Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Coso internal control integrated framework

2,559 views

Published on

An introduction to COSO internal control - integrated framework

Published in: Economy & Finance
  • Copas Url to Download This eBook === http://ebookdfsrewsa.justdied.com/ ebookdfsrewsa.justdied.com 2212560303-coso-referentiel-integre-de-controle-interne-application-au-reporting-financier-externe-inclus-une-cle-usb-avec-les-outils-d-evaluation-de-l-efficacite-d-un-controle-interne.html
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Coso internal control integrated framework

  1. 1. Enterprise Risk Services December 2011 COSO Internal Control–Integrated Framework Exposure Draft December 2011
  2. 2. What is COSO? The COSO (Committee of Sponsoring Organizations of the Treadway Commission) is a private sector initiative, jointly sponsored and funded by: • American Accounting Association (AAA) • American Institute of Certified Public Accountants (AICPA) • Financial Executives International (FEI) • Institute of Management Accountants (IMA) • The Institute of Internal Auditors (IIA) 2
  3. 3. Internal Control-Integrated Framework • First published in 1992 • Gained wide acceptance following financial control failures of early 2000’s • Most widely used framework in the US • Also widely used around the world 3 Original COSO Cube
  4. 4. Methodology • Background ‒ Project announced in November 2010 ‒ To make the existing Framework and related evaluation tools more relevant in the increasingly complex business environment ‒ PricewaterhouseCoopers as the original author conducted this project. ‒ not intended to change how internal control is defined, assessed, or managed, but rather provide greater clarity and a more comprehensive and relevant conceptual guidance • Project Structure ‒ Advisory Council comprising representatives from industries, academia, government agencies, and non-profit organizations updated Framework is being exposed to the public to capture additional input • Approach ‒ Assess and Envision ‒ Build and Design ‒ Preparation for Public Exposure ‒ Finalization
  5. 5. • Applies a principles-based approach • Clarifies the role of objective-setting in internal control • Reflects the increased relevance of technology • Enhances governance concepts • Expands the reporting category of objectives • Enhances consideration of anti-fraud expectations • Considers different business models and organizational structures Summary of Changes to the 1992 Version 5
  6. 6. Internal Control is a _______ effected by an entity’s _______ ____________________________________ designed to provide _________ assurance regarding the achievements of ________ in the following categories: • Effectiveness & efficiency of operations. • Reliability of financial reporting. • Compliance with applicable laws and regulations. board of directors, management and other personnel, process reasonable What is internal control? 6 objectives
  7. 7. Categories of Objectives 7 Operations Reporting Compliance • Improving Quality • Reducing Costs • Reducing Production Time • Improving Innovation • Improving Customer Satisfaction • Improving Employee Satisfaction • etc • External Financial Reporting Objectives • External Non- Financial Reporting Objectives • Internal Financial Reporting Objectives • Internal Non- Financial Reporting Objectives • Identifying Applicable Laws and Regulations • Ensuring Compliance with Applicable Laws and Regulation
  8. 8. Components of Internal Control 8 Monitoring Control Environment Risk Assessment Control Activities
  9. 9. A Principal Based Approach Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities Five Components 5 principles 4 principles 3 principles 3 principles 2 principles 17 principles 21 Attributes 19 Attributes 16 Attributes 14 Attributes 11 Attributes 81 Attributes
  10. 10. A Principal Based Approach 10 Operations Objectives Reporting ObjectivesCompliance Objectives Apply to 17 Principals
  11. 11. Principles and Attributes Relating to Components of Internal Control
  12. 12. Principles Relating to Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. 2. The board of directors demonstrates independence of management and exercises oversight for the development and performance of internal control. 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. 12
  13. 13. Attributes Relating to Control Environment 1. Sets the Tone at the Top 2. Establishes Standards of Conduct 3. Evaluates Adherence to Standards of Conduct 4. Addresses Deviations in a Timely Manner 13 1. Demonstrates Commitment to Integrity and Ethical Values
  14. 14. Attributes Relating to Control Environment 1. Establishes Board of Directors Oversight Responsibilities 2. Retains or Delegates Oversight Responsibilities 3. Applies Relevant Expertise 4. Operates Independently 5. Provides Oversight 14 2. Exercises Oversight Responsibility
  15. 15. Attributes Relating to Control Environment 1. Considers All Structures of the Entity 2. Establishes Reporting Lines 3. Defines, Assigns, and Limits Authorities and Responsibilities 15 3. Establishes Structure, Authority, and Responsibility
