In the present work, the problem to be solved is identified: the insufficiencies in the contextualization process to the particular characteristics of each organization, with respect to the Supervision and Monitoring component of the SCI. The objective is specified: To develop a Procedure that allows compliance with the provisions regarding the SCI monitoring actions, with the peculiarity that it can be adapted to the temporal, spatial and personal contexts of the organizations.
The scientific result of the research is specified in a Procedure for the implementation of the SCI monitoring process. Meanwhile, its practical significance is that it provides the organization with a tool that allows managers to execute the ICS monitoring process efficiently and effectively in order to guarantee the effectiveness of the ICS in the organization.
The scientific novelty of the research is given in revealing that the relevance of the monitoring is made possible thanks to the consideration of the contextual, spatial, temporal and personal characteristics of the particular organizations where internal control is implemented.
The positive experience of the application of the procedure in companies in the territory of Camagüey, validates the results of the work.
Summary
The present work is identified as a problem to be solved: the inadequacies in the contextualization process to the peculiar characteristics of each organization, with regard to the Supervision and Monitoring component of the System of Internal (SCI) Control. The specific objective consists of the following: To elaborate a Procedure that complies with the monitoring of the SCI actions, with the peculiarity that you can adapt them to the temporary space and personal contexts of the organizations.
The scientific result of the investigation is summed up in a Procedure for the implementation of the process of monitoring of the SCI. In the meantime, it provides to the organization, a tool that allows him / her, to execute the process of monitoring of the SCI in an efficient and effective way for this to guarantee the effectiveness of the SCI in the organization.
The scientific novelty of the investigation is to expose that, the relevancy of the monitoring becomes possible thanks to the consideration of the contextual characteristics of time, space, and personal, of the particular organizations where the internal control would be implemented.
The positive experience of the application of the procedure in companies of the territory of Camagüey will merit the results of this work.
Introduction
The recognition of the importance of the implementation of a good internal control system (ICS) in organizations has increased in recent years in the international arena, due to its practicality as a management tool, since it allows measuring the efficiency and productivity systematically, which is reinforced if internal control focuses on the basic activities that these organizations carry out and on which they depend to achieve the fulfillment of their objectives.
Likewise, it is recognized the importance for organizations of the implementation of an effective ICS, which protects them from the possibility of the manifestation of risks that threaten the achievement of their objectives. Thus, for example, in the COSO Report (COSO, 1992), the importance of the SCI for the organization is noted because it ensures how reliable its accounting statements, executive information and the application of regulations and laws are against fraud, efficiency and operational effectiveness to guarantee the fulfillment of the objectives.
According to the COSO Report, the internal control system (ICS) is made up of five components that interact with each other in a systemic way, each providing essential elements for the correct functioning and stability of the system (the Control Environment, the Risk Assessment, Control Activities, Information and Communication and Monitoring). The Monitoring component is in charge of evaluating the behavior of the SCI over time. The correct application of monitoring conditions the continuity of the functioning of the system and the updating in time of each of the components and of the monitoring itself. According to the COSO Report (2006), it is not possible to achieve the implementation of the SCI without first having achieved the application of effective monitoring.
The examination of what is written by different authors recognized for their contributions to the study of control, as well as the consultation of works referring to internal control in the organizations listed in the work bibliography; and the analysis of documents such as: Resolution No. 297 of the Ministry of Finance and Prices 2003, the COSO Report (2006), Law 107 and Resolution 60/11 of the CGR, etc.; allowed the authors of this work to conclude that:
- The theory does not offer a precise answer on the way in which the integration of the SCI components takes place.
- Despite recognizing the importance of the synergy and interrelation that must exist between the components of the system for the effectiveness of the ICS, no concrete explanation is offered of how this process manifests itself, nor about how feedback takes place between its components. components, as well as updating and adapting the SCI to changes in the environment.
- In the literature consulted, no guidelines are established for the practical development of the internal control process.
- The way in which organizations can carry out the monitoring of the SCI is not described, nor are variables and precise indicators recognized that allow evaluating the effectiveness of the SCI.
