create or

preserve value.
ERM Framework versus IC Framework

Five interrelated components of COSO’s Internal Control Framework:

1. Control environment

The main part of any business is on the people and the environment
in which they operate.

2. Control activities

Control policies and procedures help to ensure the continuity of the

company performance as necessary to address risk and achieve
company’s objectives effectively.

3. Risk assessment

The company has to identify, analyse, and manage its risk. It must set
objectives to keep the organization to work in concert.

4. Information and communication

Information and communication systems capture and exchange

information for conducting, managing, and controlling the
organization activity.

5. Monitoring

It is important to monitor the entire process and change made as

necessary so the systems can adjust to the condition.

The Internal Control Framework has been widely recognized as

the way to evaluate internal controls. However, it examines regardless
to the purposes and risks of business process and provides little
condition for evaluating the result so it is hard to know which control is
the most important.

The ERM Framework is more comprehensive as it is a risk-based

not a control-based approach. ERM also more flexible and relevant as it
added three additional components to IC Framework: setting objectives,
identifying events that may affect the organization, and developing a
response to the assessed risk. It also recognizes that risk can be
accepted, avoided, diversified, shared, or transferred.

Case Study Analysis:

1. Control environment

Officials. Especially the minister of religion. Due to their status as a

minister of religion, they gain the trust of the people in the matter of
Hajj with ease. Because of the remaining quota of pilgrims from those
who failed to leave due to illness, death, or failing to pay the hajj,
Suryadharma Ali, as minister of religion and leader of Hajj in 2012 using
the quota of Hajj and the 30 people, namely children, wife, brother-in-
law, and colleagues. In fact, the quota should be used for prospective
pilgrims next year, especially those who are elderly.

2. Control activities

Some pilgrims are not able to follow the Hajj (for example, those
who already passed away), officials use the Hajj fee to improve the
quality of Hajj services. An example is the renovation of hajj dormitories
because they get complaints from the hajj followers.

3. Risk assessment

Hajj funds should not be used for things that have nothing to do with
the pilgrimage. The article states that the hajj contribution fund is used
to create a parking lot and renovate the hajj hostel. These funds should
be provided by the APBN.

4. Information and communication

Lack of transparency and accountability of internal parties to

prospective pilgrims. Evidence is seen from the funds channelled for
things that are not related to the salary affairs.
5. Monitoring

The government sent investigators to inspect the flow of funds for

Hajj. KPK also questioned Suryadharma Ali about the flow of the funds
and his involvement in corruption allegation and his usage of Hajj quota.