  16. 16. Attributes Relating to Control Environment 1. Establishes Policies and Practices 2. Attracts, Develops, and Retains Individuals 3. Evaluates Competence and Addresses Shortcomings 4. Plans and Prepares for Succession 16 4. Demonstrates Commitment to Competence
  17. 17. Attributes Relating to Control Environment 1. Enforces Accountability through Structures, Authorities, and Responsibilities 2. Establishes Performance Measures, Incentives, and Rewards 3. Evaluates Performance Measures, Incentives, and Rewards for Ongoing Relevance 4. Considers Excessive Pressures 5. Evaluates Performance and Rewards or Disciplines Individuals 17 5. Enforces Accountability
  18. 18. Principles Relating to Risk Assessment 1. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 2. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 3. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 4. The organization identifies and assesses changes that could significantly impact the system of internal control. 18
  19. 19. Attributes Relating to Risk Assessment 1. Considers Tolerance for Risk / Required Level of Precision / Materiality 2. Complies with Externally Established Standards, and Frameworks / Complies with Applicable Accounting Standards / Reflects External Laws and Regulations 3. Reflects Management’s Choices 4. Reflects Entity Activities 5. Includes Operations and Financial Performance Goals 6. Forms Basis for Committing of Resources 19 6. Specifies Relevant Objectives
  20. 20. Attributes Relating to Risk Assessment Attributes Relating to Operations Objectives • Considers Tolerances for Risk • Reflects Management’s Choices • Includes Operations and Financial Performance Goals • Forms Basis for Committing of Resources 20 6. Specifies Relevant Objectives
  21. 21. Attributes Relating to Risk Assessment Attributes Relating to Reporting Objectives External Financial Reporting • Considers Materiality • Complies with Applicable Accounting Standards • Reflects Entity Activities 21 6. Specifies Relevant Objectives
  22. 22. Attributes Relating to Risk Assessment Attributes Relating to Reporting Objectives External Non-financial Reporting Objectives • Complies with Externally Established Standards and Frameworks • Reflects Entity Activities • Considers the Required Level of Precision 22 6. Specifies Relevant Objectives
  23. 23. Attributes Relating to Risk Assessment Attributes Relating to Reporting Objectives Internal Reporting Objectives (financial and/or non-financial) • Considers the Required Level of Precision • Reflects Management’s Choices • Reflects Entity Activities 23 6. Specifies Relevant Objectives
  24. 24. Attributes Relating to Risk Assessment Attributes Relating to Compliance Objectives • Considers Tolerances for Risk • Reflects External Laws and Regulations 24 6. Specifies Relevant Objectives
  25. 25. Attributes Relating to Risk Assessment 1. Involves Appropriate Levels of Management 2. Includes Entity, Subsidiary, Division, Operating Unit, and Functional Levels 3. Analyzes Internal and External Factors 4. Estimates Significance of Risks Identified 5. Determines How to Respond to Risks 25 7. Identifies and Analyzes Risks
  26. 26. Attributes Relating to Risk Assessment 1. Considers Various Ways That Fraud Can Occur 2. Considers Risk Factors 3. Assesses Incentive and Pressures 4. Assesses Opportunities 5. Assesses Attitudes and Rationalizations 26 8. Assesses Fraud Risk
  27. 27. Attributes Relating to Risk Assessment 1. Assesses Changes in the External Environment 2. Assesses Changes in the Business Model 3. Assesses Changes in Leadership 27 9. Identifies and Analyzes Significant Change
  28. 28. Principles Relating to Control Activities 10. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 11.The organization selects and develops general control activities over technology to support the achievement of objectives. 12.The organization deploys control activities as manifested in policies that establish what is expected and in relevant procedures to effect the policies. 28
  29. 29. Attributes Relating to Control Activities 1. Integrates with Risk Assessment 2. Determines Relevant Business Processes 3. Considers Entity-Specific Factors 4. Evaluates a Mix of Control Activity Types 5. Considers at What Level Activities Are Applied 6. Addresses Segregation of Duties 29 10. Selects and Develops Control Activities
  30. 30. Attributes Relating to Control Activities 1. Determines Dependency between the Use of Technology in Business Processes and Technology General Controls 2. Establishes Relevant Technology Infrastructure Control Activities 3. Establishes Relevant Security Management Process Control Activities 4. Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control Activities 30 11. Selects and Develops General Controls over Technology
  31. 31. Attributes Relating to Control Activities 1. Establishes Policies and Procedures to Support Deployment of Management’s Directives 2. Establishes Responsibility and Accountability for Executing Policies and Procedures 3. Performs Using Competent Personnel 4. Performs in a Timely Manner 5. Takes Corrective Action 6. Reassesses Policies and Procedures 31 12. Deploys through Policies and Procedures
