COSO Internal Control – Integrated Framework

by
You would agree that “Effective corporate governance relies heavily on effective systems of (1) Internal control and (2) Enterprise risk management.” 
 
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has established a widely accepted framework for each system.

The COSO framework consists primarily of: 

  1. A definition of internal control 
  2. Categories of objectives 
  3. Components and related principles, and 
  4. Requirements of an effective system of internal control  

Internal Control 

The COSO framework defines internal control as a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. 

Categories of Objectives 

According to the definition of internal control, there are three categories of objectives: operations, reporting, and compliance 
  • Operations objectives relate to achieving the entity’s mission and safeguarding assets 
  • Reporting objectives relate to the entity’s preparation of financial and nonfinancial reports for the organization and stakeholders 
  • Compliance objectives relate to the entity’s adherence to applicable laws, rules, and regulations 

Components of Internal Control 

Supporting the organization in its efforts to achieve objectives are the following 5 components of internal control 
  • Control Environment – (Standards, Processes, and Structure) 

         5 principles related to control environment are: 

    1. Commitment to integrity and ethical values
    2. Board independence and oversight
    3. Management establishment of structures and responsibilities
    4. Commitment to attract, develop, and retain competent individuals
    5. Accountability 
  • Risk Assessment – (Risks to achieving organizational objectives) 

          4 principles related to risk assessment are:  

    1. Specification of objectives
    2. Identification and analysis of risks
    3. Consideration of potential for fraud
    4. Identification and assessment of changes 
  • Control Activities – (Policies and procedures to help mitigate risks) 

          3 principles related to control activities are: 

    1. Selection and development of control activities 
    2. Selection and development of control activities over technology 
    3. Deployment of control activities through policies and procedures
  • Information and communication – (Information system to obtain, generate, use, and communicate information) 

        3 principles related to information and communication are: 

    1. Obtainment, generation, and use of relevant quality information
    2. Internal communication of information
    3. Communication with external parties
  • Monitoring – (Assessment of the quality of interna control performance over time)  

          2 principles related to monitoring are: 

    1. Ongoing or separate evaluations 
    2. Evaluation and communication of control deficiencies in a timely manne
Requirements for Effective Internal Control 
A system of internal control is effective if it provides reasonable assurance of achieving an entity’s objectives relating to operations, reporting, and compliance. Such a system reduces the risk(s) of not achieving those objectives to an acceptable level. 
 
Have you set up a framework of internal control? We can help

Internal Control and Fraud 

There are 3 areas of fraud: 

  1. Fraudulent external financial reporting 
  2. Misappropriation of assets 
  3. Illegal acts 

Fraud Management Program

The components of effective fraud management program includes the following:  

  1. Company ethics policy
  2. Fraud awareness
  3. Fraud risk assessment
  4. Ongoing reviews
  5. Prevention and detection
  6. Investigation 

Control Environment includes elements as a code of conduct, ethics policy, or fraud policy to set the appropriate tone at the top; hiring and promotion guidelines and practices; and board oversight. 

Fraud awareness is understanding the nature, causes, and characteristics of fraud. It is developed through periodic fraud risk assessments, training of employees, and communications between management and employees. 

Do you have an effective fraud management program in place? We can help
Facebook
Twitter
LinkedIn
LinkedIn
Share
Instagram

If you have found this blog to be useful, you may share with your friends. Thanks!

 

 

Posted in Business & Finance and tagged , , , .

Related Posts

  1. foreign currency transactions

    Foreign Currency Transactions and Translations

    May 7, 2023
  2. What Does a CEO Expect From a Financial Planning & Analysis Team

    What CEO Really Want from the FP&A team

    February 28, 2023
  3. sustainable finance

    Finance As A Driver Of Climate Change And What Accountants Need To Do

    February 28, 2023