Law 107/2009 "On the General Comptroller of the Republic of Cuba" in its Chapter III "On the Internal Control System", in Article 15, specifies: " The bodies, agencies, organizations and entities subject to control actions established by this Law are obliged to maintain internal control systems, in accordance with their characteristics, competence and institutional attributions. "
Complementing this law, the Office of the Comptroller General of the Republic (CGR) issued, on March 1, 2011, Resolution 60/11 on the Internal Control System (SCI), with the aim of continuing to improve internal control in the country, also establishing its basic principles and general characteristics (2011, p. 2).
In full correspondence with all this, guidelines 08, 11 and 12 of the economic and social policy of the Party and the Revolution (2011, p. 11) establish the necessary elevation of the responsibility of managers regarding efficiency, effectiveness and control in the employment of the personnel, the material and financial resources they manage; together with the need to demand the responsibility of those managers who with their decisions, actions or omissions cause damages to the economy; as well as reducing the burden of external controls by making the information systems more rational and the demand on the ethical performance of the entities and their heads, strengthening their internal control system, to achieve the expected results in terms of compliance with their plan with efficiency, order,discipline and absolute compliance with legality.
The SCI carries with it the characteristic of being applied as a “tailored suit” for each organization. Therefore, the fact that it cannot be implemented effectively in the context of organizations constitutes a problem of vital importance to be solved that would allow a reasonable guarantee for the achievement of its objectives and fulfillment of its mission.
Since the implementation of the SCI application, many organizations in the country have been working on its implementation, however, in many of them, the results do not correspond to those expected in terms of compliance with its components. As part of the consultancies for the implementation of the SCI, carried out by the authors, to various organizations in the territory, it was found that:
• It is necessary to permanently monitor the implementation of the ICS and
• There is no precise definition of the variables and indicators that allow assessing the efficiency and effectiveness of SCI monitoring.
From the information provided by the theory, the observation of the facts and their relationships, the available empirical data and the practical experience of the authors, the elevation of the efficiency and effectiveness of the SCI was formulated as a scientific problem of the present investigation. in the Cuban organizational context.
The Object of the investigation is defined: The Internal Control System; and as FIELD: The Monitoring component as an integrating and essential element for the effective and efficient operation of the SCI in various entities of the municipality of Camagüey.
As General Objective: Design a monitoring procedure that contributes to increasing the efficiency and effectiveness of the application of the SCI in the Cuban organizational context.
As Hypothesis: The design and application of a procedure for monitoring the SCI, which systematically considers the way in which the integration of the components takes place and the variations in the temporal, spatial and personal contexts of the organizations, will facilitate the implementation and operation of a relevant Internal Control System in its operation.
The fundamental scientific result of the investigation is specified in the design of a procedure for the monitoring of the Internal Control System, contextualized to the concrete conditions of performance of Cuban companies. Meanwhile, the practical significance of this research is that it provides the organizations under study with a tool that makes it easier for managers to understand and carry out the implementation of the Internal Control System efficiently and effectively, and at the same time, evaluate it and update it over time as a process of continuous improvement. This procedure provides methods and tools aimed at directing the monitoring implementation process in the individual conditions of each entity.
The scientific novelty of the research is given in revealing the way in which the integration of the SCI components takes place during the monitoring process of the same and whose relevance is made possible thanks to the consideration of the contextual, spatial, temporal and personal characteristics of the particular organizations where internal control is executed.