  32. 32. Principles Relating to Information and Communication 13. The organization obtains or generates and uses relevant, quality information to support the functioning of other components of internal control. 14.The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control. 15.The organization communicates with external parties regarding matters affecting the functioning of other components of internal control. 32
  33. 33. Attributes Relating to Information and Communication 1. Identifies Information Requirements 2. Captures Internal and External Sources of Data 3. Processes Relevant Data into Information 4. Maintains Quality Throughout Processing 5. Considers Costs and Benefits 33 13. Uses Relevant Information
  34. 34. Attributes Relating to Information and Communication 1. Communicates Internal Control Information with Personnel 2. Communicates with the Board of Directors 3. Provides Separate Communication Lines 4. Selects Relevant Method of Communication 34 14. Communicates Internally
  35. 35. Attributes Relating to Information and Communication 1. Communicates to External Parties 2. Enables Inbound Communications 3. Provides Separate Communication Lines 4. Selects Relevant Method of Communication 5. Communicates with the Board of Directors 35 15. Communicates Externally
  36. 36. Principles Relating to Monitoring Activities 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. 17.The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. 36
  37. 37. Attributes Relating to Monitoring Activities 1. Considers a Mix of Ongoing and Separate Evaluations 2. Establishes Baseline Understanding 3. Uses Knowledgeable Personnel 4. Integrates with Business Processes 5. Objectively Evaluates 6. Adjusts Scope and Frequency 7. Considers Rate of Change 37 16. Conducts Ongoing and/or Separate Evaluations
  38. 38. Attributes Relating to Monitoring Activities 1. Assesses Results 2. Communicates Deficiencies to Management 3. Reports Deficiencies to Senior Management and the Board of Directors 4. Monitors Corrective Actions 38 17. Evaluates and Communicates Deficiencies
  39. 39. Roles and Responsibilities
  40. 40. Roles - Three Lines of Defense • Management and other personnel on the front line provide the first line of defense as they are responsible for maintaining effective internal control day to day; they are compensated based on performance in relation to all applicable objectives • Business-enabling functions such as risk, control, legal, and compliance provide the second line of defense as they clarify internal control requirements and evaluate adherence to defined standards. While they are functionally aligned to the business, their compensation is not directly tied to performance of the area to which they render expert advice. 40
  41. 41. Roles - Three Lines of Defense • Internal auditors provide the third line of defense as they assess and report on internal control and recommend corrective actions or enhancements for management consideration and implementation; their position and compensation are separate and distinct from the business areas they review. 41
  42. 42. Responsible Parties - The Board of Directors and its Committees The Board: • has a key role in defining expectations on integrity and ethical values and internal control responsibilities. • have a working knowledge of the entity’s activities and environment, and they commit the time necessary to fulfill their governance responsibilities. • utilize resources as needed to investigate any issues, and have an open and unrestricted communications channel with all entity personnel, the internal auditors, independent auditors, external reviewers, and legal counsel. 42
  43. 43. Responsible Parties - The Board of Directors and its Committees Board-level committees include : • Audit Committee • Compensation Committee • Nomination/Governance Committee • Other Committees 43
  44. 44. Responsible Parties - Chief Executive Officer Chief Executive Officer (CEO) : • is ultimately responsible for the effectiveness of the entity’s internal control system • sets the tone at the top that affects control environment factors and all other components of internal control. 44
  45. 45. Responsible Parties - Chief Executive Officer The CEO fulfills this duty by: • Providing leadership and direction to senior management. With the support of management, the CEO shapes the values, principles, and major operating policies that form the foundation of the entity’s internal control system. • Meeting periodically with senior management from each of the operating units (e.g., research and development, production, marketing, sales) and major business enabling functions (e.g., finance, human resources, legal, compliance, risk management). 45
  46. 46. Responsible Parties - Chief Executive Officer The CEO fulfills this duty by: • Defining metrics, targets, or other measurable expectations with which to gauge the ongoing and long-term effectiveness of the system of internal control. The methods of designing, implementing, and assessing internal control are delegated to management at different levels. 46
