COSO

COSO

The Committee of Sponsoring Organizations of the Treadway Commission
  • The implementation of SE Action streamlined our continuous improvement process for managing actions, especially through the workflow functionality. This facilitates the verification of occurrence causes and drafting correction actions.
    Gustavo Martins – Quality Department Assistant    		      
    Coca-Cola
  • The SE Project was implemented quickly and the time required for the adoption of the solution by the users was quite natural, considering that the pharmaceutical segment is legally required to work with reliable and secure records that guarantee the quality of products and do not represent risks to the population.
    Randel Moreira – IT Manager    		      
    Laboratório Globo
  • SE Document has provided the means to streamline our document control, through excellent drilldown options for searching and registering documents, a systematic workflow
    tool for sending pending tasks to system users, as well as really cutting down on the need for printed copies.
    Ângela Fischer    		      
    CTA-Continental
  • We have achieved improved dependability as well as standardization in our processes to assure measurement consistency and the required monitoring to verify conformity in our products. This adds enhanced safety and quality to our customers.
    Helton Calaça – SPC Technical Support    		      
    Mitsubishi Motors
  • SE Document completely meets our document control requirements, facilitates retrieval, and manages the entire document revision process.
    Janaina Salatti – Quality Supervisor    		      
    Group Roullier
  • The SoftExpert facilitates and speeds up activities, and the system was considered highly suitable for the renewal of ISO/TS 16949 and ISO 14001.
    Cristina Pereira – Gerente adjunta de Informática    		      
    Coindu
  • Our productivity and reliability increased greatly. The software helped us to meet the ISO/TS 16949 standard requirements, providing security in the daily routine of the Engineering area and auditing, while easily proving full compliance with the standard and customer requirements.
    Jeferson R. F. dos Santos – MENFUND Unit Manager    		      
    Menegotti
  • Online access to wherever we offer services ensures us speedy responses, through reliable and updated information, which, in turn, facilitates decision making and customer satisfaction.
    José Andrade – Opetrec Manager    		      
    Opetrec
  • SE Document manages ISO standardization documentation to facilitate compliance, as well as all other document types. The workflow system provides great distribution copy control, approval, revision, printed copies, and document retrieval search capabilities. Currently, there are over 1,100 users and 3,500 registered documents.
    Carla Regina Schmitt    		      
    Universal Leaf Tabacos
  • SoftExpert Solution has streamlined data sharing for our quality system and has contributed to reducing impacts on the environment through doing away with the need for storing piles of original and obsolete paper documents for auditing purposes.
    Solange Amaral – Human Resource Analyst    		      
    Carrier

  • Over a decade ago, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued the document Internal Control – Integrated Framework to help businesses and other entities assess and enhance their internal control systems. That framework has since been used by thousands of enterprises to better control their activities while aiming toward their established objectives. Over recent years, there has been a heightened concern and focus on risk management, and it has become increasingly clear that there is the need for a robust framework to effectively identify, assess, and manage risk: Enterprise Risk Management – Integrated Framework.

    The underlying premise of enterprise risk management is that every entity exists to provide value for its stakeholders. All entities face uncertainties and the challenge for the management area is to determine how much uncertainty to accept as it strives to increase stakeholder value.

    Over a decade ago, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued the document Internal Control – Integrated Framework to help businesses and other entities assess and enhance their internal control systems. That framework has since been used by thousands of enterprises to better control their activities while aiming toward their established objectives. Over recent years, there has been a heightened concern and focus on risk management, and it has become increasingly clear that there is the need for a robust framework to effectively identify, assess, and manage risk: Enterprise Risk Management – Integrated Framework.

    The underlying premise of enterprise risk management is that every entity exists to provide value for its stakeholders. All entities face uncertainties and the challenge for the management area is to determine how much uncertainty to accept as it strives to increase stakeholder value.

    Enterprise risk management consists of eight interrelated components. These are derived from the way the management runs an enterprise and are integrated with the management process. These components are:

    • Internal Environment
    • Objective Setting
    • Event Identification
    • Risk Assessment
    • Risk Response
    • Control Activities
    • Information and Communication
    • Monitoring

    Back to top      Close

Benefits

Value is maximized when the management establishes a strategy and objectives to strike an optimal balance between growth and return goals and related risks. Enterprise risk management encompasses the following points:

  • Aligning risk appetite and strategy
  • Enhancing risk response decisions
  • Reducing operational surprises and losses
  • Identifying and managing multiple and cross-enterprise risks
  • Seizing opportunities
  • Improving capital deployment

These capabilities inherent to enterprise risk management help the management achieve the entity’s optimal performance and profitability targets and prevent resource loss.

