2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx

2 days ago
Shravani Kasturi
Discussion
COLLAPSE
Top of Form
IT governance refers to the procedures implemented to manage
information technology and the increasing value obtained from
investing in information and technology (Joshi, Bollen,
Hassink, Haes & Grembergen, (2018). It is made up of
frameworks whose aim is to increase the management of risks
arising due to the use of information technology. It aims at
ensuring that information technology is used to increase the
likelihood of achieving objectives for the business. IT
governance is essential in allowing companies to be compliant
with legal guidelines; for instance, those contained in
companies act. It provides a likelihood of an increase in the
investments made by a company regarding information
technology.
Many factors fueled the need for adoption of IT governance.
The first factor is the increase in the number of risks facing
information technology. The increased legal risks due to the
lack of compliance of guidelines is another critical factor that
contributed to a need for IT governance. The ability of IT
governance to reduce the costs used in coming up with new
inventions increased its adoption. Many companies make use of
a lot of resources for discovery.
ISO provides guidelines meant to increase security (Santi,
2018). Its primary role is the provision of guidance concerning
aspects of security. It offers advice on how to operate manage
and make use of the networks effectively. It also provides
guidelines on how the systems can be used effectively to
increase security. The ISO also provides guidelines regulating
the implementation of controls. Therefore, ISO has dramatically

affected the standards of network security by increasing the
protection of the networks. It is through the guidelines it
provides that aims at expanding the manner at which the
network security is designed. It also provides an outline of how
the implementation should be carried out to increase network
security. It increased standards by developing secure
communications interconnecting networks. It is through the
provision of very secure gateways.
References
Joshi, A., Bollen, L., Hassink, H., Haes, S. D., Grembergen, W.
V., (2018). Explaining IT Governance disclosure through the
constraints of IT governance maturity and IT strategic
role. Information & Management, 55(3), 368-380
Santi, P. (2018). A design network model for information
security management standards depends on ISO 27001. GSTF
Journal on Computing, 5(4), 1-11
Bottom of Form
19 hours ago
Rahul Reddy Kallu
Discussion 6
COLLAPSE
Top of Form
IT governance and data governance are subset of Information
Governance (IG), which defines set of policies and procedures
to concentrate more on how to effectively manage information.
These policies include managing structured (records) and
unstructured data (e-mails, e-documents). IT governance
policies are aimed towards protecting sensitive data such as
Protected Health Information (PHI), ensuring privacy of
Personally Identifiable Information (PII), legal and regulatory
compliance, records retention and information disposal.

According to the IT Governance Institute, “IT governance is the
responsibility of executives and the board of directors, and
consists of leadership, organizational structures, and processes
that ensure that the enterprise’s IT sustains and extends the
organization’s strategies and objectives”. Governance implies
establishing policies and implementing structure around how the
agencies align their IT strategy with their business strategy, to
ensure that they stay on track to achieve their strategic goals,
and implement effective ways to measure the agencies’ IT
performance (Gunawardena & Ramesh, 2014).
IT governance brings value to the organization and its effective
value creation to IT investments has long been recognized,
which is cited as the reason for achieving excellence in
management of IT (Gunawardena & Ramesh, 2014). The
policies developed through IT governance are implemented on
investments, projects and resources in an effort to reduce
redundancy across organization, review opportunities and
improve cost savings (Gunawardena & Ramesh, 2014).
Governance allows organizations to be active in the strategic
management of IT and make sure the basic elements are in place
(Gunawardena & Ramesh, 2014). These basic elements include
Alignment and responsiveness, objective decision making,
resource balancing, organizational risk management, execution
and enforcement, accountability (Gunawardena & Ramesh,
2014). IT governance cannot exist as an individual process and
is a process by which decisions are made around enterprise IT
investments and projects. IT governance enables leadership to
make better strategic decisions and proactively manage and
evaluate future investment as a group (Gunawardena & Ramesh,
2014).
ISO for network security was first published in 2009
as ISO/IEC 27033-1, which is a revision of ISO 18028-1:2006
(The ISO 27000 Directory, n.d.). ISO/IEC 27033 is a multi-part
standard derived from existing five-part ISO/IEC 18028