Development
According to COSO (2006) the first four components of the SCI are related to the design and operation of the internal control system: control environment, risk assessment, control activities, and information and communication. The fifth component, monitoring, is designed to ensure that internal control continues to function effectively, it is in charge of evaluating the behavior of the ICS over time. Its correct application conditions the continuity of the operation of the system and the updating in time of each one of the components and of the monitoring itself. According to COSO (2006), it is not possible to achieve the implementation of the SCI without first having achieved the application of effective monitoring. Without monitoring the ICS becomes static that does not update over time,ceasing to be a system. The monitoring process takes place throughout all the processes of the organization and its areas, correcting deviations and providing feedback, in addition, to each of the components of the SCI, thus ensuring its updating and adaptation to the new conditions. In the same way that the Environment or Control Environment component is considered as the basis of the SCI, and the importance it has for the planning and organization of the company is expressed; The monitoring process can be considered as the engine that leads the ICS to an efficient and effective operation, making it truly "a process integrated into operations with a focus on continuous improvement" as expressed in Resolution 60/11 of the CGR.The monitoring process runs through all the processes of the organization and its areas, correcting deviations and providing feedback, in addition, to each of the components of the SCI, thus ensuring its updating and adaptation to new conditions. In the same way that the Environment or Control Environment component is considered as the basis of the SCI, and the importance it has for the planning and organization of the company is expressed; The monitoring process can be considered as the engine that leads the ICS to an efficient and effective operation, making it truly "a process integrated to operations with a focus on continuous improvement" as expressed in Resolution 60/11 of the CGR.The monitoring process takes place throughout all the processes of the organization and its areas, correcting deviations and providing feedback, in addition, to each of the components of the SCI, thus ensuring its updating and adaptation to the new conditions. In the same way that the Environment or Control Environment component is considered as the basis of the SCI, and the importance it has for the planning and organization of the company is expressed; The monitoring process can be considered as the engine that leads the ICS to an efficient and effective operation, making it truly "a process integrated into operations with a focus on continuous improvement" as expressed in Resolution 60/11 of the CGR.in this way, its updating and adaptation to the new conditions is ensured. In the same way that the Environment or Control Environment component is considered as the basis of the SCI, and the importance it has for the planning and organization of the company is expressed; The monitoring process can be considered as the engine that leads the ICS to an efficient and effective operation, making it truly "a process integrated into operations with a focus on continuous improvement" as expressed in Resolution 60/11 of the CGR.in this way, its updating and adaptation to the new conditions is ensured. In the same way that the Environment or Control Environment component is considered as the basis of the SCI, and the importance it has for the planning and organization of the company is expressed; The monitoring process can be considered as the engine that leads the ICS to an efficient and effective operation, making it truly "a process integrated into operations with a focus on continuous improvement" as expressed in Resolution 60/11 of the CGR.The monitoring process can be considered as the engine that leads the ICS to an efficient and effective operation, making it truly "a process integrated into operations with a focus on continuous improvement" as expressed in Resolution 60/11 of the CGR.The monitoring process can be considered as the engine that leads the ICS to an efficient and effective operation, making it truly "a process integrated into operations with a focus on continuous improvement" as expressed in Resolution 60/11 of the CGR.
No ICS can guarantee the prevention and detection of all control deficiencies that may lead to the inability to achieve organizational objectives. However, when properly designed and executed, monitoring helps ensure that internal control continues to function effectively. The monitoring process requires correct planning that leads to the reliability of the information managed by the management for decision-making, and which must also be appropriate, timely and updated. Lack of effective monitoring, with the real probability of change in one or all of the components, could lead the ICS to stop working, or be ineffective due to undetected changes. Monitoring must be properly designed to detect such changes in a timely manner.
Monitoring is more effective and efficient when it considers how the ICS as a whole is capable of managing risks, related to different types of contexts, to achieve the fulfillment of the organization's objectives. On the contrary, it is less efficient and effective, when it concentrates on a checklist or guideline of selected control activities, based on a list of processes, procedures, regulations, etc., without taking into account the level of the real risk. what they represent for the organization, or their relative importance. However, the country insists on the application of the Verification Guides to the SCI, which offer a subjective evaluation of the effectiveness of the SCI and do not evaluate the SCI of each organization, as a unique and unrepeatable system.Far from executing effective monitoring appropriate to their contexts, most Cuban organizations base the evaluation of the operation of their ICS on these guides, which leads to erroneous interpretations about the ICS, its objective and operation, resulting in results contrary to those desired, such as:
- The guides, in most cases, are not adapted to the conditions of each particular organization and are applied directly, making their application complex, and requiring high expenditure on resources, which makes monitoring an inefficient and ineffective tool.
