Sharon Baptist Church

  • Uncategorized

SharonBaptist Church


COSO Component



Control Environment

  • Commitment to Integrity and Ethical Values

The Church Leadership was committed to integrity and ethical values but this commitment did not flow through the whole structure. Ms. Watt did not show integrity in her dealings and lacked strong ethical values. The top managements of the church should have made policies to ensure that every employee of the organization is ethical in their dealings. Frequent training could be done and some key performance indicators touching on ethical values formulated.

  • Board of Director Oversight

The top management of the church (Board of Directors) showed minimal oversight on finance maters. The Board of Directors was not required to authorize expenditure/payments above a particular set limit. Ms. Watt was able to write checks of considerable amount without the Board’s approval. The Board of Directors should have set a limit which the financial Secretary is allowed to pay without the board’s approval

  • Management oversight and reporting lines

The management of the financial department in the church did have proper and reporting lines. Ms. Watt was not answerable to any person in the financial department neither was she answerable to the Board of Directors. This made accountability within the organization weak.

  • Human Resources

The employees of the Church should act in a way that does not put the Church funds at the risk of loss. Ms. Watt actions confirms that she did not have the interest of the Church in mind. She faced a conflict of interest when under taking her duties.

  • Accountability

Accountability ensures that employees of an organization have to take responsibility of their actions. The long-term working relationship with the top leadership of the church eroded the accountability of Ms. Watt. She was able to take decisions without being questioned by anyone.

Risk Assessment

  • Identification and assessment of risks

The Identification and assessment of risk should be a continuous process. This process should be carried throughout the organization. As organizations grow, the scope of their operations and the external environment changes. These changes call for continuous risk identification and assessment. As Sharon Baptist grew in size, new risks arose which needed to be assessed. For example, the Church faced the fraud risk due to the amount of cash it had. Having an annual budget of $ 3 million, this called for assessment of fraud risk

  • Risk Analysis

Risk analysis identifies the frequency and the magnitude of risk. Risks can be categorized into four. These are High probability – low impact risks, High probability – high impact risk, Low probability – high impact risks and low probability – low impact risks (Jeston &amp Nelis, 2014). High probability – low impact risks need to be reduced. High probability- high impact risks need to be avoided. Low probability – high impact risks need to be transferred to a third party. Low probability – low impact risk can be accepted as they do not bring much damage to the organization and the costs of preventing them usually exceeds the benefits

  • Fraud Risk Assessment

Fraud Risk in Sharon Baptist can be termed as high probability – high impact risk which needs to be avoided. Ms. Watt was able to embezzle funds from the church’s general fund account for three years without being noticed. The magnitude of the fraud impacted the Church negatively. Considering the annual budget of the church is $ 3 million, $1.5 million is a material amount.

  • Changes that could affect internal controls

Internal controls and be affected by both internal and external changes. Changes affecting the size, management and scope of an organization calls for a change in internal controls. For example when the expanded there needed to be change on the design of internal controls.

The changes in external environment calls for change in existing internal controls and introduction of new ones.

Control Activities

  • Selects and develops controls to mitigate risks

The selection and development of internal controls depends with the type of the organization. being a Non-Profit making organization will have different controls from a profit driven enterprise. The main focus of the Church will be to get value for money. The controls developed will have to ensure that this objective is achieved. Some of the controls at Sharon Baptist church will be purchase orders to be authorized if the supplier gives the best price without compromising the quality of the products.

  • Selects and develops general control activities over technology

Technology is being adopted by almost every organization all over the world. Technology has helped organizations to be more efficient. However if proper controls are not developed over technology then an organization can suffer huge losses. The access to an organizations technology and sensitive information should be restricted. Internally this could be done by setting passwords to crucial information. The passwords will only be given to the right to the information. Technology should also be protected from external threats. For example valuable technology should be kept in a secure place whose access is highly restricted.

  • Deploys control activities through policies

Control activities need to be understood at all levels of the organization. This can only be achieved if an organization develops the right policies. For example should come up with policies of making sure that every employee knows that fraud is a crime. Being a church, the top management might have felt that fraud will not occur.

Information and Communication

  • Obtains/generates and uses relevant, quality information

Internal controls should be designed in a way that they are able to capture relevant and reliable information. Internal controls should be able to detect and prevent and report errors. If internal Controls were present in , no checks would have been to the wrong suppliers’ without being noticed.

  • Internally communicates information to support effective internal controls

The information collected by internal controls should be communicated on timely basis to the relevant management level for right decision making. The lack of internal controls in Sharon Baptist Church enabled Ms. Watt to conduct fraud for three years without being noticed. Information about payment of suppliers was not collected and reported on time to the top management.

  • Communicates with external parties on matters affecting internal controls

One of the purposes of internal controls is to provide and obtain information to connected external parties. Internal controls need to communicate important information to third parties. For example, internal controls in should be able to notify the Church when the payment to a vendor is overdue and also notify the supplier when payment has been made. This would ensure that suppliers are paid on time.

Monitoring Activities

  • Ongoing and/or separate evaluations

Once internal controls have been put in place, the organization needs to conduct continuous and separate evaluation. This continuous evaluation is meant to ensure controls are up to date and they meet their purpose. After the deficiencies have been identified, organization can be able to change the existing controls or come up with new controls. As was expanding its internal controls needed to be continuously evaluated and updated as new events occurred. This could have significantly reduced the risk of fraud happening.

  • Evaluates and communicates internal control deficiencies

A good system of internal controls should be able to identify and communicate deficiencies in organization processes. The shortfalls identified needs to be acted upon on timely basis so as to prevent major losses occurring. The fraud that happened in the Church could have been mitigated if internal control failures had been reported on time.


Jeston,J., &amp Nelis, J. (2014).&nbspBusinessprocess management.Routledge.

1 See the COSO Internal Control Framework for more information