SlideShare a Scribd company logo

COSO Internal Control - Integrated Framework

Download as PPTX, PDF
Aziz Fataliyev, Internal Audit Practitioner
Aziz Fataliyev, Internal Audit Practitioner

COSO's Internal Control - Integrated Framework. Includes: Objectives; Components; Principles relating to the components and Point of Focus assisting users in determining whether the principles are present and functioning

Business
1 of 36
Objectives, Components, Principles and Points of Focus
DEFINITION OF INTERNAL CONTROL Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
OBJECTIVES The Framework sets forth three categories of objectives, which allow organizations to focus on separate aspects of internal control: • Operations Objectives • Reporting Objectives • Compliance Objectives
OPERATIONS OBJECTIVES These pertain to effectiveness and efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding assets against loss.
REPORTING OBJECTIVES These pertain to internal and external financial and non-financial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, standard setters, or the entity’s policies.
COMPLIANCE OBJECTIVES These pertain to adherence to laws and regulations to which the entity is subject.
COMPONENTS Supporting the organization in its efforts to achieve objectives are five components of internal control: • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring Activities
RELATIONSHIP OF OBJECTIVES, COMPONENTS AND THE ENTITY A direct relationship exists between objectives, which are what an entity strives to achieve, components, which represent what is required to achieve the objectives, and entity structure (the operating units, legal entities, and other structures). The relationship can be depicted in the form of a cube:
• The three categories of objectives are represented by the columns. • The five components are represented by the rows. • The entity structure, which represents the overall entity, divisions, subsidiaries, operating units, or functions, including business processes such as sales, purchasing, production, and marketing and to which internal control relates, are depicted by the third dimension of the cube.
CONTROL ENVIRONMENT • The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. • The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. • Management reinforces expectations at the various levels of the organization.
PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ENVIRONMENT” Principle 1. The organization demonstrates a commitment to integrity and ethical values. Points of focus: • Sets the Tone at the Top • Establishes Standards of Conduct • Evaluates Adherence to Standards of Conduct • Addresses Deviations in a Timely Manner
PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ENVIRONMENT” Principle 2: The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Points of Focus: • Establishes Oversight Responsibilities • Applies Relevant Expertise • Operates Independently • Provides Oversight for the System of Internal Control
PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ENVIRONMENT” Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. Points of Focus: • Considers All Structures of the Entity • Establishes Reporting Lines • Defines, Assigns, and Limits Authorities and Responsibilities
PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ENVIRONMENT” Principle 4: The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. Points of Focus: • Establishes Policies and Practices • Evaluates Competence and Addresses Shortcomings • Attracts, Develops, and Retains Individuals • Plans and Prepares for Succession
PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ENVIRONMENT” Principle 5: The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. Points of Focus: • Enforces Accountability through Structures, Authorities, and Responsibilities • Establishes Performance Measures, Incentives, and Rewards • Evaluates Performance Measures, Incentives, and Rewards for Ongoing Relevance • Considers Excessive Pressures • Evaluates Performance and Rewards or Disciplines Individuals
RISK ASSESSMENT • Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives. • Risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Risks to the achievement of these objectives from across the entity are considered relative to established risk tolerances. Thus, risk assessment forms the basis for determining how risks will be managed. • A precondition to risk assessment is the establishment of objectives, linked at different levels of the entity.
PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 1. Points of Focus for Operations Objectives: • Reflects Management’s Choices • Considers Tolerances for Risk • Includes Operations and Financial Performance Goals • Forms a Basis for Committing of Resources
PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 2. Points of Focus for External Financial Reporting Objectives: • Complies with Applicable Accounting Standards • Considers Materiality • Reflects Entity Activities
PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 3. Points of Focus for External Non-Financial Reporting Objectives: • Complies with Externally Established Standards and Frameworks • Considers the Required Level of Precision • Reflects Entity Activities
PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 4. Points of Focus for Internal Reporting Objectives: • Reflects Management’s Choices • Considers the Required Level of Precision • Reflects Entity Activities
PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 5. Points of Focus for Compliance Objectives: • Reflects External Laws and Regulations • Considers Tolerances for Risk
PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 7: The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. Points of Focus: • Includes Entity, Subsidiary, Division, Operating Unit, and Functional Levels • Analyzes Internal and External Factors • Involves Appropriate Levels of Management • Estimates Significance of Risks Identified • Determines How to Respond to Risks
PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 8: The organization considers the potential for fraud in assessing risks to the achievement of objectives. Points of Focus: • Considers Various Types of Fraud • Assesses Incentive and Pressures • Assesses Opportunities • Assesses Attitudes and Rationalizations
PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 9: The organization identifies and assesses changes that could significantly impact the system of internal control. Points of Focus: • Assesses Changes in the External Environment • Assesses Changes in the Business Model • Assesses Changes in Leadership
CONTROL ACTIVITIES • Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out. • Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated activities such as authorizations and approvals, verifications, reconciliations, and business performance reviews. • Segregation of duties is typically built into the selection and development of control activities. Where segregation of duties is not practical, management selects and develops alternative control activities.
PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ACTIVITIES” Principle 10: The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. Points of Focus: • Integrates with Risk Assessment • Considers Entity-Specific Factors • Determines Relevant Business Processes • Evaluates a Mix of Control Activity Types • Considers at What Level Activities Are Applied • Addresses Segregation of Duties
PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ACTIVITIES” Principle 11: The organization selects and develops general control activities over technology to support the achievement of objectives. Points of Focus: • Determines Dependency between the Use of Technology in Business Processes and Technology General Controls • Establishes Relevant Technology Infrastructure Control Activities • Establishes Relevant Security Management Process Control Activities • Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control Activities
PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ACTIVITIES” Principle 12: The organization deploys control activities through policies that establish what is expected and procedures that put policies into action. Points of Focus: • Establishes Policies and Procedures to Support Deployment of Management’s Directives • Establishes Responsibility and Accountability for Executing Policies and Procedures • Performs in a Timely Manner • Takes Corrective Action • Performs Using Competent Personnel • Reassesses Policies and Procedures
INFORMATION AND COMMUNICATION • Information is necessary for the entity to carry out internal control responsibilities to support the achievement of its objectives. • Management obtains or generates and uses relevant and quality information from both internal and external sources to support the functioning of other components of internal control. • Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. • Internal communication is the means by which information is disseminated throughout the organization, flowing up, down, and across the entity. It enables personnel to receive a clear message from senior management that control responsibilities must be taken seriously. • External communication is twofold: – it enables inbound communication of relevant external information and – provides information to external parties in response to requirements and expectations.
PRINCIPLES AND POINTS OF FOCUS OF THE “INFORMATION AND COMMUNICATION” Principle 13: The organization obtains or generates and uses relevant, quality information to support the functioning of other components of internal control. Points of Focus: • Identifies Information Requirements • Captures Internal and External Sources of Data • Processes Relevant Data into Information • Maintains Quality throughout Processing • Considers Costs and Benefits
Principle 14: The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control. Points of Focus: • Communicates Internal Control Information • Communicates with the Board of Directors • Provides Separate Communication Lines • Selects Relevant Method of Communication PRINCIPLES AND POINTS OF FOCUS OF THE “INFORMATION AND COMMUNICATION”
Principle 15: The organization communicates with external parties regarding matters affecting the functioning of other components of internal control. Points of Focus: • Communicates to External Parties • Enables Inbound Communications • Communicates with the Board of Directors • Provides Separate Communication Lines • Selects Relevant Method of Communication PRINCIPLES AND POINTS OF FOCUS OF THE “INFORMATION AND COMMUNICATION”
MONITORING ACTIVITIES • Ongoing evaluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, is present and functioning. • Ongoing evaluations, built into business processes at different levels of the entity, provide timely information. • Separate evaluations, conducted periodically, will vary in scope and frequency depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations. • Findings are evaluated against criteria established by regulators, standard-setting bodies, or management and board of directors, and deficiencies are communicated to management and the board of directors as appropriate.
PRINCIPLES AND POINTS OF FOCUS OF THE “MONITORING ACTIVITIES” Principle 16: The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. Points of Focus: • Considers a Mix of Ongoing and Separate Evaluations • Considers Rate of Change • Establishes Baseline Understanding • Uses Knowledgeable Personnel • Integrates with Business Processes • Adjusts Scope and Frequency • Objectively Evaluates
PRINCIPLES AND POINTS OF FOCUS OF THE “MONITORING ACTIVITIES” Principle 17: The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. Points of Focus: • Assesses Results • Communicates Deficiencies • Monitors Corrective Actions
LIMITATIONS OF INTERNAL CONTROL • Internal control, no matter how well designed, implemented and conducted, can provide only reasonable assurance to management and the board of directors of the achievement of an entity’s objectives. • The likelihood of achievement is affected by limitations inherent in all systems of internal control. These include the realities that human judgment in decision making can be faulty and that breakdowns can occur because of human failures such as making errors. • Additionally, controls can be circumvented by two or more people colluding, and because management can override the internal control system.