- The strict adherence of many auditors to the existing guidelines, without taking into account the individual characteristics of each organization, its business purpose and mission, gives rise to evaluations that do not correspond to reality. On the one hand, organizations that obtain satisfactory evaluations of their SCI according to the guide, since they apparently comply with the indicators measured in the questions in this guide, and yet they show negative results in the fulfillment of their objectives and business purpose. On the other hand, organizations that show very good results in their management and fulfillment of their objectives, as well as their business purpose, obtain poor evaluations, as a result of not meeting any of the indicators reflected in the guides, which, however,they do not imply a priority in their risks for the fulfillment of the objectives, mission and vision.
- The mechanical application of the verification guides by managers and officials at different levels leads to evaluating the points without carrying out any type of test or revision, as a result of the operation or haste with which they have to be carried out.
- Certain aspects of the guides are ranked above the others without taking into account the real impact that these may have on achieving the objectives and mission of the organization.
The shortcomings referred to above, require the need to review the monitoring process of the internal control system in the organization and develop a procedure that enables the development of the process effectively and efficiently; that takes into account the risks of control, internal and external, most relevant for the achievement of organizational objectives in each of its processes, areas and activities, based on the consideration of their contexts.
Both COSO (2006, 2008) and INTOSAI (2001, 2004) have developed studies regarding the issue of the monitoring process, recognizing the importance of this component for the effective functioning of the ICS. Both have prepared reports, guides or manuals where they describe in a very similar way the development of the monitoring process and its particularities. Taking as a basis some elements of these studies, the phases of the system for the implementation of the monitoring process in organizations can be theoretically founded.
The interrelationships expressed between the components in the COSO 2006 guide can be represented in a graph (Figure 1) where the monitoring component is presented as a process that assesses the capacity of the internal control system, as a whole, to prevent or mitigate risks. existing and potential relevant for the fulfillment of the organization's objectives.
Risk prevention for the company includes strategy as an additional objective. The monitoring concepts exposed in this document can be fully applied to the monitoring of internal control over the strategy.
In this way, monitoring is not intended to ensure the effectiveness of the internal control components individually and operating in isolation, but rather commits itself to the functioning of internal control as a system, that is, all its components operating in an interrelated manner and all represented at the time in each of them depending on the objective of the system.
This representation of the monitoring process shows that internal control is developed in response to one or more identified risks that affect the achievement of the organization's objectives (1), within the context of an effective control environment (2), control related to the organizational process (3) and with the correct information and communication (4).
Taking into account the above, the implementation of the monitoring process can be considered, such as:
A process through which the bases are established, designs and implements the monitoring process, for this it uses the information related to the spatial, conjunctural and personal contexts, as well as what is specified in the rest of the ICS components.
The implementation of the monitoring process constitutes a system whose components coincide with the phases of the referred process. They are:
1. Establish the bases for the monitoring process.
2. Design the monitoring process.
3. Implement the monitoring process.
Such elements: establishment of the bases, design and implementation of monitoring, are considered phases insofar as they constitute flexible, variable, living processes. The consideration of such elements as phases makes it possible to underline that the relationships between them do not take place in a unidirectional, rectilinear, or sequential manner. Rather, they can coexist, interrelate multidirectionally and, the components of each of them, be present in the others. These phases are perpetually repeated, inserted in a spiral, in continuous development, crisis, setbacks and advances. (Figure 2)
To guarantee that the quality resulting from the integration of the aforementioned phases is a pertinent and, consequently, efficient and effective monitoring process, it is necessary to guarantee an adequate relationship of said process with the context in which the monitoring operates, which is constituted by the rest of the SCI components.
Each of these phases is composed of elements that allow their development and the continuity of the process from one phase to the next, based on the results of the previous phase:
The implementation of the monitoring procedure in the organization is carried out through a process composed of four stages that consolidate results and culminate with the knowledge of the effectiveness of the operation of the controls designed in the organization, its ICS and the updating and continuous improvement of said system. The design is represented in a diagram (See Figure 3) that allows to observe, as a whole, the characteristics of each stage.
The elements that are represented in figure 3, forming part of each of the phases, constitute the steps that are followed in the process for the implementation of SCI monitoring in organizations. For each of these steps, the objectives, the required information, the methodological indications to carry them out and the outputs have been specified.
Phase 1: Establish the basis for monitoring.