(SecAware Policies, n.d.). “The purpose of ISO/IEC 27033 is to
provide detailed guidance on the security aspects of the
management, operation and use of information system networks,
and their inter-connections. Those individuals within an
organization that are responsible for information security in
general, and network security in particular, should be able to
adapt the material in this standard to meet their specific
requirements.” (SecAware Policies, n.d.). Part 1, ISO/IEC
27033-1 offers guidance on identifying and analyzing network
security risks, offers definition of network security, provides an
overview of security controls to support network technical
security architectures and covers implementation and operation
of network security controls and ongoing monitoring (The ISO
27000 Directory, n.d.). Part 2, ISO/IEC 27033-2 provides
guidelines for the design and implementation of network
security which covers risks, design, technique, control issues
and serves as a foundation for detailed recommendations on
end-to-end network security (SecAware Policies, n.d.). Part 3,
ISO/IEC 27033-3 discusses threats, specifically, rather than all
the elements of risk (SecAware Policies, n.d.). Part 4, ISO/IEC
27033-4 discusses securing communications between networks
using security gateways, outlines how security gateways analyze
and control network through packet filtering, stateful packet
inspection, application proxy, application firewalls, network
address translation and content analysis and filtering (SecAware
Policies, n.d.). Part 5, ISO/IEC 27033-5 discusses securing
communications across networks using virtual private networks
(VPNs) and part 6, ISO/IEC 27033-6 discusses securing
wireless IP network access (SecAware Policies, n.d.).
References
Gunawardena, L., & Ramesh, L. (2014, Aug 15). Understanding
IT Governance and Why It Often Fails. Retrieved from
Architecture & Governance:
https://www.architectureandgovernance.com/it-

governance/understanding-governance-often-fails/
SecAware Policies. (n.d.). ISO/IEC 27033. Retrieved from
SecAware Policies:
https://www.iso27001security.com/html/27033.html
The ISO 27000 Directory. (n.d.). Introduction To ISO 27033
(ISO27033). Retrieved from The ISO 27000 Directory:
https://www.27000.org/iso-27033.htm
Bottom of Form
Managing and Using Information Systems:
A Strategic Approach – Sixth Edition
Keri Pearlson, Carol Saunders,
and Dennis Galletta
© Copyright 2016
John Wiley & Sons, Inc.
Chapter 9
Governance of the Information Systems Organization

2
Learning Objectives
Understand how governance structures define how decisions are
made
Describe governance based on organization structure, decision
rights, and control
Discuss examples and strategies for implementation.
© 2016 John Wiley & Sons, Inc.
3
Intel’s Transformation
Huge performance improvements between 2013 and 2014
Was it due to a spending increase?
Intel’s evolution
1992: Centralized IT
2003: Protect Era – lockdown (SOX & virus)
2009: Protect to Enable Era (BYOD pressure)
4
No, it was due to a spending decrease, not an increase.

They focused on protecting to enable, not just locking down
4
Intel Reached Level 3:
Developing programs and delivering services
Contributing business value
Transforming the firm
Previously: categorized problems as “business” or “IT”
Now: Integrated solutions are the only way
5
IT Governance
Governance (in business) is all about making decisions that
Define expectations,
Grant authority, or
Ensure performance.
Empowerment and monitoring will help align behavior with
business goals.
Empowerment: granting the right to make decisions.
Monitoring: evaluating performance.
6

A decision right is an important organizational design variable
since it indicates who in the organization has the responsibility
to initiate, supply
information for, approve, implement, and control various types
of decisions.
6
IT Governance
IT governance focuses on how decision rights can be distributed
differently to facilitate three possible modes of decision
making:
centralized,
decentralized, or
hybrid
Organizational structure plays a major role.
7
Four Perspectives
Traditional – Centralized vs decentralized
Accountability and allocation of decision rights
Ecosystem
Control structures from legislation
8