  47. 47. Responsible Parties - Chief Executive Officer The CEO fulfills this duty by: • Directing all management and other personnel to proactively identify threats to the system of internal control. Given the ever- increasing pace of change and networked interactions of business partners, customers, and employees, the sources of threat to an ongoing effective internal control system are constantly changing. The CEO expects senior management in particular to beware of making assumptions based on the traditional sources of threats to an effective internal control system. 47
  48. 48. Responsible Parties - Chief Financial Officer The Chief Financial Officer (CFO): • supports the CEO in front-line responsibilities, including internal control over financial reporting. • is integrally involved when the entity’s strategies are decided, objectives are established, risks are analyzed, and decisions are made on how changes will be managed. • provides valuable input and direction and is positioned to focus on evaluating and following up on the actions decided by management. • is an equal partner with the other functional heads. 48
  49. 49. Responsible Parties - Other Members of Senior Management Senior management comprises: • Chief operating officer • Chief administrative officer • Chief risk officer • Chief compliance officer • Chief information officer • Other senior leadership roles, depending on the nature of the business 49
  50. 50. Responsible Parties - Other Members of Senior Management Senior management: • guides the development and implementation of internal control policies and procedures that address the objectives of their functional or operating unit and verify that they are consistent with the entity-wide objectives. • assigns responsibility for establishing even more specific internal control procedures to those personnel responsible for the unit’s functions or departments 50
  51. 51. Responsible Parties - Business-Enabling Functions • support the business through their specialized skills. • provide guidance and assessment of internal control related to their areas of expertise. • keep the organization informed of relevant requirements as they evolve over time. • Their efforts are coordinated and integrated as appropriate. 51
  52. 52. Responsible Parties - Risk and Control Personnel • provide specialized skills and guidance to front-line management and other personnel and evaluating internal control. • identify known and emerging risks. • help management develop processes to manage relevant risks. • communicate and provide education on these processes across the organization. • evaluate and report on the effectiveness of such processes. • not responsible for executing controls but support 52
  53. 53. Responsible Parties - Internal Auditors The Internal Auditor: • provide assurance and advisory services over internal control • evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s oversight, operations, and information systems regarding: ‒ Reliability and integrity of financial and operational information. ‒ Effectiveness and efficiency of operations and programs. ‒ Safeguarding of assets. ‒ Compliance with laws, regulations, policies, procedures, and contracts. 53
  54. 54. Responsible Parties - External Parties External Parties includes: • Outsourced Service Providers • Business Partners and Other Parties Interacting with the Entity • Independent Auditors • External Reviewers • Legislators and Regulators • Financial Analysts, Bond Rating Agencies, and the News Media 54
  55. 55. Assessing Effectiveness
  56. 56. Assessing Effectiveness When controls are effective; the organization: • Understands the extent to which operations are managed effectively and efficiently. • Prepares reliable reports. • Complies with applicable laws and regulations 56
  57. 57. Assessing Effectiveness • Each of the five components must be present and operate together. • Effectiveness of internal control is assessed relative to the five components of internal Control. • Effectiveness of internal control can also be assessed relative to a specific part of the organizational structure. 57
  58. 58. Assessing Effectiveness Determining whether a principle is present and functioning implies that the organization: • Understands the intent of the principle and how it is being applied. • Applies the principle consistently across the entity. • Works to help personnel understand and apply the principle across the entity. • Views omission of or non-conformity with a principle as an exception (i.e., not applying the wording, intent, and spirit of the principle is the exception rather than the norm). 58
  59. 59. Limitations of Internal Control • Quality and suitability of objectives • Judgment • Breakdowns • Management Override • Collusion 59
  60. 60. What is not of internal control? • Many decisions reached by the board are not part of internal control • Appropriateness of particular objectives selected • Setting the overall level of acceptable risk and associated risk appetite • setting risk tolerance levels in relation to specific objectives • Choosing which risk response is preferred to address specific risks 60
  61. 61. Q & A Session
  62. 62. Thank You

×