Keywords
financial management
organizational change
risk management
problem solving
How to Cite
Abstract
Auditing, as a systematic process for evaluating the effectiveness of internal controls under frameworks such as COSO, faces a growing demand for reports that transcend formal verification and incorporate qualitative analyses of the control environment. To demonstrate the need for and effectiveness of incorporating descriptive functions and qualitative approaches in internal control auditing under the COSO framework, this descriptive-analytical documentary study examined audit reports and emblematic cases through categorization based on the 5 components and 17 principles, triangulating qualitative methodologies with normative analysis. The results show that, although COSO requires integrity between structure and context, audit practice prioritizes binary checklists, omitting factors such as organizational culture or hierarchical pressures. For example, at Volkswagen, technical controls existed, but monitoring ignored discrepancies between laboratory tests and actual operations; At Wells Fargo, codes of ethics failed to prevent systemic fraud due to toxic business goals that were not qualitatively audited. It is concluded that auditing should adopt descriptive tools to capture gaps between formal design and actual implementation, transforming reports into strategic diagnoses that identify not only what failed, but also how and why. This requires balancing the COSO framework with professional judgment and ethnographic techniques, ensuring that the assessment of internal control is as dynamic and complex as the organizations it audits.
References
Arens, A. A., Elder, R. J., & Beasley, M. S. (2012). Auditing and assurance services: an integrated approach. Prentice Hall.
BBC Mundo. (2016). EE.UU.: el escándalo de los millones de cuentas fantasma abiertas por los empleados del banco Wells Fargo sin el conocimiento de sus clientes. https://n9.cl/n7mb7
Bloomberg. (2023). Ex directivo de Wells Fargo merece ir a la cárcel por problema en cuentas, EE.UU. https://n9.cl/ f249s
Cappelli, D. M., Moore, A. P., & Trzeciak, R. F. (2012). The CERT guide to insider threats: how to prevent, detect, and respond to information technology crimes (Theft, Sabotage, Fraud). Addison-Wesley.
Chango Galarza, M. C., Terán Herrera, M. B., Lozada Orejuela, M. C. & Benavides Echeverria, I. E. (2024). Sistema de control interno: Metodología para la evaluación de las organizaciones. Revista de ciencias sociales, 30(4), 291-305. https://dialnet.unirioja.es/ servlet/articulo?codigo=9857490
Christensen, B. E., Glover, S. M., & Wood, D. A. (2012). Extreme estimation uncertainty in fair value estimates: Implications for audit assurance. Auditing: A Journal of Practice & Theory, 31(1), 127-146. https://doi. org/10.2308/ajpt-10191
COSO. (2023). Lograr un control interno efectivo sobre la presentación de informes de sostenibilidad (ICSR): generar confianza y fiabilidad a través del Marco Integrado de Control Interno COSO. https://n9.cl/8mh4f
Curwen, L. (2021). The collapse of Enron and the dark side of business. BBC. https://www.bbc.com/news/ business-58026162
Deloitte. (2023). Using the COSO Framework to Establish Internal Controls Over Sustainability Reporting (ICSR). Heads Up, 30(5). https://dart.deloitte.com/USDART/home/publications/deloitte/heads-up/2023/coso- framework-for-internal-controls-over-sustainability
Environmental Protection Agency. (2015). VW Notice of Violation, Clean Air Act (September 18, 2015). EPA. https://www.epa.gov/sites/default/files/2015-10/ documents/vw-nov-caa-09-18-15.pdf
Ewing, J. (2017). Faster, higher, farther: The inside story of the Volkswagen scandal. Random House.
Graham, J. R., Grennan, J., Harvey, C. R., & Rajgopal, S. (2022). Corporate culture: Evidence from the field. Journal of financial economics, 146(2), 552-593. https:// www.nber.org/system/files/working_papers/w23255/ w23255.pdf
Gramling, A. A., Maletta, M. J., Schneider, A., & Church, B. K. (2004). The role of the internal audit function in corporate governance: A synthesis of the extant internal auditing literature and directions for future research. Journal of Accounting literature, 23, 194. https:// n9.cl/2gob6
Hayes, R., Eimers, P., & Wallage, P. (2021). Principles of international auditing and assurance. Amsterdam University Press.
Jacobs, D. & Kalbers, L. P. (2019). The Volkswagen Diesel Emissions Scandal and Accountability. Where Were the Auditors and Attorneys during the Sustainability Charade? The CPA Journal’s Free Newsletter. https:// www.cpajournal.com/2019/07/22/9187/
Kaplan, R. S. & Mikes, A. (2012). Risk management. Managing Risks: A New Framework. Harvard Business Review. https://hbr.org/2012/06/managing-risks-a-new- framework
Knechel, R., Vanstraelen, A., & Zerni, M. (2015). Does the identity of engagement partners matter? An analysis of audit partner reporting decisions. Contemporary Accounting Research, 32(4), 1443-1478. https://doi. org/10.1111/1911-3846.12113
Laseman, J. M. (2025). Crafting Memorable Internal Audit Reports with Storytelling Techniques. Internal Audit 360º, The Independent Resource for Internal Auditors. https://n9.cl/k8phq
López Felipe, M. T. (2013). La cultura organizativa como herramienta de gestión interna y de adaptación al entorno: un estudio de casos múltiple en empresas murcianas. [Tesis Doctoral]. Universidad de Murcia.
McNally, J. S. (2013). The 2013 COSO Framework & SOX Compliance. https://www.coso.org/_files/ugd/3059fc_ c98a93b420a34d28a4c79f57db0d2c93.pdf
OCC. [Office of the Comptroller of the Currency]. (2016). Testimony of John Stumpf Chairman and Chief Executive Officer of Wells Fargo & Co. Before the U.S. Senate Committee on Banking, Housing and Urban Affairs. https://www.banking.senate.gov/imo/media/ doc/092016_Stumpf%20Testimony.pdf
OCC. [Office of the Comptroller of the Currency]. (2020). Cease and Desist Order Nº AA-EC-2020-54. https:// www.occ.gov/static/enforcement-actions/ea2020-050. pdf
OEA. (2016). Auditoría de gestión. OEA. https://n9.cl/n42j2
Power, M. K. (2003). Auditing and the production of legitimacy. Accounting, organizations and society, 28(4), 379-394. https://doi.org/10.1016/S0361-3682(01)00047-
2
Power, M. K. (2003). Auditing and the production of legitimacy. Accounting, organizations and society, 28(4), 379-394. https://doi.org/10.1016/S0361-3682(01)00047-
2
Schmid, S., & Grosche, P. (2008). Managing the International Value Chain in the Automotive Industry. Bertelsmann Stiftung. https://n9.cl/mimaw
Seijo, D. (2008). Volkswagen hace sus planes para los próximos diez años. Motorpasión. https://www. motorpasion.com/industria/volkswagen-hace-sus-planes- para-los-proximos-diez-anos
Senge, P. M. (2012). La quinta disciplina: cómo impulsar el aprendizaje en la organización inteligente. Ediciones Granica SA.
Srinivasan, S. & Goyal, L. S. (2019). Cyber Breach at Target, Case 117-027. Harvard Business School. https://www. hbs.edu/faculty/Pages/item.aspx?num=51339
Tayan, B. (2019). The Wells Fargo Cross-Selling Scandal. Harvard Law School Forum on Corporate Governance. Posted by Brian Tayan (Stanford University). https:// n9.cl/kjmn8
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright (c) 2025 REVISTA CIENTÍFICA DEL ISTMO