Understanding COSO: developing strong internal controls

The latest view on not-for-profit accounting issues

internal, internal controls, fraud, nonprofit, accountingIt is important to note that there is NO way to fully prevent fraud. Collusion between employees will always be a risk in your organization but a strong internal control system will help minimize the damage and limit fraudulent opportunities. Understanding why employees commit fraud is vital in creating a successful prevention strategy. The fraud triangle, which was developed by criminologist Donald Cressey, helps explain what circumstances need to be present for an employee to commit fraud.

The Fraud Triangle

  1. Pressure/Incentive: This could be from debt obligations such as medical bills, credit card debt or greed.
  2. Rationalization: An employee could rationalize fraud by perceiving it as “borrowing” the money with the intention of paying it back or feeling like they are “owed” the money by being overworked, underpaid or underappreciated.
  3. Opportunity: An employee must perceive they have the opportunity to commit fraud without being caught. (Out of the three areas, opportunity is the only one your nonprofit has control over.)

What’s COSO?

I am going to write a series of six blogs (including this one) that will take a look at the five components of the COSO framework and how you can utilize them in your nonprofit. But first, let’s discuss what COSO is and why it was created.

The Committee of Sponsoring Organizations’ was formed in 1985 to help combat fraud by outlining areas that need to be considered in order to have an effective internal control structure. The COSO Framework was originally released in 1992 and was adapted for small and medium-sized enterprises (SMEs) in 2006. Overall, the framework will aid your nonprofit in developing effective internal controls for your nonprofit’s operations, reporting and compliance.

There are five components of the COSO framework – control environment, control activities, risk assessment, information and communication and monitoring – that, if well thought out, will greatly help reduce the likelihood for fraud occurring undetected within your nonprofit. In the next blog, we will analyze the control environment and discuss why it is the foundation of the COSO framework. We will also discuss questions your nonprofit should be asking to evaluate the effectiveness of your control environment. Stay tuned!

Jared Morrison, CPA