The COSO framework provides guidance for establishing effective internal controls. It is comprised of 5 components: control environment, risk assessment, control activities, information and communication, and monitoring. The control environment sets the tone at the top and influences employee conduct. Risk assessment involves identifying risks to financial reporting. Control activities are policies and procedures that help ensure management directives are followed. Information and communication systems identify, capture, and communicate pertinent information. Monitoring assesses internal control effectiveness over time.

1. COSO FrameworkRyan J. HuttenAaron Zillinger

2. COSOComprised of: AAAAICPAFEIIMAIIA

3. COSO: Committee of Sponsoring OrganizationsAAA (American Accounting Association)AICPA (American Institute of Certified Public Accountants)FEI (Financial Executives International)IMA (Institute of Management Accountants)IIA (Institute of Internal Auditors)

4. COSO ContinuedMISSION STATEMENT: The Committee of Sponsoring Organizations’ (COSO) mission is to provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.

5. …But that’s not really what we’re talking about…The COSO Framework is about helping senior executives and managers in their establishment of better and more accurate internal controls

6. The Control EnvironmentAttitudes, awareness, policies, and actions of management, board of directors, and staff concerning internal control and its importance in the entityPositive control environment:Provides discipline and structureCommunicates integrity and ethical valuesSets a positive “Tone at the Top” and “Trickle-down Effect” (Ref. 2)

7. The Control Environment7 Factors Affecting the Control EnvironmentCommunication and Enforcement of Integrity and Ethical ValuesCommitment to competenceParticipation of governanceManagers Philosophy and Operating StyleOrganizational StructureAssignment of authority and responsibility Human resource policies and practices

8. Risk AssessmentManagement’s identification of risk including:Looking for risk relevant to the preparation of the financial statementsEstimating their significanceAssessing the likelihood of their occurrenceDeciding on the best way to manage them

9. Where does this risk come from?Changes in operating environmentNew PersonnelRapid GrowthCorporate Restructurings

10. Information System and Related ProcessesInfrastructure that consists of software, people, procedures, and dataIdentifies, captures, and communicates information in a form and timeframe that members involved can carry out their responsibilitiesExample: Accounting system Incorporates procedures that initiate, record, process, and report entity transactions and maintain accountability for related assets

11. Control ActivitiesPertain to internal controls to verify that management’s directives are carried out to address risks Might include:Performance ReviewsPhysical ControlsSegregation of Duties

12. Monitoring of ControlsNewly issued by COSO (2009) “Guidance on Monitoring Internal Control Systems”Purpose: To assess the quality of internal control performance over time and redesign controls when risks changeAlso necessary:Establish a baseline for control effectivenessDesign and execute monitoring procedures that are based on the significance of business risks relative to entity objectivesAssess and report resultsFollow-up and/or corrective actionsCan be ongoing or nonrecurringExample: Inventory Valuation

13. ConclusionControl Environment: Verifying Compliance set forth in the Code of ConductRisk Assessment: Verifying the controls in place keep the company free of material misstatementIS & Related Processes: Verification that the IS measures line item accounts and management assertions accuratelyControl Activities: Discourages unethical behavior to better achieve management goalsMonitoring of Controls: Assesses the quality and effectiveness of Internal Controls, and how to change them for the better

14. Works Cited"Internal Control - Integrated Framework." Committee of Sponsoring Organizations. Web. 2 Oct. 2011. <http://www.coso.org/IC-IntegratedFramework-summary.htm>.http://www.ventureline.com/accounting-glossary/T/tone-at-the-top-definition/Messier. Auditing and Assurance Services. 7. New York: McGraw-Hill Irwin, 2010. 187-96. Print