COSO Committee of Sponsoring Organizations of the Treadway Commission
Committee of Sponsoring Organizations of the Treadway Commission
Principle 4: The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
The following points of focus highlight important characteristics relating to this principle:
-
Establishes Policies and Practices—Policies and practices reflect expectations of competence necessary to support the achievement of objectives.
-
Evaluates Competence and Addresses Shortcomings—The board of directors and management evaluate competence across the organization and in outsourced service providers in relation to established policies and practices, and act as necessary to address shortcomings.
-
Attracts, Develops, and Retains Individuals—The organization provides the mentoring and training needed to attract, develop, and retain sufficient and competent personnel and outsourced service providers to support the achievement of objectives.
-
Plans and Prepares for Succession—Senior management and the board of directors develop contingency plans for assignments of responsibility important for internal control.
Policies and practices are the entity-level guidance and behavior that reflect the expectations and requirements of investors, regulators, and other stakeholders. They provide the foundation for defining the competence needed within the organization and provide the basis for more detailed procedures for executing and evaluating performance as well as determining remedial actions, as necessary. Such policies and practices provide:
-
Requirements and rationale (e.g., implications of product safety laws, rules, regulations, and standards for the entity)
-
Skills and conduct necessary to support internal control in the achievement of the entity's objectives (e.g., knowledge of the operation of technology platforms underpinning business processes)
-
Defined accountability for performance of key business functions (e.g., defined owners of product safety and areas of applicability within the organization)
-
Basis for evaluating shortcomings and defining remedial actions, as necessary (e.g., correcting a process or strengthening the skills of management and other personnel)
-
Means to react dynamically to change (e.g., linkage to applicable operating procedures to reflect new regulatory requirements, new risks identified, or internal decision to modify business processes)
Policies and practices enable the focus on competence to permeate the organization, starting with the board of directors relative to the chief executive officer, the chief executive officer relative to senior management, and cascading down to various levels of management. The resulting commitment to competence facilitates measuring the achievement of objectives at all levels of the organization and by outsourced service providers by establishing how processes should be carried out and what skills and behavior should be applied.
Competence is the qualification to carry out assigned responsibilities. It requires relevant skills and expertise, which are gained largely from professional experience, training, and certifications. It is expressed in the attitude, knowledge and behavior of individuals as they carry out their responsibilities.
The human resources function of an organization can often help define competence and staffing levels by job role, facilitating training and maintaining completion records, and evaluating the relevance and adequacy of individual professional development in relation to the entity's needs.
The organization defines competence requirements as needed to support the achievement of objectives, considering, for instance:
-
Knowledge, skills, and experience needed
-
Nature and degree of judgment and limitations of authority to be applied to a specific position
-
Cost-benefit analysis of different levels of skills and experience
The board of directors evaluates the competence of the chief executive officer and, in turn, management evaluates competence across the organization and outsourced service providers in relation to established policies and practices, and then acts as necessary to address any shortcomings or excesses. In particular, a changing risk profile may cause the organization to shift resources toward areas of the business that require greater attention. For example, as a company brings a new product to market, it may elect to increase staffing in its sales and marketing teams, or as a new applicable regulation is issued, it may focus on those individuals responsible for implementation. Shortcomings may arise relating to staffing levels, expertise, or a combination of factors. Management is responsible for acting on such shortcomings in a timely manner.
The commitment to competence is supported by and embedded in the human resource management processes for attracting developing, evaluating, and retaining the right fit of management, other personnel, and outsourced service providers. The adequate number of resources is determined and periodically readjusted considering the relative importance of risks to be mitigated to support the achievement of the entity's objectives. Management at different levels establishes the structures and processes to:
-
Attract—Seek out candidates who demonstrate a fit with the entity's culture, operating style, and organizational needs, and who have the competence for the proposed roles.
-
Train—Enable individuals to develop competencies appropriate for assigned roles and responsibilities, reinforce standards of conduct and expected levels of competence for particular assignments, tailor training based on roles and needs, and consider a mix of delivery techniques, including classroom instruction, self-study, and on-the-job training.
-
Mentor—Provide guidance on the individual's performance toward expected standards of conduct and competence, align the individual's skills and expertise with the entity's objectives, and help personnel adapt to an evolving environment.
-
Evaluate—Measure the performance of individuals in relation to the achievement of objectives and demonstration of expected conduct, and against service-level agreements or other agreed-upon standards for recruiting and compensating outsourced service providers.
-
Retain—Provide incentives to motivate and reinforce expected levels of performance and desired conduct, including training and credentialing as appropriate.
Through this process, any behavior not consistent with standards of conduct, policies and practices, and internal control responsibilities is identified, assessed, and corrected in a timely manner or otherwise addressed at all levels of the organization. This enables the organization to actively address competence to support the achievement of the entity's objectives balancing costs and benefits.
Management continually identifies and assesses those performing functions that are deemed essential to achieving the entity's objectives. The importance of each role is determined by assessing what the impact would be if that role was temporarily or permanently unfilled. For instance, the chief executive officer and other members of senior management, strategic suppliers, and key channel partners are functions that typically require plans to be put in place to make sure those objectives can still be achieved, even in the absence of the individual filling the role.
Senior management and the board of directors develop contingency plans for assigning responsibilities important to internal control. In particular, succession plans for key executives are defined, and succession candidates are trained and coached for assuming the target role.
Succession planning is also undertaken when significant functions are delegated through contractual arrangements to outsourced service providers. Where an organization places considerable reliance on an external party and the organization has assessed the risk of that provider's processes or systems breaking down as having a direct impact on the entity's ability to achieve its objectives, some form of succession plan may be needed. Measures to provide for ongoing knowledge sharing and documentation ease the succession to a new provider when necessary.
| Generated November 9, 2014 22:46:48 |