Organisational Structure Template

Introduction

The organisational structure in the COSO framework is the third dimension of the COSO Cube, which is a visual tool that shows the relationship between the parts of an effective internal control system. The side end of the cube forms the organizational structure. The side of the COSO cube represents an organisation's hierarchy, with the entity level at the top and functions at the bottom. On the right side of the cube, from left to right, an organisation's entity level, division, operating unit and function are displayed. Each may be affected by business unit activities, function controls and business-level controls.

Understanding The Organisational Structure Template

The organisational structure of the COSO Framework is depicted through its iconic three-dimensional cube model, which provides a comprehensive representation of how internal controls are structured and integrated within an organisation. This model ensures that all critical aspects of internal control are addressed, offering a clear and systematic approach to managing risks and achieving organisational objectives. Below is a detailed explanation of its components:

1. Three Categories of Objectives (Columns of the Cube)

The framework organises its goals into three broad categories to ensure an organisation’s activities are aligned with its strategic priorities and legal requirements:

• Operations Objectives: These relate to the effectiveness and efficiency of the organisation’s operations. They focus on achieving operational goals, optimising resource utilisation, and safeguarding assets from theft, loss, or misuse.

• Reporting Objectives: These ensure that all financial and non-financial reporting is accurate, reliable, and timely. This includes both internal reports used for decision-making and external reports required by stakeholders or regulatory bodies.

• Compliance Objectives: These are designed to ensure that the organisation adheres to applicable laws, regulations, and internal policies. This helps mitigate legal risks and ensures the organisation operates within ethical and regulatory boundaries.

2. Five Components of Internal Control (Rows of the Cube)

The framework identifies five interrelated components that form the foundation of an effective system of internal controls:

• Control Environment: This is the bedrock of the framework, comprising the organisation’s ethical values, governance structure, and the overall tone set by leadership. It emphasises accountability, integrity, and a commitment to organizational policies.

• Risk Assessment: This involves identifying, analyzing, and prioritizing risks that might threaten the achievement of objectives. Effective risk assessment enables an organization to anticipate and respond to potential challenges.

• Control Activities: These are the policies, procedures, and mechanisms implemented to mitigate risks. They include approvals, authorizations, verifications, reconciliations, and segregation of duties.

• Information and Communication: This ensures that relevant and reliable information is collected, shared, and communicated effectively across all levels of the organization. It facilitates informed decision-making and supports the functioning of internal controls.

• Monitoring Activities: These involve ongoing or periodic evaluations to ensure that the internal control system remains effective over time. Monitoring allows for the identification and correction of deficiencies in real-time or during periodic reviews.

3. Organizational Levels (Depth of the Cube)

The framework applies to all levels of an organization, ensuring that internal controls are embedded across its entire structure:

• Entity Level: This is the highest level, encompassing organization-wide controls such as governance, strategic oversight, and policies that align with the organization’s mission and vision.

• Division Level: At this level, internal controls are tailored to address the specific risks and objectives of individual business units or divisions. For example, a retail division may prioritize inventory management, while a finance division focuses on regulatory compliance.

• Operational Unit Level: This level focuses on the controls within operational processes and activities. These controls are designed to improve efficiency, ensure proper execution of tasks, and mitigate risks related to day-to-day operations.

• Function or Process Level: The most granular level, where controls are applied to specific tasks or functions within a process. Examples include approval workflows, reconciliations, and adherence to task-specific guidelines.

Functional Units Within Organisational Levels (Depth of the COSO Cube)

The COSO Framework is designed to be applied across all levels within an organization, ensuring a comprehensive approach to internal controls and risk management. These levels range from broad, organization-wide controls to detailed, task-specific activities. Here’s how the framework is structured at various organizational levels:

• Entity Level: At the topmost level, internal controls are established to guide the organization as a whole. These overarching controls include governance policies, ethical standards, and strategic objectives that shape the organization’s direction. Examples include the board of directors' oversight, company-wide risk management policies, and the tone set by leadership regarding ethical conduct and accountability.
• Division Level: This level focuses on the specific needs and goals of major business units or divisions within the organization. Controls at this level ensure that divisional objectives align with the broader organizational strategy while addressing risks unique to the division’s operations. For instance, a manufacturing division may have distinct quality control measures, while a finance division might prioritize compliance with financial reporting standards.
• Operational Unit Level: Internal controls are further refined at the operational unit level, targeting the processes and functions that drive day-to-day business activities. At this level, controls are designed to ensure the efficiency and effectiveness of operations, safeguard assets, and address risks at a granular level. Examples include inventory management procedures, production line checks, and departmental performance monitoring.
• Function or Process Level: The most detailed level of the framework focuses on specific tasks and activities within processes. Controls at this level ensure that individual tasks are performed accurately and consistently, contributing to the reliability of the overall process. For example, this might include reconciling accounts payable, approving purchase orders, or monitoring access to sensitive data.

Conclusion

An organisational structure template serves as a valuable tool for clearly defining the roles, responsibilities, and relationships within a company. It provides a visual representation of how various departments or teams are organized, ensuring that each member understands their position in the hierarchy. This structure not only facilitates efficient decision-making but also promotes effective communication, accountability, and collaboration across different levels of the organisation.