Recommended

Coso framework
Coso frameworkCoso framework
Coso framework
Darryl Woolley
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
Irfan Ahmed - ACA, CICA
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
Manoj Agarwal
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Audit
ijazurrehman
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
Mahesh Patwardhan
 
Lecture slide, chapter 4, Other Assurance Engagements and Quality Standards
Lecture slide, chapter 4, Other Assurance Engagements and Quality StandardsLecture slide, chapter 4, Other Assurance Engagements and Quality Standards
Lecture slide, chapter 4, Other Assurance Engagements and Quality Standards
Sazzad Hossain, ITP, MBA, CSCA™
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
Manoj Agarwal
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
Jesús Gándara
 

Recommended

Coso framework
Coso frameworkCoso framework
Coso framework
Darryl Woolley
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
Irfan Ahmed - ACA, CICA
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
Manoj Agarwal
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Audit
ijazurrehman
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
Mahesh Patwardhan
 
Lecture slide, chapter 4, Other Assurance Engagements and Quality Standards
Lecture slide, chapter 4, Other Assurance Engagements and Quality StandardsLecture slide, chapter 4, Other Assurance Engagements and Quality Standards
Lecture slide, chapter 4, Other Assurance Engagements and Quality Standards
Sazzad Hossain, ITP, MBA, CSCA™
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
Manoj Agarwal
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
Jesús Gándara
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
Sazzad Hossain, ITP, MBA, CSCA™
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
ArmeniaFED
 
IFRS 3 Business Combinations
IFRS 3 Business CombinationsIFRS 3 Business Combinations
IFRS 3 Business Combinations
Nirmal Ghorawat
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Framework
hyesue
 
Risk based auditing
Risk based auditingRisk based auditing
Risk based auditing
Tunde Elijah Kelani
 
Internal audit
Internal auditInternal audit
Internal audit
S.M. Towhidul Islam
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
Treasury Consulting LLP
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
Haresh Lalwani
 
Lecture slide ,chapter 2, Governance and the Auditor
Lecture slide ,chapter 2, Governance and the AuditorLecture slide ,chapter 2, Governance and the Auditor
Lecture slide ,chapter 2, Governance and the Auditor
Sazzad Hossain, ITP, MBA, CSCA™
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Ibrahim Jimalle
 
Coso erm
Coso ermCoso erm
Coso erm
luisrobles_cl
 
Internal control & compliance of bank
Internal control & compliance of bankInternal control & compliance of bank
Internal control & compliance of bank
Mohammad Robiul
 
Auditing Chapter 1
Auditing Chapter 1Auditing Chapter 1
Auditing Chapter 1
aaykhan
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
Manoj Agarwal
 
Compiling an internal audit universe
Compiling an internal audit universeCompiling an internal audit universe
Compiling an internal audit universe
David Griffiths
 
Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal Audit
Smitesh Bhosale
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
Salih Islam
 
