BKBECOSO.RVW 20070218 "Beyond COSO", Steven J. Root, 1998, 0-471-39112-3, U$65.00/C$84.99 %A Steven J. Root %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 1998 %G 0-471-39112-3 %I John Wiley & Sons, Inc. %O U$65.00/C$84.99 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0471391123/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0471391123/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0471391123/robsladesin03-20 %O Audience i Tech 1 Writing 2 (see revfaq.htm for explanation) %P 340 p. %T "Beyond COSO: Internal Control to Enhance Corporate Governance" In the preface, the author notes that it is impossible to have complete control of any situation: problems and fraud will happen despite all of our efforts. Root recommends that companies should implement internal controls as suggested by COSO (the Committee of Sponsoring Organizations of the Treadway Commission), but must also go beyond them, in a manner similar to the layered defence or defence in depth models. Chapter one contains an analysis of the limitations of the COSO directives (and ends with a rather odd overview of the book itself). The concepts of, and problems with, internal control is covered in chapter two. Chapter three presents a history of twentieth century corporate frauds and the attempts to restrict them. Business ethics and values are discussed in chapter four. Chapter five outlines the COSO framework, noting that internal controls provide assurance of the efficiency of operations and reliability of financial reporting--as long as there is compliance with the laws and regulations. (As this material is based on the 1992 version of COSO, it is interesting to note that the components of risk management are pretty much the same, but that the dimensions of objectives categories and unit-levels had not yet been added to the model.) Further concerns and limitations of COSO are expressed and analyzed. Additional frameworks are reviewed in chapter six. Using a hybrid of devices from these other frameworks, chapter seven suggests the extension of internal controls with additional management aspects. Chapter eight recommends that an oversight process be established for internal controls, noting particularly legal obligations and related factors such as standards of care, generic corporate organization and business roles and tasks. The oversight issues are extended in chapter nine, looking in more detail at job roles, and also insights that arise from chaos theory. Chapter ten finishes off the book with a review of the reporting of internal controls: much of this is concerned with the wording used in such statements, and the ineffectiveness of such reports to control incidents and fraud. Despite its age, this book is one of the more useful guides in the area of governance and controls in corporations. Root was willing to go beyond the usual promotional jobs that masquerade as management advice. While he does not solve the problem, he at least makes the issues clearer, and raises interesting points in regard to solutions. copyright Robert M. Slade, 2007 BKBECOSO.RVW 20070218