In the case of Malcolm Frederick who recently entered in a new venture, we critically use one of the established control frameworks to describe how the operation of motel/café can be efficient, by applying the correct methods.
Committee of Sponsoring Organisations of the Treadway Commission (COSO) provides frameworks and guidance regarding the aspect of enterprise risk management. In 1992, COSO issued a model called "Internal Control : Integrated Framework " which is widely used all over the world as an effective framework to design, implement and evaluate the effectiveness of internal controls. COSO defines internal control as a "process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives such as effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations" (Palfi,2009.)
Internal controls consist of many advantages to an organisation, firstly by providing reasonable assurance to the management that entity's objectives will be achieved. However, we need to mention that it is impossible to for this model to work perfectly and make sure that always objectives will be met, having in mind the human error and the uncertainty, as well as the fraud occurred by entity's personnel. Another advantage is that the use of internal controls helps to reduce the risk of fraud in an entity and also eliminating the risk of errors and irregularities before they occur. This can bring the organisation to a competitive advantage towards competitors with poor control system.
COSO framework indicates that an effective and adequate control system compromises of five necessary components:
1) Control Environment
This componet is the foundation of the other components and provides discipline and structure, and it expresses the operating and management philosophy of the entity. Also, the control environment shows how the management assigns authority and split responsibilities as well as the way it organises the employees (Curtis & Wu, 2000). Furthermore this element illustrates the tone of the organisation although it is "influenced by the integrity and ethical values of those in leadership positions" (Palfi, 2009). A "weak" control environment will mean that the management is not serious about internal controls, fraud can occur more easily, and generally the management fails to take effective disciplinary action. (Gauthier,2006).
Control environment is very important for the proper functioning of the motel/cafe and Malcolm must help employees to understand that are working in a well-formatted entity, where the management is aware of the potential risks. The owner can promote integrity and ethical values ​​of the entity by setting realistic performance targets and reducing incentives for unethical or illegal behaviour and providing moral guidance. This can be achieved through the existence of a written code of ethics and ensure that is followed by all employees. Therefore it is crucial that the owner split responsibilities among individuals with the right skills, making sure that the employees understand the structure and the objectives of the entity, and that are accountable for their internal control responsibilities in relation to the objectives.
2) Risk Assessment
This component as it is described by the COSO framework, assess the possible internal and external risks to the entity, the possible likelihood and the impact of these risks. Athearn (1971) defines risk as the "possibility of loss" or "the possibility of an unfavourable deviation from expectations" that includes uncertainty. The duty of risk assessment is the responsibility to identify, analyse and manage these risks that can affect the entity's activities such as production, sales etc. By analysing this component, we understand that if an entity understand and react to in a reasonable time frame to unexpected situations, reduce the impact of these risks and secure the reputation of the entity, at the same time that eliminates the exposure to these risks. It is extremely important for the responsible party, either management, internal auditor or risk manager, to identify the changes in the environment and update the existing measures or policies to cope with the possible new risks (Rezaee,1995) .
The motel/café faces a number of risks from external and internal factors and risks need to be assessed,since the owner is enetering a new market for him and is liable for dangerous incidents. Risk assessment for the hotel acquires the identification and analysis of risks associated with the achievement of the objectives, forming a basis in the manner management. The economic, industrial, regulatory, and business continue to change, the owner need appropriate mechanisms to identify and control the risks associated with change, and so he can prevent or eliminate the impact of these risks to his entity.
3) Control Activities
According to Frazer (2012), this component represents the policies and procedures such as approvals, authorisation, segregation of duties towards the identified risks to provide reasonable assurance that the objectives of the entity are met and that risks are managed effectively. There are three types of control activities; operating control activities are responsible to manage and monitor the operations, financial control activities try to ensure that the process of financial reporting is well-grounded. The third type is compliance control activities are directed to guarantee
that the entity compliance with laws and regulations obedience to ethical guidelines ( Rezaee, 1995).
This is the part where the management, in our case the owner represents this function, must have in mind the identified risks for the motel/cafe,and with the help of an internal or external auditor must put in place some policies or actions to avoid the occurrence and the impact of these risks. The necessary control activities for the entity will be explained as we proceed in the report, as well as the identified weaknesses by considering the potential for fraud.
4) Information and Communication
This component is described by Rezaae (1995) as "the information captured and how messages flow through an entity." Effective communication must flow to all parts of the organization. All employees must receive a clear message from management that the control responsibilities must be taken seriously and should have the tools to communicate effectively with the top level of the entity. Also effective communication also must exist among with external parties such as customers, suppliers. In the case of the motel/cafe, the employees must understand their role and responsibilities so it could result to an efficient control system, avoiding unexpected incidents and reducing unnecessary costs. Furthermore, the management expectations together with the commitment of the employees must be communicated so everyone realize the objectives of the entity and achieve higher performance.
5) Monitoring
This is the last of the components of COSO framework, and is concerned as essential to design and implement Even if is the last one listed, monitoring is essential in order to design and implement a reliable internal control system and meet with the objectives of the entity (Cosmin, 2011). There is a possibility that existing internal controls become outdated due to change in environment (new personnel, advances in technology, increase in competition), and therefore internal controls need to be revised as a way to meet with the objectives of the organisation. Monitoring will help the management to identify any deficiencies in the system and provide more accurate and reliable information.