Centralized vs. Decentralized Organizational Structures
Centralized – bring together all staff, hardware, software, data,
and processing into a single location.
Decentralized – the components in the centralized structure are
scattered in different locations to address local business needs.
Federalism – a hybrid of centralized and decentralized
structures.
9
9
Organizational continuum
10
Federalism
Most companies would like to achieve the advantages of both
centralization and decentralization.
Leads to federalism
Distributes, power, hardware, software, data and personnel
Between a central IS group and IS in business units
A hybrid approach

Some decisions centralized; some decentralized
11
11
Federal IT
12
12
Recent Global Survey
Percent of firms reporting that they are:
Centralized: 70.6%
Decentralized: 13.5%
Federated: 12.7%
13

Figure 9.4 IT Accountability and Decision Rights
MismatchesAccountabilityLowHighDecision
RightsHighTechnocentric Gap
Danger of overspending on IT creating an oversupply
IT assets may not be utilized to meet business demand
Business group frustration with IT group Strategic Norm (Level
3 balance)
IT is viewed as competent
IT is viewed as strategic to businessLowSupport Norm (Level 1
balance)
Works for organizations where IT is viewed as a support
function
Focus is on business efficiencyBusiness Gap
Cost considerations dominate IT decision
IT assets may not utilize internal competencies to meet business
demand
IT group frustration with business group
14
Figure 9.5 Five major categories of IT
decisions.CategoryDescriptionExamples of Affected IS
ActivitiesIT PrinciplesHow to determine IT assets that are
neededParticipating in setting strategic directionIT
ArchitectureHow to structure IT assetsEstablishing architecture
and standardsIT Infrastructure StrategiesHow to build IT
assetsManaging Internet and network services; data; human
resources; mobile computingBusiness Application NeedsHow to
acquire, implement and maintain IT (insource or

outsource)Developing and maintaining information systemsIT
Investment and PrioritizationHow much to invest and where to
invest in IT assetsAnticipating new technologies
15
Political Archetypes (Weill & Ross)
Archetypes label the combinations of people who either provide
information or have key IT decision rights
Business monarchy, IT monarchy, feudal, federal, IT duopoly,
and anarchy.
Decisions can be made at several levels in the organization
(Figure 9.6).
Enterprise-wide, business unit, and region/group within a
business unit.
16
For each decision category, the organization adopts an
archetype as the means to obtain inputs for decisions and to
assign responsibility for them.
16
Political Archetypes

Organizations vary widely in their archetypes selected
The duopoly is used by the largest portion (36%) of
organizations for IT principles decisions.
IT monarchy is the most popular for IT architecture (73%) and
infrastructure decisions (59%).
17
Figure 9.6 IT governance archetypes
18
There is no best arrangement for the allocation of decision
rights.
The most appropriate arrangement depends on a number of
factors, including the type of performance indicator.
18
Emergent Governance:
Digital Ecosystems
Challenge a “top down” approach
Self-interested, self-organizing, autonomous sets of
technologies from different sources
Firms find opportunities to exploit new technologies that were

not anticipated
Good examples:
Google Maps
YouTube
19
Another Interesting Example
Electronic Health Record
Can connect to perhaps planned sources:
Pharmacy
Lab
Insurance Company
And can connect to unplanned sources:
Banks – for payment
Tax authority – for matching deductions
Smartphone apps – for many purposes
20
How to Govern in this case?
Might be difficult to impossible!
The systems might simply emerge and evolve over time
No one entity can plan these systems in their entirety

