This paper examines Amazon’s internal control practices using the COSO framework, which includes risk assessment, control activities, information and communication, control environment, and monitoring. It identifies potential risks that could hinder the framework’s effectiveness and provides insights on how to detect and address those risks.

COSO’S Internal Control Framework for Amazon

COSO internal control framework comprises of five interrelated components which include risk assessment, control activities, information and communication, control environment and monitoring activities. The components work together to form an effective system for achieving an organization’s objective. Amazon is objected in ensuring that they meet their customer’s need both local and internationally without struggling with physical visits. As one of the largest online selling platform, it is important to have a good framework to help them in customer satisfaction. This paper analyzes Amazon practices against COSO’s internal control frameworks, possible risks in the current practice that would limit the effectiveness of COSO’s control frameworks and an explanation on how to discover and fix a risk or the issue.

Amazon’s practices against COSO’s Internal Control frameworks

Risk Assessment

Risk assessment is a critical component that given the nature of the Amazon’s business. Being an online platform, they are to experience cyber security problems which they should put up strategies to protect their platform. For example, if their systems are hacked they risk losing confidential customers’ report and financial reports that put the company at a risk. Such kind of a risk will make them lose their customers and also lose large sums of money in the process of trying to recover their systems (Schoenfeld, 2022). To mitigate such risks it is important for the organization to identify different types of risks they are exposed to, analyze them and come up with strategies and policies that will help minimize the risk.

🔎 Master corporate governance and compliance topics with assignment support tailored to frameworks like COSO’s internal controls in major companies like Amazon.

Control environment

Amazon has a strong control environment that focuses on integrity and ethical practices. Amazon is a large and complex organization that offers variety of services online. This means customers do not have a physical shop to visit and they put their trust on the organization that their products will reach to them. Integrity and ethical evaluation is very crucial to create trust between the company and its customers. Creating loyalty is very important as it promotes customer’s loyalty towards the company and ensures more purchase of products from the company.

Control Activities

Some of the activities that Amazon is more likely use include stringent access controls, technology safeguards and operational procedures to mitigate identified risks. These control activities allows an organization to put control measures to help them mitigate risks that Amazon might experience. Such control measures protects an organization and are able to reduce damages caused in case a risk happens. Such a big online platform should not operate without measures that protect them from both internal and external measures. Internally the organization faces a risk of leadership misconduct where employees can become rude to a customer which might lead to reputation damage of the company. Control activities are essential and require to be well done to protect an organization.

Information and communication

Amazon emphasizes on effective communication and timely information flow across the organization. Communication plays a crucial role in growth and development of a company. Policies and regulations created by a company should be communicated from the senior ranking level to the junior ranking level without leaving any details (Schoenfeld, 2022). This ensures everybody is familiar with the changes that are happening in the company. Miscommunication can result to conflicts in the organization and disruptions in the organization’s activities. These tool enables Amazon to create a favourable working environment for the employees and favourable to the customers. Communication can reduce risks that are likely to happen because everyone is aware of what they are supposed to do. In case of a risk communication also helps in coming up with ideas which are easily implemented and ensure smooth running of the organization.

Monitoring activities

Monitoring activities components is crucial to Amazon. It involves continuous monitoring and periodic evaluations of essential operations both internally and externally. This ensures the business remains effective and responds to changes in the business environment. Amazon is able to compare their services with the needs of their customers. Monitoring is done through feedbacks from both employees and the customers. Feedbacks help an organization to rate their services and note on the areas of improvement. The organization is able to make changes and adjustments that will fit the customers and employee’s needs. Employees are also important as the customers and they can impact a business both negatively and positively. They should be handled with respect as they contribute to decision making and innovative ideas.

Possible Risk in the Current Practice that could limit the Effectiveness of COSO’s Internal Control Frameworks

COSO’s internal control frameworks effectiveness can be limited by a current practice that point out a possible risk. One of the possible risks that might reduce COSO’s effectiveness is the pace of technological changes. Over the years, technology has evolved and it changes gradually with time. Businesses and organizations have to keep to changing their systems to accommodate the new phases of technology (Mohammed, et al, 2021). If changes occur Amazon is exposed to risk where control activities designed to address technological vulnerabilities become out dated and less effective.

In this case Amazon has to incur extra cost to implement on the newly invented technology to protect the company. Data storage and protection is essential and requires organizations when keeping and handling them. Loss of data can be a threat to the company and also customers whose information has been accessed. The information might be used to engage in other activities which in most cases are illegal. Such incidences might result to reputation damage which might take years to recover and the business might close down.

Discovery and Resolution

Technological risks are very sensitive issues and they should not be overlooked. Policies and regulations should be put in place to allow smooth running of the systems. To enable Amazon to mitigate such a risk, they should be able to discover and find solutions for the discovery. Some of the discoveries and resolutions include;

Regular Technology Audits

Conducting regular technology audits helps identify and assess potential vulnerabilities in the existing control activities in the existing technology. This will contribute to reducing the risk that might be caused by sudden change in technology. Also this will help the company to know the steps they are supposed to take to accommodate the new technology. Technology can be a hitch that causes various operation disruptions and lead to increase in loses. If customers are not able to place in orders due to technology breakdown, the company will experience loses both financially and customers (Koshigaya et al, 2021). Amazon is an online platform and hence technology plays a major role in enhancing its sale and deliveries. Amazon has no physical shop for customers to shop or do physical visits. Customers have to ensure they place their orders online which are delivered to them. System breakdown is very delicate in this situation and an organization can make loses that can be hard to recover.

Continuous monitoring

Amazon should implement continuous monitoring mechanisms that detect changes in the technological landscape and update control activities accordingly. Continuous monitoring gives updates on what changes are required and policies that are supposed to be used to ensure the systems do not get corrupt. This reduces the risk of loss of data and sensitive information that involves the organization and the customers. It also gives a highlight on the necessary changes that need to be made to change the system and adapt to the new trends. The increasing case of loss of documents should also be reduced with the help of continuous monitoring on the activities employees are performing. This will promote transparency in the organization.

Employee training and awareness

Employee training is very essential and crucial role in reducing technological crisis. Making employees aware on the importance of maintaining effective control activities and adapting to technological advancements helps in mitigating the risk of losing information. Employees are the people who are operating the systems hence it is important to make them aware of what is required in case of technological blow (Koshigaya et al, 2021). They should be trained on how to backup information and put security key that will help in retrieving the information later. Lack of back up reduces the chances of recovering data including the important ones which gives employees and the organization at large in making other documents which might not be accurate to use.

References

Koshigaya, A., Kazim, E., Treleaven, P., Rai, P., Szpruch, L., Pavey, G., … & Lomas, E. (2021). Towards algorithm auditing: a survey on managing legal, ethical and technological risks of AI, ML and associated algorithms.

Mohammed, M. A., Al-Abedi, T. K., Flayyih, H. H., & Mohaisen, H. A. (2021). Internal Control Frameworks and Its Relation with Governance and Risk Management: An Analytical Study. Estudios de economía aplicada, 39(11), 18.

Schoenfeld, J. (2022). Cyber risk and voluntary service organization control (SOC) audits. Review of Accounting Studies, 1-41.