This phase implies the execution of four fundamental actions, they are: recognition by senior management of the need to monitor the SCI; precision of the contexts in which internal control takes place; determination of the organizational structure of the process and establishment of the foundations of effectiveness of the SCI.
Recognition by senior management of the need to monitor the SCI. It means that the managers of the organization internalize, understand, distinguish what monitoring consists of, and accept, understand and realize the need for its application to achieve the objectives of the organization.
Accuracy of the contexts in which internal control takes place
Bearing in mind that monitoring must guarantee the relevance of the SCI, it is essential that, when establishing the bases of the same, the contexts in which such a system takes place are considered.
Determination of the organizational structure of the process.
The director is primarily responsible for the effectiveness of the organization's ICS. The manager institutes the system and ensures that it continues to function effectively. The management team is ultimately responsible for determining whether management has effectively implemented internal control (including monitoring). The attribution of this responsibility is based on the knowledge that the management team has about the risks faced by the organization, and about how senior management manages or mitigates those risks that are significant for the organization's objectives.
Establishment of the fundamentals of effectiveness of the SCI.
Changes in the external environment, or in the way in which the controls function, create risks for the fulfillment of the organization's objectives that, if the SCI does not recognize them in a systematic way, could lose effectiveness. Changes in laws and regulations, in customer demands, and new product lines are examples of some of the events, in the external environment, that can create new risks to the achievement of the objectives, if the SCI stops recognize them and react appropriately. Similarly, unrecognized or improperly managed changes in the operation of existing controls, for example new people to your operation, processes, and technology, could render the ICS ineffective.
The effectiveness of internal control depends on the quality with which the four basic elements that are listed below have been defined and are carried out:
- Key controls.
- Identification of the Change
- The management of Change
- The revalidation of the Control.
Phase 2: Design the monitoring process.
All effective and efficient monitoring is the consequence of an economically feasible design of said monitoring, which evaluates the operation of the controls over the most significant risks that may affect the achievement of the organization's objectives, through the evaluation of the information. truthful about the organization's processes.
To design a monitoring that reasonably guarantees the effectiveness of the ICS, it must be clear: what controls to monitor, what monitoring procedures to use and how often to use them. The monitoring design process is made up of four actions represented in Figure 4.
- Review and update of the risk assessment.
The design of the monitoring process begins with the review and update of the evaluation of the most important risks that affect the achievement of the organizational objectives. This is based on the fact that the quality of the monitoring process depends, to a large extent, on the effectiveness of the risk assessment carried out previously.
- Identification of key controls.
A control that is key in managing a risk that is significant to a director of a Base Business Unit, may not be key to top management when addressing risk in the organization as a whole. The objective is to identify the controls that, when monitored, will provide the necessary level of effectiveness of the ICS. The key controls are the most important to monitor to substantiate the ICS's ability to operate effectively.
- Identification of the truthful information.
Once the key controls have been identified, it is necessary to identify the truthful information that will substantiate whether they have been implemented and are working for what they were designed. Identifying this information implies knowing how the control failure could occur and what information would be accurate to determine whether or not the control system is working properly.
Accurate information is both appropriate and sufficient under the circumstances and provides the tester with a reasonable, but not necessarily conclusive, basis regarding the continued effectiveness of the ICS in a particular risk area. To be appropriate, the information must be relevant, reliable, and timely. Sufficient is a measure of the amount of information (eg, whether the tester has a sufficient amount of appropriate information).
Phase 3: Implementation of the monitoring process.
In order to carry out the implementation of the monitoring process, it is important that the entire organization is fully committed to carrying out this component of the ICS in an effective manner. It is at this time when the entity's management exercises its greatest influence to achieve the objectives set by the monitoring process, acting appropriately, engaging the other members of the organization, explicitly stating its objectives and promoting the importance of the process. Management must establish the necessary instructions or operating procedures for the evaluations to be carried out and the effectiveness of the process to be achieved., determining the way in which the monitoring process will be carried out with each of its steps, those responsible for the monitoring process in the organization and in each of its activities, informing them in writing what their functions are, and the evaluations to perform.
Design the monitoring process.
