Coso II and Basel III Analysis

 [pic 1][pic 2][pic 3][pic 4]

Individual Term Paper (COSO/BASEL)

Nathalie Kallab Racimo

Hult International Business School

Abstract

Different frameworks to standardize the regulatory environment are analyzed and compared between themselves. Basic concepts, key aspects, their origin, and the evolution along the last decades, are some of the main aspects that are discussed. In the one hand, an exhausted comparison between COSO II and Basel III leads to the conclusion that, even though COSO has a wider extension, their ultimate goal is to establish ground rules that ensure better conditions to risk management, creating and safer environment for all the players. On the other hand, the Enterprise Risk Management, and different type of risks are discussed, and finally, a further discussion suggested that Basel III accords provide the missing tools to materialize the theoretical goals of the process of ERM.

Keywords: COSO II, Basel III, Enterprise Risk Management, risks.

Comparative analysis of COSO vs. Basel

Due to the increasing financial system failures, that occurred over the past few decades, private organizations, decided to cooperate, elaborating frameworks in order to standardize the reporting and evaluation risk process, to reduce the chances of unexpected events to occur. COSO and Basel are both reactive frameworks to increased regulatory changes that forced institutions to show more transparency to their financial reporting, in order to manage operational risks, mitigate the likelihood of a collapse, and ensure stability in volatile market conditions (Farnan 2004; Balin 2008); therefore, increasing confidence in investors, attracting more risk-adverse people to participate, or to become more active.

On the one hand, these two regulatory frameworks shared some goals, that basically are, to enhance the communication between the board and management, reinforce the credibility of the institutions to increase the confidence level of their shareholders, and to protect investor’s assets from a further crisis that may occur in the upcoming years.  On the other hand, even though both of them, COSO and Basel are sets of standards that support and improve the enterprise's risk management, they have several differences that would be described below.

COSO

Is an independent private initiative named Committee of Sponsoring Organizations of the Treadway Commission (COSO), created in 1985, to acknowledge the common factors that could lead to fictitious financial reporting, and therefore corporate fraud. According to the Financial Executives International (2017), it was established in the United States by five organizations, the American Institute of Certified Public Accountants (AICPA), the Institute of Management Accountants (IMA), Financial Executives International (FEI), the Institute of Internal Auditors (IIA), and the American Accounting Association (AAA). According, to COSO, their mission is to establish extensive frameworks and instructions on internal control, enterprise risk management, and fraud dissuasion, to reinforce organizational performance, reducing the scope of fraud within every organization.

They developed a model for evaluating internal control, in 1992, which has been accepted and adopted as a general framework for internal control. Being highly used due to it effective system. Since then, this model has been suffering some changes, according to the changes produced in the market relative to the business environment and the operations overall, during the past two decades. The most important change that was made, was the inclusion of 17 principles that sustain the 5 components, that were implicit in the original framework, which is relevant to all the entities and may be functioning and operating all together to ensure an effective internal control system.

Another big change was the fact that in the last version (COSO II), are included some clarifications and enhancements that try to make easier the use and application of this framework. The three areas where they focus to improve were the following:

1. Risk assessment, providing a deeper discussion regarding the concepts related to risk assessments, including risk tolerance, risk management, and connection between risk assessment and control activities.
2. Outsources service providers (OSPs), being present in 12 of the 17 principles, managing how should they be monitored.
3. Information Technology, that is included in 14 of the 17 principles, specifying the requirements for ensuring the quality of information and discussing the usage of IT assistance for the monitoring process of internal control.

In addition, COSO uses five elements of internal controls, being risk assessment, control activities, environmental control, information and communication, and monitoring. And, defines internal controls as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.” (Enterprise Risk Management, 2004).  The framework of 2013 (COSO II), lists three categories of objectives:

1. Operation objectives, referred to the effectiveness and efficiency of the entity’s operations. Protecting the assets from possible losses, as well as considering specific targets of the operational and financial performance. In COSO I, no goals for performance were considered.
2. Reporting objectives, this considering both, the internal and external, financial and non-financial reporting to stakeholders, that would be standard regulations or policies, ensuring consistency and transparency along the process. In COSO I, just the elaboration of a consistence financial statement was included.
3. Compliance objectives, regarding all the regulations and laws that all the organizations need be stick with, considering the complexity and changes in the accounting standards and legal regulations. Before, in COSO I, this was broader, just considering the applicable rules that the organizations had to relate to.

As it is seen, COSO II is no more than a better version of the previous framework, which every aspect is more detailed and specific, seeking for a better regulatory environment for the enterprises, trying to close the gaps for fraudulent behaviors from the organizations that may seem attracted to do them in order to get some benefits, without regarding the risk where they involved their stakeholders.

Basel

The Basel Committee on Banking Supervision was established by the Governors of the Central Banks of an initial group of 10 countries in 1974. It is an international banking regulatory committee, which the main function is to develop regulations to this sector. The core objective of Basel is to get to understand how to reduce the risks, therefore enhancing the risk management to better face the diverse challenges that the investment banking has to face while setting a standard framework to ensure a better functioning.  Since then, three different versions of them have been realized, widening the coverage if the rules seeking for more effective regulations.