OSS

×
Services Case Studies Our Places
Information & Cloud Security
ISO 27017: 2015 - Cloud Security Implementation Information Security Management System NIST - Cyber Security Framework (CSF)
ITSM & IT Governance
IT Service Management System (SMS) IT Governance Integrated Management System
Risk Management
COSO Implementation Enterprises Risk Management (ERM)
Quality & Health Safety and Enviroment
Environment, Health & Safety Solution Quality Management System
Data & Information Privacy
General Data Protection Regulation (GDPR) California Consumer Privacy Act (CCPA) Privacy Information Management System (PIMS)
Business Continuity & Organization Controls
Business Continuity & Organization Controls System & Organization Control (SOC 1) Service Organization Control (SOC 2)
Software Engineering
Process Excellence Tech Excellence
Digital Transformation
TM Forum Digital Maturity Model (DMM) Business & Digital Transformation Strategy Digital Marketing Solutions Services
Quality Assurance
Software QA Consulting Ensuring Exceptional Software Quality Automated Testing for Mission-Critical Projects Quality Assurance Automation, Scaled
Software Development Life Cycle
Professional Software Consulting Our R&D Capabilities Embrace DevOps to Gain a Competitive Edge Enterprise-Grade Maintenance and Support Revitalizing Your Legacy Systems Project recovery at scale
First slide
other slide
other slide
other slide
other slide
other slide
Digital Transformation

Integration and leveraging of new and existing technologies, processes and competencies into the way business is done. Read More

Digital Strategy & Targets

Identifying the different ways technology can be leveraged to create value, categorized as external or internal opportunities. Read More

Customer Intelligence

Collecting and analyzing customer interaction data to gain insights about customer behavior. Read More

Digital Marketing

Marketing that uses electronic devices to convey promotional messaging and measure its impact. Read More

Five Trends in Risk Management to Watch in 2023: What You Need to Know.

Which major trends are we now observing in the risk management industry? In this article, we outline five trends and discuss how they will change risk management in 2023. Read More

Staying Afloat as a Healthcare Risk Management leader is one of the Best Things You can do

The process of detecting risks that could endanger a healthcare organization, its patients, personnel, or anybody else in the institution is known as risk management. Read More

Reach out to us in the nearest office.

Oman Office

Muscat

2nd Floor, Tamimah Building, Al Nahdah Road, Al Wattayah, PO Box 395, Muscat 118.
Muscat, Sultanate of Oman

Comming Soon
Comming Soon
Comming Soon

Follow Us

COSO Consulting Overview

For organizations who wish to define internal controls driven by business objectives, COSO is the framework to follow. An organisation can use COSO to define policies, procedures and processes for the all aspects of business, thereby helping to move from people-dependent to system approach of governance that ensure ethics, integrity and protection against fraud.

Starting with business objectives, the framework allows you to define and continually improve organisational processes, with the ultimate goal of ensuring the interest of the stakeholders.

In Coral we have advised several organizations in implementing COSO, and that lead them to manage proactively enterprise risk. We have a structured approach that starts with determining the business objectives,

A typical COSO implementation involves rolling out 30+ policies across the organisation that gets measured monthly using an annual compliance plan.

What are the COSO Requirements?

COSO has 17 requirements
  • The organization demonstrates a commitment to integrity and ethical values.
  • The board of directors demonstrate independence from management and exercises oversight of the development and performance of internal control.
  • Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.
  • The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
    • The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.
  • The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
  • The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.
  • The organization considers the potential for fraud in assessing risks to the achievement of objectives.
  • The organization identifies and assesses changes that could significantly affect the system of internal control.
  • The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
  • The organization selects and develops general control activities over technology to support the achievement of objectives.
  • The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.
  • The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.
  • The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
  • The organization communicates with external parties regarding matters affecting the functioning of internal control.
  • The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
  • The organisation evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.

COSO is supported by five supporting organizations: the  Institute of Management Accountants (IMA), the  American Accounting Association (AAA), the  American Institute of Certified Public Accountants (AICPA), the  Institute of Internal Auditors (IIA), and  Financial Executives International (FEI).

Project Phases

We have a structured approach to determine the applicable list of risks and controls that are required to achieve SOC 2 attestation. Our approach ensures that the service organisation has adequate ‘internal controls’ over applicable security criteria, to assure any Certified Public Accountant (CPA) for issuance of SOC 2 reports.

PHASE I

Determination of Objectives

This phase involves determining key business objectives, that will drive the COSO framework implementation.

PHASE II

Gap Analysis

This phase involves performing gap analysis on COSO – 17 requirements as well as defining risk and control matrix for areas that have opportunities for fraud.

PHASE III

Control Design and documentation

This phase involves our methodology that involves distribution of objectives, risks, and control responsibility to internal stakeholders. This also includes nomination of key roles such as risk and compliance officer – who will drive the ongoing compliance. Each business function has control framework.

PHASE IV

Tracking

This phase involves tracking the client risks, documentation and self-declarations till all internal controls are adequately implemented.

PHASE V

Performance Tracking

This phase involves measuring internal control changes on a scale of 0-100%. This gives assurance to internal stakeholders that the processes implemented are adequate (or at risk). If there are deviations or risks identified, they are treated. We have a structured methodology for implementation.

PHASE VI

Internal Audit

Internal audit involved an independent verification of risk and control implementation as a project and an assurance of the ongoing program.

WhatsApp Us