Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Ethics

Stage B - TV Worldwide

advertisement 
Risk Assessment &
Audit Services
Risk Management Capability Characteristics
Control Environment
COSO EXHIBIT B
Stage A
Stage B
Stage C
Stage D
Stage E
Ethical Values (policies)
A formal code of ethics policy does not
exist.
An informal ethics policy exists but
communication of policies is weak and
inconsistent throughout the
organization. Polices do not adequately
cover dealings both internally and with
external parties.
Employees do not routinely display
ethical behavior.
Employees are not consistently
displaying ethical behavior when
conducting Company activities with
internal and/or external parties.
Ethical Values –
(reporting)
There are no means by which
employees can report concerns
regarding ethical behavior
Informal methods exist to report
questions on ethical behavior however,
methods are not well established,
communicated or supported by the
organization.
A formal ethics policy exists, covers
the majority of aspects related to
ethical behavior involving internal
employees and external parties.
Policy communication is good and the
majority of policy aspects are
understood throughout the
organization. The policy is regularly
updated.
The majority of employees regularly
display ethical behavior in their dayto-day activities. Questions
periodically surface regarding a
specific aspect of expected behavior
but these questions are appropriately
and timely surfaced and addressed.
Formal methods exist, are considered
effective and well communicated
throughout the organization. Methods
are frequently reviewed and updated.
Confidentiality of methods is
considered good.
A formal ethics policy exists, is
considered best practice and
continuously updated. Policy
communication is excellent and fully
understood throughout the organization.
Policy is considered to cover all aspects
of behavior internally as well as with
external parties.
Ethical ValuesEmployees
Ethical Values Discipline
There are no consequences within the
organization for unethical behavior or
non-compliance with policy.
Discipline for violation of the code of
ethics is informal and not consistently
executed throughout the organization.
A formal ethics policy exists and is
considered to adequately cover most
aspects of ethical behavior involving
internal employees and with external
parties. Communication is adequate
however, not all aspects of the policy
are well understood throughout the
organization. The policy is only
periodically updated.
Most employees generally display
ethical behavior in most aspects of
day-to-day activities. Instances may
occur where inconsistent
communication of policy results in
questionable behavior in regards to
Corporate expectations.
Formal methods exist, and are
considered adequate, for employees to
report questions on ethical values.
Methods are communicated but not
fully understood or utilized throughout
the organization. Some questions may
exist regarding confidentiality of
reporting methods. Methods are only
periodically updated.
Some formal disciplinary measures
exist for violations to the code of
ethics however; methods may not be
well communicated or understood
throughout the organization. Also,
methods may be inconsistently
executed dependent on situation and
parties involved.
Formal disciplinary measures exist for
violations to the code of ethics.
Communication and understanding of
methods is considered good
throughout the organization. Methods
are consistently executed without bias
to situation or individuals involved.
Formal and well-established measures
exist for violations to the code of ethics.
Communication and understanding of
methods is excellent throughout the
organization. Methods are not
questioned and execution is fair and
always consisted.
All employees regularly display ethical
behavior in every aspect of day-to-day
activities. Any question regarding
appropriate activity is pro-actively
addressed and resolved prior to any
action.
Formal methods exist, are considered
best practice. Methods are continually
reviewed and updated. Confidentiality
rates are high.
1
Risk Assessment &
Audit Services
Risk Management Capability Characteristics
COSO EXHIBIT B
Stage A
Stage B
Stage C
Mgmt internal
control
philosophy and
actions
Management’s understanding of
internal control requirements is minimal
and as such, controls throughout the
organization are inadequate.
Management has a basic understanding
of internal controls requirements for
various processes however operational
needs and targets often overshadow
those requirements. Internal controls
throughout the organization are not
considered effective. Deficiencies are
not timely identified or corrected.
Management has an overall
understanding and acceptance of
internal control requirements for the
organization. Internal controls are
considered effective for the majority
of processes. Correction of issues is
considered effective but may vary
dependent on the criticality of the
process.
Management fully understands and is
committed to establishing effective
internal controls for all processes.
Internal controls are considered highly
effective for all processes. Timely
identification and correction of any
internal control deficiencies within the
organization always occurs.
Overall Control
Environment
Evaluation
The overall control environment of the
Company is considered ineffective and
ad hoc.
The overall control environment of the
Company is managed on a fairly
informal basis and is not considered
effective.
Management has a good understanding
of internal control requirements for
critical processes and is fairly
committed to those controls. Internal
controls for those processes are
considered adequate. Internal control
for less critical processes is not
considered a priority and may be
overlooked. Identification and
correction of issues is considered
adequate but may not always be
executed timely. Identification of
internal control deficiencies for less
critical processes is not considered a
priority and may be overlooked.
The overall control environment of the
Company is considered adequate.
Certain aspects of the environment
may need attention and should be
addressed to ensure they can be relied
upon.
The overall control environment of the
Company is considered effective. The
majority of the environment is well
controlled and can be relied upon.
The overall control environment of the
Company is considered optimal. All
aspects of the control environment are
controlled at a very effective level and
there is no question regarding
reliability.
Method to
identify
business risks
Identification of business risks (e.g.
entering new markets, offering new
products/services, privacy and data
protection requirements, changes in the
regulatory environment) is ad hoc and
up to the individual efforts of
employees/management.
