Coso framework


Published on

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Coso framework

  1. 1. COSO Framework<br />Ryan J. Hutten<br />Aaron Zillinger<br />
  2. 2. COSO<br />Comprised of: <br />AAA<br />AICPA<br />FEI<br />IMA<br />IIA<br />
  3. 3. COSO: Committee of Sponsoring Organizations<br />AAA (American Accounting Association)<br />AICPA (American Institute of Certified Public Accountants)<br />FEI (Financial Executives International)<br />IMA (Institute of Management Accountants)<br />IIA (Institute of Internal Auditors)<br />
  4. 4. COSO Continued<br />MISSION STATEMENT: The Committee of Sponsoring Organizations’ (COSO) mission is to provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.<br />
  5. 5. …But that’s not really what we’re talking about…<br />The COSO Framework is about helping senior executives and managers in their establishment of better and more accurate internal controls<br />
  6. 6. The Control Environment<br />Attitudes, awareness, policies, and actions of management, board of directors, and staff concerning internal control and its importance in the entity<br />Positive control environment:<br />Provides discipline and structure<br />Communicates integrity and ethical values<br />Sets a positive “Tone at the Top” and “Trickle-down Effect” (Ref. 2)<br />
  7. 7. The Control Environment<br />7 Factors Affecting the Control Environment<br />Communication and Enforcement of Integrity and Ethical Values<br />Commitment to competence<br />Participation of governance<br />Managers Philosophy and Operating Style<br />Organizational Structure<br />Assignment of authority and responsibility <br />Human resource policies and practices<br />
  8. 8. Risk Assessment<br />Management’s identification of risk including:<br />Looking for risk relevant to the preparation of the financial statements<br />Estimating their significance<br />Assessing the likelihood of their occurrence<br />Deciding on the best way to manage them<br />
  9. 9. Where does this risk come from?<br />Changes in operating environment<br />New Personnel<br />Rapid Growth<br />Corporate Restructurings<br />
  10. 10. Information System and Related Processes<br />Infrastructure that consists of software, people, procedures, and data<br />Identifies, captures, and communicates information in a form and timeframe that members involved can carry out their responsibilities<br />Example: Accounting system <br />Incorporates procedures that initiate, record, process, and report entity transactions and maintain accountability for related assets<br />
  11. 11. Control Activities<br />Pertain to internal controls to verify that management’s directives are carried out to address risks <br />Might include:<br />Performance Reviews<br />Physical Controls<br />Segregation of Duties<br />
  12. 12. Monitoring of Controls<br />Newly issued by COSO (2009) “Guidance on Monitoring Internal Control Systems”<br />Purpose: To assess the quality of internal control performance over time and redesign controls when risks change<br />Also necessary:<br />Establish a baseline for control effectiveness<br />Design and execute monitoring procedures that are based on the significance of business risks relative to entity objectives<br />Assess and report results<br />Follow-up and/or corrective actions<br />Can be ongoing or nonrecurring<br />Example: Inventory Valuation<br />
  13. 13. Conclusion<br />Control Environment: Verifying Compliance set forth in the Code of Conduct<br />Risk Assessment: Verifying the controls in place keep the company free of material misstatement<br />IS & Related Processes: Verification that the IS measures line item accounts and management assertions accurately<br />Control Activities: Discourages unethical behavior to better achieve management goals<br />Monitoring of Controls: Assesses the quality and effectiveness of Internal Controls, and how to change them for the better <br />
  14. 14. Works Cited<br />"Internal Control - Integrated Framework." Committee of Sponsoring Organizations. Web. 2 Oct. 2011. <>.<br /><br />Messier. Auditing and Assurance Services. 7. New York: McGraw-Hill Irwin, 2010. 187-96. Print<br />