21
Mechanisms for Making Decisions
Policies and Standards (60% of firms)
Review board or committee
Steering committee (or governance council)
Key stakeholders
Can be at different levels:
Higher level (focus on CIO effectiveness)
Lower level (focus on details of various projects)
22
Summary of Three Governance FrameworksGovernance
FrameworkMain ConceptPossible Best PracticeCentralization-
DecentralizationDecisions can be made by a central authority or
by autonomous individuals or groups in an organization.A
hybrid, Federal approachDecision ArchetypesSpecifying
patterns based upon allocating decision rights and
accountability. Tailor the archetype to the situationDigital
EcosystemsMembers of the ecosystem contribute their
strengths, giving the whole ecosystem a complete set of
capabilities.Build flexibility and adaptability into governance.
23

A Fourth – Out of a Firm’s Control:
Legislation
24
Sarbanes-Oxley Act (SoX) (2002)
To increase regulatory visibility and accountability of public
companies and their financial health
All companies subject to the SEC are subject to SoX.
CEOs and CFOs must personally certify and be accountable for
their firm’s financial records and accounting.
Firms must provide real-time disclosures of any events that may
affect a firm’s stock price or financial performance.
20 year jail term is the alternative.
IT departments play a major role in ensuring the accuracy of
financial data.
25
25

IT Control and Sarbanes-Oxley
In 2004 and 2005, IT departments began to
Identify controls,
Determine design effectiveness, and
Test to validate operation of controls
26
26
IT Control and Sarbanes-Oxley
Five IT control weaknesses are repeatedly uncovered by
auditors:
Failure to segregate duties within applications, and failure to set
up new accounts and terminate old ones in a timely manner
Lack of proper oversight for making application changes,
including appointing a person to make a change and another to
perform quality assurance on it
Inadequate review of audit logs to not only ensure that systems
were running smoothly but that there also was an audit log of
the audit log
Failure to identify abnormal transactions in a timely manner
Lack of understanding of key system configurations
27

Frameworks for Implementing SoX
COSO - Committee of Sponsoring Organzations of the
Treadway Commission.
Created three control objectives for management and auditors
that focused on dealing with risks to internal control
Operations –maintain and improve operating effectiveness;
protect the firm’s assets
Compliance –with relevant laws and regulations.
Financial reporting –in accordance with GAAP
28
28
Control Components
Five essential control components were created to make sure a
company is meeting its objectives:
Control environment (culture of the firm)
Assessment of most critical risks to internal controls
Control processes that outline important processes and
guidelines
Communication of those procedures
Monitoring of internal controls by management
29

Frameworks (continued)
COBIT (Control Objectives for Information and Related
Technology)
IT governance framework that is consistent with COSO
controls.
Issued in 1996 by Information Systems Audit & Control
Association (ISACA)
A company must
Determine the processes/risks to be managed.
Set up control objectives and KPIs (key performance indicators)
Develop activities to reach the KPIs
Advantages - well-suited to organizations focused on risk
management and mitigation, and very detailed.
Disadvantages – costly and time consuming
30
30
IS and the Implementation of SoX Compliance
The IS department and CIO are involved with the
implementation of SoX.
Section 404 deals with management’s assessment of internal
controls.
Six tactics that CIOs can use in working with auditors, CFOs,
and CEOs (Fig. 9.9):

Knowledge building (Build a knowledge base)
Knowledge deployment (Disseminate knowledge to
management.)
Innovation directive (Organize for implementing SoX)
Mobilization (Persuade players and subsidiaries to cooperate)
Standardization (Negotiate agreements, build rules)
Subsidy (Fund the costs)
A CIO’s ability to employ these various tactics depends upon
his/her power (relating to the SoX implementation).
31
The CIO needs to acquire and manage the considerable IT
resources to make SoX compliance a reality.
31
Managing and Using Information Systems:
A Strategic Approach – Sixth Edition
Keri Pearlson, Carol Saunders,
and Dennis Galletta
© Copyright 2016
John Wiley & Sons, Inc.