Once the risk assessment, the selected key controls, and the identified truthful information available have been reviewed and updated, the organization is in a position to design the monitoring procedures necessary to evaluate the effectiveness of the ICS's ability to manage or mitigate risks. identified. Monitoring involves the use of permanent monitoring activities procedures and / or specific evaluations to collect and analyze truthful information to support conclusions on the effectiveness of internal control through the five components.
Permanent monitoring activities, which use both direct and indirect information, are developed in normal operating activities and are repeated in the organization. They include regular management and control activities, conducting similarity comparisons and trend analysis using internal and external data, reconciliations, and other routine actions. They could also include automated tools that monitor controls and / or transactions electronically. Because they are carried out regularly, permanent real-time monitoring procedures can often provide the first opportunity to identify and correct control deficiencies.
Spot evaluations can employ the same techniques as ongoing monitoring activities, but are designed to evaluate controls periodically and are not interlocked with the daily operations of the organization.
One-off evaluations are generally carried out by people who are not directly responsible for the controls to be monitored. Likewise, they can provide a more objective analysis of the effectiveness of the control than the procedures of permanent monitoring activities, which are generally carried out by less objective personnel. Spot evaluations can also provide valuable periodic feedback regarding the effectiveness of ongoing monitoring activity procedures.
The combined use of permanent monitoring activities and specific evaluations offers the organization a greater guarantee of effectiveness in its ICS. Permanent monitoring activities provide management with daily primary support regarding the effectiveness of the control, and timely evaluations provide periodic confirmation. This combination works best when the information used in the procedures of permanent monitoring activities is accurate.
Many factors can influence the type, timing, and extent of an organization's monitoring. Two factors that deserve special mention are: the size and complexity of the organization. The way of executing the evaluations must be adapted to the characteristics of the organization.
The size of the organization influences the design and conduct of monitoring. In most large organizations, neither senior management nor the management team are close to executing many controls. Consequently, they are often dependent on monitoring procedures carried out by other personnel, working at other levels of management. These procedures are developed in the daily work, through permanent monitoring activities that operate at each level of the organization and, generally, are increased by the specific evaluations carried out by a restricted internal or external audit function carried out by other entities.These periodic spot evaluations provide the necessary testimony that monitoring systems at lower levels of the organization are working effectively.
On the other hand, in smaller organizations, monitoring at the management level occurs much closer to risk and the controls related to it, offering the tester more implicit knowledge of the operation of the controls. Monitoring in the smallest organization is very similar to monitoring at the lower levels of a large organization. The main difference is that the smaller tester has more implicit knowledge about how direct controls work. This increase in implicit knowledge about the operation of internal control,it may allow the tester in a smaller organization to support its control conclusions through less intense monitoring than is needed in a larger organization where the tester is further from the operation of controls.
The level of complexity is correlated with the level of risk in general. Therefore, in areas where organizational complexity is greater, more intensive evaluations using direct information will be needed. On the contrary, in areas where the complexity is less, permanent monitoring activities that use indirect information, as well as periodic confirmation through specific evaluations that use direct information, might be appropriate.
Some organizations are more complicated than others. Factors that influence complexity include industry characteristics, regulatory requirements, number of products or lines of service, level of centralization or decentralization, use of advanced technology, etc. The level of complexity could also vary, in an organization, according to areas, for this reason, adapting monitoring on the basis of complexity is more difficult to apply to an entire organization, than on the basis of dimension.
Evaluation of the effectiveness of the SCI.
To evaluate the effectiveness of the ICS operation, two fundamental dimensions are recognized in the literature: effectiveness and efficiency.
Normally in entities, effectiveness is considered as the fulfillment of activities and actions, without taking into account that effectiveness really measures the degree of scope of the desired effects. Efficacy is the degree or percentage of achievement of the desired effect, if we analyze it in a simple mathematical equation, in the numerator we would have the number of positive cases of achieving the desired effect and in the denominator the number of attempts. We cannot affirm then, that the SCI is effective only with the achievement of the objectives, when the objectives and goals refer solely and exclusively to the execution of actions or activities. The effectiveness of the SCI must be measured by indicators determined by the correct functioning of this for the purpose for which it was created.