The overall risk assessment process of
the Company is considered ineffective
and ad hoc
Methods to identify business risk are
informal and not consistently executed
or understood across the organization.
Methods to identify business risks are
formal and considered adequate for the
Company. Methods may not be
consistently executed and reviewed to
ensure they stay in line with the
organization size and needs.
The overall risk assessment process of
the Company is conducted on a fairly
informal basis and overall, is not
considered effective.
The overall risk assessment process of
the Company is considered adequate.
Certain aspects of the process may
need attention and should be addressed
to ensure it can be relied upon.
Methods to identify business risks are
formal and considered effective for the
Company. Methods are executed
fairly consistently and periodically
reviewed for effectiveness and their
alignment with the organization’s size
and needs.
The overall risk assessment process of
the Company is considered effective.
The majority of aspects of the process
is well defined and can be relied upon.
Methods to identify business risks are
considered best of class and highly
effective for the Company. Methods
are executed consistently and
continually reviewed for effectiveness
to ensure their alignment with the
organization’s size and needs.
The overall risk assessment process of
the Company is considered optimal.
All aspects of the process very effective
and there is no question regarding
reliability.
Overall Risk
Assessment
Stage D
Stage E
2
Risk Assessment &
Audit Services
Risk Management Capability Characteristics
COSO EXHIBIT B
Control
Activities
Information and
Communication
Stage A
Stage B
Information and
Communication
–Systems
Reliability
Systems do not provide for accurate and
timely reporting of financial data.
Systems produce financial data,
however significant manual effort is
incurred to ensure information is
accurate. Timeliness of obtaining
reporting information is an issue.
Overall
Management
communication
processes
Methods used by management to
communicate important aspects of
Company business to the employee
population are ad hoc and not
considered open, timely and effective.
Overall Control
Activities
The overall control activity process of
the Company is considered ineffective
and ad hoc
Methods used by management to
communicate important aspects of
Company business are varied and
dependent on the nature of the issue.
Communication is often unclear and
inconsistent throughout the company.
Management makes little effort to
clarify the communication.
The overall control activity process of
the Company is conducted on a fairly
informal basis and overall, is not
considered effective.
Correcting
Deficiencies
Actions by management to correct
deficiencies reported by internal audit
or the external auditors are considered
ad hoc and do not occur on a timely
basis.
Actions by management to correct
deficiencies reported by internal audit
or the external auditors are sporadic and
inconsistently executed. Actions do not
regularly results in effective resolution
of issues.
Overall
Monitoring
The overall monitoring process of the
Company is considered ineffective and
ad hoc
The overall monitoring process of the
Company is conducted on a fairly
informal basis and overall, is not
considered effective.
Stage C
Stage D
Stage E
Systems are considered adequate for
timely and accurate reporting of
financial data. Some manual effort
must occur to validate information and
ensure its accuracy due to either
interface issues or data reporting
issues.
Methods used by management to
communicate important aspects of
Company business are considered
adequate. Periodically, inconsistencies
may occur in the communication and
management does not always timely
address these inconsistencies.
Systems are considered effective for
timely and accurate reporting of
financial data. Manual effort is
minimal to validate information and
ensure its accuracy.
Systems are considered optimal for
timely and accurately reporting
financial data.
Methods used by management to
communicate important aspects of the
Company business are considered
effective. Some instances occur of
inconsistent communication however,
these are timely addressed and
clarified by management.
Methods used by management to
communicate important aspects of the
Company business are considered
optimal. Rare instances occur regarding
inconsistent communication.
The overall control activity process of
the Company is considered adequate.
Certain aspects of the process may
need attention and should be addressed
to ensure it can be relied upon.
Actions by management to correct
deficiencies reported by internal audit
or the external auditors are considered
adequate. Actions may not always be
well coordinated or consistently
executed on a timely basis.
The overall control activity process of
the Company is considered effective.
The majority of aspects of the process
is well defined and can be relied upon.
The overall control activity process of
the Company is considered optimal.
All aspects of the process are very
effective and there is no question
regarding reliability.
Actions by management to correct
deficiencies reported by internal audit
or the external auditors are considered
optimal. Actions are extremely well
coordinated and executed on a timely
basis.
The overall monitoring process of the
Company is considered adequate.
Certain aspects of the process may
need attention and should be addressed
to ensure it can be relied upon.
The monitoring process of the
Company is considered effective. The
majority of aspects of the process is
well defined and can be relied upon.
Actions by management to correct
deficiencies reported by internal audit
or the external auditors are considered
effective. Actions are fairly well
coordinated and executed in an
acceptable time period.
The overall monitoring process of the
Company is considered optimal. All
aspects of the process very effective and
there is no question regarding
reliability.
3
Related documents
Secondary Value Influences
Secondary Value Influences
Research Ethics - Swansea University
Research Ethics - Swansea University
Exploring the Concept of Organizational Integrity
Exploring the Concept of Organizational Integrity
A model for ethical decision-making
A model for ethical decision-making
Code of Ethics Policy - Gadsden State Community College
Code of Ethics Policy - Gadsden State Community College
nature_role_of_marketing
nature_role_of_marketing
sample credit union organizational code of ethics
sample credit union organizational code of ethics
Managing for Organizational Integrity –Lynn Sharp Paine
Managing for Organizational Integrity –Lynn Sharp Paine
Download
advertisement