Internal Control
Internal ControlInternal Control
Internal Control
Salih Islam
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Ahmad Tariq Bhatti
 
Advanced Accounting
Advanced Accounting Advanced Accounting
Advanced Accounting
Abdulkadir Molla
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
Hardik Shah
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
Sophia Abigayle
 

More Related Content

What's hot

Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
Sazzad Hossain, ITP, MBA, CSCA™
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
ArmeniaFED
 
IFRS 3 Business Combinations
IFRS 3 Business CombinationsIFRS 3 Business Combinations
IFRS 3 Business Combinations
Nirmal Ghorawat
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Framework
hyesue
 
Risk based auditing
Risk based auditingRisk based auditing
Risk based auditing
Tunde Elijah Kelani
 
Internal audit
Internal auditInternal audit
Internal audit
S.M. Towhidul Islam
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
Treasury Consulting LLP
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
Haresh Lalwani
 
Lecture slide ,chapter 2, Governance and the Auditor
Lecture slide ,chapter 2, Governance and the AuditorLecture slide ,chapter 2, Governance and the Auditor
Lecture slide ,chapter 2, Governance and the Auditor
Sazzad Hossain, ITP, MBA, CSCA™
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Ibrahim Jimalle
 
Coso erm
Coso ermCoso erm
Coso erm
luisrobles_cl
 
Internal control & compliance of bank
Internal control & compliance of bankInternal control & compliance of bank
Internal control & compliance of bank
Mohammad Robiul
 
Auditing Chapter 1
Auditing Chapter 1Auditing Chapter 1
Auditing Chapter 1
aaykhan
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
Manoj Agarwal
 
Compiling an internal audit universe
Compiling an internal audit universeCompiling an internal audit universe
Compiling an internal audit universe
David Griffiths
 
Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal Audit
Smitesh Bhosale
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
Salih Islam
 
Internal Control
Internal ControlInternal Control
Internal Control
Salih Islam
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Ahmad Tariq Bhatti
 
Advanced Accounting
Advanced Accounting Advanced Accounting
Advanced Accounting
Abdulkadir Molla
 

What's hot (20)

Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
 
IFRS 3 Business Combinations
IFRS 3 Business CombinationsIFRS 3 Business Combinations
IFRS 3 Business Combinations
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Framework
 
Risk based auditing
Risk based auditingRisk based auditing
Risk based auditing
 
Internal audit
Internal auditInternal audit
Internal audit
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
Lecture slide ,chapter 2, Governance and the Auditor
Lecture slide ,chapter 2, Governance and the AuditorLecture slide ,chapter 2, Governance and the Auditor
Lecture slide ,chapter 2, Governance and the Auditor
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
Coso erm
Coso ermCoso erm
Coso erm
 
Internal control & compliance of bank
Internal control & compliance of bankInternal control & compliance of bank
Internal control & compliance of bank
 
Auditing Chapter 1
Auditing Chapter 1Auditing Chapter 1
Auditing Chapter 1
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
Compiling an internal audit universe
Compiling an internal audit universeCompiling an internal audit universe
Compiling an internal audit universe
 
Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal Audit
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
 
Internal Control
Internal ControlInternal Control
Internal Control
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Advanced Accounting
Advanced Accounting Advanced Accounting
Advanced Accounting
 

Viewers also liked

Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
Hardik Shah
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
Sophia Abigayle
 
Shock and Ore CIBSE TM56 supplement
Shock and Ore CIBSE TM56 supplementShock and Ore CIBSE TM56 supplement
Shock and Ore CIBSE TM56 supplement
Dave Cheshire
 
Dma120week01
Dma120week01Dma120week01
Dma120week01
Erica Hornung
 
PIP-DIP_Evaluation_Report
PIP-DIP_Evaluation_ReportPIP-DIP_Evaluation_Report
PIP-DIP_Evaluation_Report
Tatjana Muhic
 