Once the monitoring has been carried out, it is important to establish the link that each deficiency has with the ICS components and to what extent these deficiencies can affect the level of vulnerability of the organization in meeting its objectives.
If, during the performance of external or internal audits, deficiencies are detected that are related to risks relevant to the achievement of the organization's objectives, if these affect several of the ICS components and are in one or more key areas or processes for the achievement of the organization's objectives and the organization is not prepared to face them, then the ICS is not effective to manage risks, in those areas or in the organization, depending on the magnitude of the deficiencies detected. Likewise, if several deficiencies related to risks relevant to the achievement of the organization's objectives are detected, or if changes occur that may affect the achievement of the organizational objectives and these have not been taken into account by the entity,the ICS in the organization is not working effectively.
If the costs of operating the SCI through the process of monitoring and operating its five components in general is higher than the cost of the risks that it must manage, then the SCI is not working efficiently.
SCI update
The monitoring process culminates with the update of the SCI, it adapts to the principles of the approach to continuous improvement processes. Once deficiencies are defined and related to ICS components and standards, the system can be upgraded. The deficiencies detected during the SCI monitoring process must be related to the components and the degree of impairment or non-compliance in the related components must be determined, for example, and the deficiencies detected are related to the absence of documents, policies, regulations, etc., then they would be involved with the control environment components, control activities and information and communication, and the correction of these would lead to the update of the SCI.
Conclusions and recommendations
- The positive experience of the application of the procedure confirms that it is possible to use other ways to achieve the effective operation of the ICS, with the efficient use of resources and with efficiency in the verification and updating of its components. In addition, a better understanding is achieved by managers and other members of the organization, of the way in which the ICS operates and how, with its implementation, the fulfillment of the objectives is reasonably guaranteed, motivating them and encouraging them to work on it. At the same time, it breaks with the image created on the complexity, bureaucracy and “red tape” rooted in the organizations on the SCI.
- The process described is relevant because it considers the spatial, conjunctural and personal contextual characteristics of the particular organizations where internal control is implemented, an issue that has not been addressed so far.
- Through the process described, it is established what to do in Cuban organizations to make the SCI work systematically and carry out, in a practical way, its implementation as a system, which is updated over time and adapts to new conditions. of the changes that operate in the environment.
- The determination of measurement indicators as described in the process allow to evaluate in practice the effectiveness of the SCI in organizations.
- Generalize the application of the work, making the pertinent adjustments so that, at the same time that the results obtained are generalized, it can be improved in those aspects that need it.
- Promote the study and discussion of this issue in the improvement actions given to managers and their reservations about the SCI.
Bibliography
1. Committee of Sponsoring Organizations of the Treadway Commission. Guidance on Monitoring Internal Control Systems 2008. Internal Control - Integrated Framework COSO.
2. Committee of Sponsoring Organizations of the Treadway Commission. Internal Control Over Financial Reporting - Guidance for Smaller Public Companies (COSO's 2009 Guidance). 2009
3. Committee of Sponsoring Organizations of the Treadway Commission. Internal control. COSO report. Fourth edition. Translation Samuel Alberto Mantilla B. University Texts. ECOE Editions. Bogotá DC April 2005.
4. Internal Control: Providing the Basis for Accountability in the Government. An introduction to internal control for managers in government organizations. Internal Control Standards Committee, International Organization of Supreme Audit Institutions (INTOSAI), 2001.
5. Speech delivered by Army General Raúl Castro Ruz, in the seventh Ordinary Period of Sessions of the VII Legislature of the National Assembly of People's Power, on the 1st. August 2011.
6. Internal control in Cuba. Business reality. Link to the audit. Author: Dr. Elvira Armada Trabas. VI National Audit and Control Workshop. November 2005.
7. Guide for internal control standards of the public sector. INTOSAI. Budapest 2004.
8. Law No. 107/09. Creation of the Comptroller General of the Republic as the Central Organ of the State.
9. Madrigal JB, INTRODUCTION TO BUSINESS RISK MANAGEMENT. Havana, December 2004
10. ISO 31000: 2009 standard. Risk management - Principles and guidelines.
11. Resolution 60/11 of the Comptroller General of the Republic. On the rules of Internal Control. Havana 2011.