978-1-5386-6589-3/18/$31.00 ©2018 IEEE
COSO Framework for Warehouse Management
Internal Control Evaluation: Enabling Smart
Warehouse Systems
Ratna Sari
Information Systems Department,
School of Information Systems,
Bina Nusantara University,
Jakarta 11480, Indonesia
Computer Science Department, BINUS
Graduate Program – Doctor of
Computer Science, Bina Nusantara
University, Jakarta, Indonesia 11480
[email protected]
Raymond Kosala

Computer Science Department, BINUS
Graduate Program – Doctor of
Computer Science, Bina Nusantara
University, Jakarta, Indonesia 11480
[email protected]
Benny Ranti
Faculty of Computer Science,
Universitas Indonesia,
Depok 16424, Indonesia
[email protected]
Suhono Harso Supangkat
Sekolah Teknik Elektro dan
Informatika,
Institut Teknologi Bandung,
Bandung, Indonesia
[email protected]
Abstract— There are many ways for the company to
improve its performance, one of them is optimizing the
internal control of the company's activities. Internal
control is intended to evaluate company activities and

operations. This study took a case study at PT. XYZ
related to the evaluation of internal controls in
warehouse management using the COSO framework
approach. From 5 elements and 17 Principle, study
found, there are 2 principles that have not been applied
in PT. XYZ; enforced accountability and control over
technology. The recommendation given is system
improvement as intended the inventory system to be
more accurate and reliable to enable smart warehouse
systems inside organizations.
Keywords: internal control, COSO framework, warehouse
management, evaluation
I. INTRODUCTION
There are many ways for the company to improve its
performance, one of them is optimizing the internal control
of the company's activities and also implementation of the
new system to increase efficiency and effectiveness in all

business process activities [4]. Internal control is a process
undertaken by company management to assist the
achievement of operations, reporting and in accordance with
the compliance [9]. The internal optimization is needed
because it describes the overall rules and procedures used by
management to improve management effectiveness in the
business and identify lack of internal control in the business
processes that it can make the organization vulnerable and
possible risks occurs, eventually all these risks can have an
impact on a company's financial performance [2].
In warehouse management, internal controls devoted to
optimizing the functions, including the process of finished
goods inventory, and it useful to organize the distribution
process to the market. According to Rita Makumbi (2013)
[6] the function of the warehouse management is one of a
service that can help the company's operational functions
run smoothly as a store of raw material, unfinished goods,
until stock the finished goods or inventory. One of the

problem in warehouse management is high production of
manufacture, company must pay attention to the process
from the beginning of production, to the process of goods
delivery, and inventory calculations.
One of famous approach for warehouse management
control is using COSO framework. COSO framework is one
of tools to maintain the effectiveness and efficiency of
inventory process in organizations [12]. COSO framework
also known as integrated framework that can help company
to:(1) warehouse operation process more effective and
efficient; (2) accountable and reliable of inventory stock
calculation; (3) compliances with government law and
regulations [8].
This research took case study from PT. XYZ as one of
company who implemented the warehouse management.
Based on observing in PT. XYZ, we found that company
still difficulty to balance the production and inventory
storage in warehouse which impact to lack of inventory

control.
II. LITERATURE REVIEW
Early definition of internal control is the plan of
organization to coordinate methods and measure all the
element in process business safe, accurate, reliable,
encourage the prescribed managerial policies [10]. Another
definition of internal control is philosophy of risk alignment,
risk management, ethics, policies, resources, tasks and
responsibilities according to organizational capacity to
manage risk [12].
In warehousing planning and control, company produces
various product, company needs good control over its
inventory which two main objectives such as (1) warehouse
inventory planning and control; (2) reliable inventory report
to support financial statements [11]
Related to COSO framework, basic concepts of internal
control are:(a) internal control is an integrated process and a