Herramienta
HerramientaHerramienta
Herramienta
Tomas Ramires
 
Structure - Processing Linkages in Polyethylene
Structure - Processing Linkages in PolyethyleneStructure - Processing Linkages in Polyethylene
Structure - Processing Linkages in Polyethylene
david_brough1
 
Materi seminar binus university idx
Materi seminar binus university idxMateri seminar binus university idx
Materi seminar binus university idx
Zola Azaria
 
Quantum computers
Quantum computersQuantum computers
Quantum computers
Geet Patel
 
Virtualization
VirtualizationVirtualization
Virtualization
Jongseok Choi
 

Viewers also liked (10)

Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
 
Shock and Ore CIBSE TM56 supplement
Shock and Ore CIBSE TM56 supplementShock and Ore CIBSE TM56 supplement
Shock and Ore CIBSE TM56 supplement
 
Dma120week01
Dma120week01Dma120week01
Dma120week01
 
PIP-DIP_Evaluation_Report
PIP-DIP_Evaluation_ReportPIP-DIP_Evaluation_Report
PIP-DIP_Evaluation_Report
 
Herramienta
HerramientaHerramienta
Herramienta
 
Structure - Processing Linkages in Polyethylene
Structure - Processing Linkages in PolyethyleneStructure - Processing Linkages in Polyethylene
Structure - Processing Linkages in Polyethylene
 
Materi seminar binus university idx
Materi seminar binus university idxMateri seminar binus university idx
Materi seminar binus university idx
 
Quantum computers
Quantum computersQuantum computers
Quantum computers
 
Virtualization
VirtualizationVirtualization
Virtualization
 

Similar to COSO Internal Control - Integrated Framework

CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
Hafiz Sheikh Adnan Ahmed
 
COSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfCOSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdf
AliehaDhea
 
Performance audit adding value
Performance audit adding valuePerformance audit adding value
Performance audit adding value
icgfmconference
 
CIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingCIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditing
ariundalai1
 
Internal controls
Internal controlsInternal controls
Internal controls
Geetali Tare
 
CONTROLLING
CONTROLLING CONTROLLING
CONTROLLING
Sumitra Nath
 
Management control-system
Management control-systemManagement control-system
Management control-system
MUHAMMADU SATHIK RAJA
 
Module_1_Acctg440.pptx
Module_1_Acctg440.pptxModule_1_Acctg440.pptx
Module_1_Acctg440.pptx
LeahMaeNolasco
 
MF UNIT 5 CONTROLLING.pptx
MF UNIT 5 CONTROLLING.pptxMF UNIT 5 CONTROLLING.pptx
MF UNIT 5 CONTROLLING.pptx
Dr. Prof. Kiran Shinde
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
Ahmad Tariq Bhatti
 
Evaluation and control of the policies using GAP ANALYSIS
Evaluation and control of the policies using GAP ANALYSISEvaluation and control of the policies using GAP ANALYSIS
Evaluation and control of the policies using GAP ANALYSIS
Bojamma2
 
essentials of control.pdf
essentials of control.pdfessentials of control.pdf
essentials of control.pdf
VinceLeonardSee1
 
OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENT
Intan Noona
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
Mohammad Wahid Abdullah Khan
 
COSO.pptx
COSO.pptxCOSO.pptx
COSO.pptx
ThnhLTin6
 
Different Controlling Methods and Techniques.pptx
Different Controlling Methods and Techniques.pptxDifferent Controlling Methods and Techniques.pptx
Different Controlling Methods and Techniques.pptx
melmortiz1
 
Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSO
Dina Pramudianti
 
Coso erm
Coso ermCoso erm
Coso erm
Humberto Omar Valverde Taborga
 
Management control-system - ankit keshari
Management control-system - ankit keshariManagement control-system - ankit keshari
Management control-system - ankit keshari
ankitkeshari
 
Value of internal auditing
Value of internal auditingValue of internal auditing
Value of internal auditing
Hazem Saleh
 

Similar to COSO Internal Control - Integrated Framework (20)

CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
 
COSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfCOSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdf
 
Performance audit adding value
Performance audit adding valuePerformance audit adding value
Performance audit adding value
 
CIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingCIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditing
 
Internal controls
Internal controlsInternal controls
Internal controls
 
CONTROLLING
CONTROLLING CONTROLLING
CONTROLLING
 
Management control-system
Management control-systemManagement control-system
Management control-system
 
Module_1_Acctg440.pptx
Module_1_Acctg440.pptxModule_1_Acctg440.pptx
Module_1_Acctg440.pptx
 
MF UNIT 5 CONTROLLING.pptx
MF UNIT 5 CONTROLLING.pptxMF UNIT 5 CONTROLLING.pptx
MF UNIT 5 CONTROLLING.pptx
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Evaluation and control of the policies using GAP ANALYSIS
Evaluation and control of the policies using GAP ANALYSISEvaluation and control of the policies using GAP ANALYSIS
Evaluation and control of the policies using GAP ANALYSIS
 
essentials of control.pdf
essentials of control.pdfessentials of control.pdf
essentials of control.pdf
 
OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENT
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
 
COSO.pptx
COSO.pptxCOSO.pptx
COSO.pptx
 
Different Controlling Methods and Techniques.pptx
Different Controlling Methods and Techniques.pptxDifferent Controlling Methods and Techniques.pptx
Different Controlling Methods and Techniques.pptx
 
Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSO
 
Coso erm
Coso ermCoso erm
Coso erm
 
Management control-system - ankit keshari
Management control-system - ankit keshariManagement control-system - ankit keshari
Management control-system - ankit keshari
 
Value of internal auditing
Value of internal auditingValue of internal auditing
Value of internal auditing
 

Recently uploaded

Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
Top Forex Brokers Review
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
Norma Mushkat Gaffin
 
3 Simple Steps To Buy Verified Payoneer Account In 2024
3 Simple Steps To Buy Verified Payoneer Account In 20243 Simple Steps To Buy Verified Payoneer Account In 2024
3 Simple Steps To Buy Verified Payoneer Account In 2024
SEOSMMEARTH
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
aragme
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
thesiliconleaders
 
Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
Alexandra Fulford
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
fisherameliaisabella
 
How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
MJ Global
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
Corey Perlman, Social Media Speaker and Consultant
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
NZSG
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
ssuser567e2d
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
Aggregage
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
Christian Dahlen
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
JeremyPeirce1
 

Recently uploaded (20)

Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
 
3 Simple Steps To Buy Verified Payoneer Account In 2024
3 Simple Steps To Buy Verified Payoneer Account In 20243 Simple Steps To Buy Verified Payoneer Account In 2024
3 Simple Steps To Buy Verified Payoneer Account In 2024
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
 
Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
 
How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
 

COSO Internal Control - Integrated Framework

  • 2. DEFINITION OF INTERNAL CONTROL Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
  • 3. OBJECTIVES The Framework sets forth three categories of objectives, which allow organizations to focus on separate aspects of internal control: • Operations Objectives • Reporting Objectives • Compliance Objectives
  • 4. OPERATIONS OBJECTIVES These pertain to effectiveness and efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding assets against loss.
  • 5. REPORTING OBJECTIVES These pertain to internal and external financial and non-financial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, standard setters, or the entity’s policies.
  • 6. COMPLIANCE OBJECTIVES These pertain to adherence to laws and regulations to which the entity is subject.
  • 7. COMPONENTS Supporting the organization in its efforts to achieve objectives are five components of internal control: • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring Activities
  • 8. RELATIONSHIP OF OBJECTIVES, COMPONENTS AND THE ENTITY A direct relationship exists between objectives, which are what an entity strives to achieve, components, which represent what is required to achieve the objectives, and entity structure (the operating units, legal entities, and other structures). The relationship can be depicted in the form of a cube:
  • 9. • The three categories of objectives are represented by the columns. • The five components are represented by the rows. • The entity structure, which represents the overall entity, divisions, subsidiaries, operating units, or functions, including business processes such as sales, purchasing, production, and marketing and to which internal control relates, are depicted by the third dimension of the cube.
  • 10. CONTROL ENVIRONMENT • The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. • The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. • Management reinforces expectations at the various levels of the organization.
  • 11. PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ENVIRONMENT” Principle 1. The organization demonstrates a commitment to integrity and ethical values. Points of focus: • Sets the Tone at the Top • Establishes Standards of Conduct • Evaluates Adherence to Standards of Conduct • Addresses Deviations in a Timely Manner
  • 12. PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ENVIRONMENT” Principle 2: The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Points of Focus: • Establishes Oversight Responsibilities • Applies Relevant Expertise • Operates Independently • Provides Oversight for the System of Internal Control
  • 13. PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ENVIRONMENT” Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. Points of Focus: • Considers All Structures of the Entity • Establishes Reporting Lines • Defines, Assigns, and Limits Authorities and Responsibilities
  • 14. PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ENVIRONMENT” Principle 4: The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. Points of Focus: • Establishes Policies and Practices • Evaluates Competence and Addresses Shortcomings • Attracts, Develops, and Retains Individuals • Plans and Prepares for Succession
  • 15. PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ENVIRONMENT” Principle 5: The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. Points of Focus: • Enforces Accountability through Structures, Authorities, and Responsibilities • Establishes Performance Measures, Incentives, and Rewards • Evaluates Performance Measures, Incentives, and Rewards for Ongoing Relevance • Considers Excessive Pressures • Evaluates Performance and Rewards or Disciplines Individuals
  • 16. RISK ASSESSMENT • Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives. • Risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Risks to the achievement of these objectives from across the entity are considered relative to established risk tolerances. Thus, risk assessment forms the basis for determining how risks will be managed. • A precondition to risk assessment is the establishment of objectives, linked at different levels of the entity.
  • 17. PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 1. Points of Focus for Operations Objectives: • Reflects Management’s Choices • Considers Tolerances for Risk • Includes Operations and Financial Performance Goals • Forms a Basis for Committing of Resources
  • 18. PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 2. Points of Focus for External Financial Reporting Objectives: • Complies with Applicable Accounting Standards • Considers Materiality • Reflects Entity Activities
  • 19. PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 3. Points of Focus for External Non-Financial Reporting Objectives: • Complies with Externally Established Standards and Frameworks • Considers the Required Level of Precision • Reflects Entity Activities
  • 20. PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 4. Points of Focus for Internal Reporting Objectives: • Reflects Management’s Choices • Considers the Required Level of Precision • Reflects Entity Activities
  • 21. PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 5. Points of Focus for Compliance Objectives: • Reflects External Laws and Regulations • Considers Tolerances for Risk
  • 22. PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 7: The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. Points of Focus: • Includes Entity, Subsidiary, Division, Operating Unit, and Functional Levels • Analyzes Internal and External Factors • Involves Appropriate Levels of Management • Estimates Significance of Risks Identified • Determines How to Respond to Risks
  • 23. PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 8: The organization considers the potential for fraud in assessing risks to the achievement of objectives. Points of Focus: • Considers Various Types of Fraud • Assesses Incentive and Pressures • Assesses Opportunities • Assesses Attitudes and Rationalizations