 

The Challenge

The main challenges associated with the COSO Standard are directly related to ERM program implementation. Common topics and challenges include:

  • Identifying executive sponsors for ERM
  • Establishing a common risk language or glossary
  • Describing the entity's risk appetite (i.e., risks it will and will not take)
  • Identifying and describing the risks in a "risk inventory"
  • Implementing a risk-ranking methodology to prioritize risks within and across functions
  • Establishing a risk committee and/or Chief Risk Officer (CRO) to coordinate certain activities of the risk functions
  • Establishing ownership for particular risks and responses
  • Demonstrating the cost-benefit of the risk management effort
  • Developing action plans to ensure that risks are appropriately managed
  • Developing consolidated reporting for various stakeholders
  • Monitoring the results of actions taken to mitigate risks
  • Ensuring efficient risk coverage by internal auditors, consulting teams and other evaluating entities

The SoftExpert Excellence Suite offers tools for the complete management of the organization’s risks in compliance with the COSO International Standard. All of this in a collaborative and integrated environment that guarantees the standardization and correct use of information to obtain excellence in risk management.

Back to top

SoftExpert Excellence Suite ensures compliance with many regulations including the COSO. The solution allows companies to increase efficiency for quality processes, minimize the high costs of compliance, and quickly bring new products to market.

Each SoftExpert module addresses key compliance issues as shown below:

Módulo Requisitos
SE Action Plan
SE Action Plan
  • Helps organizations effectively coordinate and manage the entire workflow by maintaining team communication and improving collaboration through the centralized control of action plan and task planning, execution and monitoring, including corrective, preventive or predictive actions.
SE Audit
SE Audit
  • Programs audits, taking into consideration the scope, status and importance of the processes and/or areas to be audited.
  • Defines criteria, methods, responsibilities and requirements to be audited.
SE BI
SE BI
  • Provides status with standard one-click reports.
  • Creates custom reports.
  • Helps identify, collect and analyze appropriate data to demonstrate the suitability and effectiveness of the management system.
SE Document
SE Document
  • Maintains the documentation generated during the COSO process – including risk management policy secure and centralized – so that it can be accessed by users and auditors practically anywhere.
  • Automates forwarding, revision and approval, among other activities, boosting the team’s efficiency.
  • Allows changes to be easily traced.
  • Provides external auditors the means to recover and locate documents easily and quickly, saving time.
  • Guarantees that the history of conformities, revisions, etc., is always available.
  • Guarantees that only the latest version of the document is used, avoiding the use of obsolete documents.
SE Performance
SE Performance
  • Enables the company to actively monitor current performance against goals previously defined, and reports this performance to auditors and internal stakeholders in real time.
  • Reports easy, intuitive, and flexible key performance indicators.
  • Spreads information flowing down, across and up the entity.
  • Supports KRIs (Key Risk Indicators) and helps on the control activities functions.
SE Project
SE Project
  • Guarantees that the projects to undergo risk evaluation are defined, planned and documented.
  • Operationalizes the responses applied to risks.
  • Guarantees the distribution and execution of activities, managing the effort and deadline of the same.
  • Guarantees that the history of each project is always available.
  • Allows the evaluation of the implemented project and full communication with stakeholders.
SE Risk
SE Risk
  • Manages business and operational risks.
  • Facilitates the identification of process, project, product and asset risks, collaborating for internal environment definition.
  • Allows the elaboration of risk evaluation methods based on quantitative, qualitative and matrix criteria, providing evidence for the organization’s appetite for risk and objective setting.
  • Automates the application of risk assessments.
  • Facilitates the identification and evaluation of risk-related controls.
  • Determines the residual evaluation risk, identifying the risk response options and their application.
  • Ensures the continuous monitoring and revision of the risk management process.
  • Guarantees the communication with and easy access to evaluations.
  • Guarantees the recording of the entire risk management process.

Back to top
Download Center
Select materials of interest and click Download