tool that can be used to achieve organization goals; (b)
Internal control is not only limited to policies and
procedures but should include all levels within the
organization; (c) Internal control can only provide a
reasonable guarantee, not an absolute guarantee, because
there are limitations that can obstruct the absoluteness of the
internal control itself; (d) Internal Control will ultimately
result in achievement of goals in categories of financial
statements, compliance, operational activities [13].
Using COSO framework for evaluating the internal
control helps company to calculate the probability of risk
which can occur adversely [2]. However COSO can
maintain and support the company to maintain risk which
known can give positive feedback nor negative [12].
COSO framework is consist of five: (1) Control
environment; (2) Risk assessment; (3) Control activities; (4)
Information & Communication; (5) Monitoring activities

[7].
Figure 1. The COSO Cube [3]
Table 1. Component of Internal Control in COSO [1]
III. METHODOLOGY
With COSO framework approach this research starting
with process business analysis as preliminary measurement
and basic analysis in PT. XYZ then continue with internal
control evaluation as follow:
Figure 2. The Research Flow for Warehouse Management
Evaluation in PT. XYZ
For detail performed as follows:
1) Meeting related to explaining flow of evaluation
process.
2) Conducting interviews with stakeholders such as IS
team leader operations, IS analyst, supervisor factory
logistics, team leader factory logistics, warehouse staff,

forklift drivers, internal control, and IPG (Information
Protection & Governance) to observe and also learn
detail about how the business process run, systems
used and also the company's internal control
procedures.
3) Documents checking related to the process of the
finished goods inventory.
4) Doing directly observations in order to learn and
understand more clearly about the working procedures
associated with the process of finished goods
inventory.
IV. ANALYSIS AND RESULT
A. FINDINGS
Based on the results of research and interviews as
part of internal control evaluation, here are the results:
Based on the result above, total of 17 principles from
COSO framework known as 2 principles is in red area for
medium and high risk area, 6 principles is in yellow area
which “not fully adapted” for medium and high risk area
and green area for total 9 principles from low and high
risk area.

For the red area, we conducted deeply investigation
as high level evaluation for give the best
recommendation. We found incorrect procedure during
the process of inventory cycle in warehouse, due to goods
receipt in warehouse is not loaded to the shelf directly
and it put to wrong shelf. The impact, a lot of expired
inventory due to incorrect process in goods issue. The
inventory are stored in a multilevel shelf. During the
good issue and shipment for delivery, it was taken
randomly.
Another issued for the red area is control activities for
control over technology. PT. XYZ not only use
warehouse management but also already used one of the
systems like robot machine systems for put the inventory
during the goods receipt. The process starts when
shipping case sent by the conveyor and the systems will
create into one pallet by robot machine then the next step
is data will be stored in the robot database, but once in
while systems went down, there is no back up so the
process will be stopped or create manually. The effect for
this case is lack of control for goods receipt.
B. RECOMMENDATION
After we found the fact findings about internal control
evaluation for warehouse management in PT. XYZ, the
recommendation is as follow:

• Conducting customization through warehouse
management system at PT. XYZ.
• Change business processes related to system
requirements.
The recommendation above expected, will support and
improved the process in PT. XYZ such as:(1) Eliminate the
manual process; (2) Provide reliable information about
location of inventory stored and retrieved; (3) Trackable
inventory; (4) Provide real-time information related to
inventory in the warehouse.
The recommendation of design architecture for
warehouse management customization is using Three-Tier
Architecture. While the warehouse management will
integrated with robot machine and the application will store
into one single application server. This design purpose with
benefit: (1) optimized the server for storage, data process
and retrieving database; (2) Reduce data duplication [5].
Figure 3. Three-Tier Architecture [5]