  • 24. PRINCIPLES AND POINTS OF FOCUS OF THE “RISK ASSESSMENT” Principle 9: The organization identifies and assesses changes that could significantly impact the system of internal control. Points of Focus: • Assesses Changes in the External Environment • Assesses Changes in the Business Model • Assesses Changes in Leadership
  • 25. CONTROL ACTIVITIES • Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out. • Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated activities such as authorizations and approvals, verifications, reconciliations, and business performance reviews. • Segregation of duties is typically built into the selection and development of control activities. Where segregation of duties is not practical, management selects and develops alternative control activities.
  • 26. PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ACTIVITIES” Principle 10: The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. Points of Focus: • Integrates with Risk Assessment • Considers Entity-Specific Factors • Determines Relevant Business Processes • Evaluates a Mix of Control Activity Types • Considers at What Level Activities Are Applied • Addresses Segregation of Duties
  • 27. PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ACTIVITIES” Principle 11: The organization selects and develops general control activities over technology to support the achievement of objectives. Points of Focus: • Determines Dependency between the Use of Technology in Business Processes and Technology General Controls • Establishes Relevant Technology Infrastructure Control Activities • Establishes Relevant Security Management Process Control Activities • Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control Activities
  • 28. PRINCIPLES AND POINTS OF FOCUS OF THE “CONTROL ACTIVITIES” Principle 12: The organization deploys control activities through policies that establish what is expected and procedures that put policies into action. Points of Focus: • Establishes Policies and Procedures to Support Deployment of Management’s Directives • Establishes Responsibility and Accountability for Executing Policies and Procedures • Performs in a Timely Manner • Takes Corrective Action • Performs Using Competent Personnel • Reassesses Policies and Procedures
  • 29. INFORMATION AND COMMUNICATION • Information is necessary for the entity to carry out internal control responsibilities to support the achievement of its objectives. • Management obtains or generates and uses relevant and quality information from both internal and external sources to support the functioning of other components of internal control. • Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. • Internal communication is the means by which information is disseminated throughout the organization, flowing up, down, and across the entity. It enables personnel to receive a clear message from senior management that control responsibilities must be taken seriously. • External communication is twofold: – it enables inbound communication of relevant external information and – provides information to external parties in response to requirements and expectations.
  • 30. PRINCIPLES AND POINTS OF FOCUS OF THE “INFORMATION AND COMMUNICATION” Principle 13: The organization obtains or generates and uses relevant, quality information to support the functioning of other components of internal control. Points of Focus: • Identifies Information Requirements • Captures Internal and External Sources of Data • Processes Relevant Data into Information • Maintains Quality throughout Processing • Considers Costs and Benefits
  • 31. Principle 14: The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control. Points of Focus: • Communicates Internal Control Information • Communicates with the Board of Directors • Provides Separate Communication Lines • Selects Relevant Method of Communication PRINCIPLES AND POINTS OF FOCUS OF THE “INFORMATION AND COMMUNICATION”
  • 32. Principle 15: The organization communicates with external parties regarding matters affecting the functioning of other components of internal control. Points of Focus: • Communicates to External Parties • Enables Inbound Communications • Communicates with the Board of Directors • Provides Separate Communication Lines • Selects Relevant Method of Communication PRINCIPLES AND POINTS OF FOCUS OF THE “INFORMATION AND COMMUNICATION”
  • 33. MONITORING ACTIVITIES • Ongoing evaluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, is present and functioning. • Ongoing evaluations, built into business processes at different levels of the entity, provide timely information. • Separate evaluations, conducted periodically, will vary in scope and frequency depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations. • Findings are evaluated against criteria established by regulators, standard-setting bodies, or management and board of directors, and deficiencies are communicated to management and the board of directors as appropriate.
  • 34. PRINCIPLES AND POINTS OF FOCUS OF THE “MONITORING ACTIVITIES” Principle 16: The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. Points of Focus: • Considers a Mix of Ongoing and Separate Evaluations • Considers Rate of Change • Establishes Baseline Understanding • Uses Knowledgeable Personnel • Integrates with Business Processes • Adjusts Scope and Frequency • Objectively Evaluates
  • 35. PRINCIPLES AND POINTS OF FOCUS OF THE “MONITORING ACTIVITIES” Principle 17: The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. Points of Focus: • Assesses Results • Communicates Deficiencies • Monitors Corrective Actions
  • 36. LIMITATIONS OF INTERNAL CONTROL • Internal control, no matter how well designed, implemented and conducted, can provide only reasonable assurance to management and the board of directors of the achievement of an entity’s objectives. • The likelihood of achievement is affected by limitations inherent in all systems of internal control. These include the realities that human judgment in decision making can be faulty and that breakdowns can occur because of human failures such as making errors. • Additionally, controls can be circumvented by two or more people colluding, and because management can override the internal control system.