The business process changes purposed as follow:
Robot Machine
Systems
Warehouse
Management
Systems
DATABASE
Interface Process Integration
Mobile Scanner (Goods Issue)
Inventory Barcode Create
Automatic Inventory Stock Calculation
Recommendation for Goods Issue
Movement (First In First Out Method
Adoption)
Figure 4. System Design
System design from figure 4, describes about additional

interface process integration as bridging between warehouse
management systems and robot machine systems which all
data from the systems will save into single database.
Otherwise the process will improve since the inventory
movement will follow with FEFO (First Expired First Out),
like picture describe in figure 5.
Table 2. Coso Matrix Performance in PT. XYZ
In the figure 5 shown the inventory movement while
systems automatically will scan and check the criteria. If the
criteria of the product proper the next step systems will
input into inventory systems and robot systems will take the
product into the pallet specifically based on criteria and
create delivery notes, afterwards the inventory staff will put
into shelf storing. For the next process, PT. XYZ move the
process of inventory into FEFO System (First Expired First

Out): the systems will create the delivery note (inventory
selection based on expired date) and show which the
inventory should out and help the inventory staff find the
correct inventory.
V. CONCLUSION
COSO framework not only providing better internal
control but also measurement of compliance risk due to
reviewing the organization operational as well. COSO
framework can support the risk mitigation, which can give
recommendation and also solution to the company.
Through 5 elements and 17 principles, it will help
company reach the objective nor goal of effectiveness and
efficiency company operation. Another opinion COSO
framework is likely common audit that enables controls not
the business operations but also all personnel inside of
company.
REFERENCES
[1] COSO Framework. (2016). Retrieved from
http://www.bussvc.wisc.edu/intcntrls/cosoframework.h
tml

[2] Diane J. Janvrin, E. A. (2012). The Updated COSO
Internal Control— Integrated Framework:
Recommendations and Opportunities for Future
Research. JOURNAL OF INFORMATION SYSTEMS,
189-213.
[3] J. Stephen McNally, C. (2013, June 2013). The 2013
COSO Framework & SOX Compliance : ONE
APPROACH TO AN EFFECTIVE TRANSITION.
Retrieved from
https://www.coso.org/documents/COSO%20McNallyT
ransition%20Article-
Final%20COSO%20Version%20Proof_5-31-13.pdf
[4] Jokipii, A. (2009). Determinants and consequences of
internal control in firms: a contingency theory based
analysis. Springer Science-Business Media, 115-144
[5] Kambalyal, C. (2010). Three Tier Architecture.
Retrieved from
http://channukambalyal.tripod.com/NTierArchitecture.

pdf
[6] Makumbi, R. (2013). Introduction to Warehousing
Principles and Practices. Lambert Academic
Publishing.
Figure 5 – The Process of Inventory Movement
[7] Martin, K., Sanders, E., & Scalan, G. (2014). The
Potential Impact of COSO Internal Control Integrated
Framework Revision on Internal Audit Structured
SOX Work Program . Elsivier - Research in
Accounting Regulations.
[8] Mary B. Curtis, F. H. (2000). The components of a
comprehensive framework of internal control. The
CPA Journal, 64-66.
[9] Miles E.A. Everson, S. E. (2013). Internal Control —
Integrated Framework. NY: Committee of Sponsoring
Organizations of the Treadway Commission.
[10] Procedure, A. I. (2008). Codification of auditing

standards and procedures . University of Mississippi
Library. Accounting Collection.
[11] Ravee, J. M. (2009). Pengantar Akuntansi-Adaptasi
Indonesia . Jakarta: Salemba Empat.
[12] Thomas V. Scannell, S. C. (2013). Supply Chain Risk
Management within the Context of COSO’s Enterprise
Risk Management Framework. Journal of Business
Administration Research, 15-28, Vol. 2, No. 1.
[13] Tsay, B.-Y. (2010). Designing an Internal Control
Assessment Program Using COSO's Guidance on
Monitoring. New York: The CPA Journal.

2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx

Recommended

Recommended

More Related Content

Similar to 2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx

Similar to 2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx (20)

More from lorainedeserre

More from lorainedeserre (20)

Recently uploaded

Recently uploaded (20)

2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx