The templates are designed to help organizations customize and use the COSO templates to assess their internal control system based on the updated COSO Internal Control-Integrated Framework. The templates include an overall assessment, component assessments for each of the five components, and principle assessments for the seventeen principles. They summarize management's determination of whether components and principles are present and functioning.
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Taufir Alam
Introduction to the Presentation on internal financial control over financial reporting_a complete guide
The Companies Act, 2013 has introduced some new requirements relating to audits and reporting by the statutory auditors of companies.
One of these requirements is given under Section 143(3)(i) of the Act which requires the statutory auditor to state in his audit report whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls.
The section has cast onerous responsibilities on the statutory auditors because reporting on internal financial controls is not covered under the Standards on Auditing issued by the ICAI.
Since the concept of reporting on internal financial controls is still new in India this new reporting requirement has thrown up many challenges for the members.
To help the members properly understand and perform the various aspects of this reporting responsibility, the Auditing and Assurance Standards Board of the Institute of Chartered Accountants of India has brought out this Guidance Note on Audit of Internal Financial Controls Over Financial Reporting.
The Guidance Note covers aspects such as Scope of reporting on internal financial controls under Companies Act 2013, essential components of internal controls, Technical guidance on the audit of Internal Financial Controls, Implementation guidance on the audit of Internal Financial Controls.
I have presented the above guidance note into a presentation that will have a complete guide for those who are planning to go for Audit of Internal financial control over financial reporting. this presentation will cover all the relevant aspects and also provide the standard operation process for the efficient conduct of the IFCR Audit. You don't need to read the complete Guidance note.
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
This presentation is my endeavor to bring to notice the new position that internal audit enjoys today in the corporate framework, expectations of the industry and emerging opportunities for the professionals.
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Taufir Alam
Introduction to the Presentation on internal financial control over financial reporting_a complete guide
The Companies Act, 2013 has introduced some new requirements relating to audits and reporting by the statutory auditors of companies.
One of these requirements is given under Section 143(3)(i) of the Act which requires the statutory auditor to state in his audit report whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls.
The section has cast onerous responsibilities on the statutory auditors because reporting on internal financial controls is not covered under the Standards on Auditing issued by the ICAI.
Since the concept of reporting on internal financial controls is still new in India this new reporting requirement has thrown up many challenges for the members.
To help the members properly understand and perform the various aspects of this reporting responsibility, the Auditing and Assurance Standards Board of the Institute of Chartered Accountants of India has brought out this Guidance Note on Audit of Internal Financial Controls Over Financial Reporting.
The Guidance Note covers aspects such as Scope of reporting on internal financial controls under Companies Act 2013, essential components of internal controls, Technical guidance on the audit of Internal Financial Controls, Implementation guidance on the audit of Internal Financial Controls.
I have presented the above guidance note into a presentation that will have a complete guide for those who are planning to go for Audit of Internal financial control over financial reporting. this presentation will cover all the relevant aspects and also provide the standard operation process for the efficient conduct of the IFCR Audit. You don't need to read the complete Guidance note.
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
This presentation is my endeavor to bring to notice the new position that internal audit enjoys today in the corporate framework, expectations of the industry and emerging opportunities for the professionals.
Many leaders in today’s business environment have recognized the need for internal audit to play a larger role – one that expands on its historic focus on value preservation to encompass activities related to value creation. Leading integrated internal audit functions will need to stay ahead of the risk curve rather than simply follow the business, whilst preserving the core compliance and assurance activities senior management and the audit committee require. Audit functions that focus their efforts on significant risks are able to concentrate their audit resources on issues that drive the business. This 3-day course has been designed to help internal auditors understand what is needed to make the audit function totally risk based
Internal Audit is a tool of control to measure and evaluate the effectiveness of the working of an organization primarily with accounting, financial and operational matters.
Internal Audit plays a constructive role by rendering service to the management with objective appraisal of systems, procedures, practices, compliance with policies.
LetzConsult presents a smarter ways for companies to find the most relevant Consultant for their business needs. Find the right consultants for your Company on LetzConsult.com
The most comprehensive definition of internal audit is given by the IIA, USA. It is,
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes."
The purpose of the presentation is to provide clarification for a better understanding of what internal audit definition, objectives, functions, stages and reporting are all about? What difference does it make in the presence of an external audit? How different is its scope from that of the external audit? How internal audit standards contribute to better performance of internal audit work and its reporting to the Board or Audit Committee?
COSO's Internal Control - Integrated Framework.
Includes:
Objectives;
Components;
Principles relating to the components and
Point of Focus assisting users in determining whether the principles are present and functioning
Internal auditing departments are led by a chief audit executive ("CAE") who generally reports to the audit committee of the board of directors, with administrative reporting to the chief executive officer (In the United States this reporting relationship is required by law for publicly traded companies).
In 2013, COSO released their update to the COSO 1992 framework. This framework is used widely by public companies for SEC compliance. After working on updating their compliance efforts, many users are having discussions with their financial auditors about the use of the new standard.
This presentation looks at the needs of the auditor in understanding internal control and its documentation.
Many leaders in today’s business environment have recognized the need for internal audit to play a larger role – one that expands on its historic focus on value preservation to encompass activities related to value creation. Leading integrated internal audit functions will need to stay ahead of the risk curve rather than simply follow the business, whilst preserving the core compliance and assurance activities senior management and the audit committee require. Audit functions that focus their efforts on significant risks are able to concentrate their audit resources on issues that drive the business. This 3-day course has been designed to help internal auditors understand what is needed to make the audit function totally risk based
Internal Audit is a tool of control to measure and evaluate the effectiveness of the working of an organization primarily with accounting, financial and operational matters.
Internal Audit plays a constructive role by rendering service to the management with objective appraisal of systems, procedures, practices, compliance with policies.
LetzConsult presents a smarter ways for companies to find the most relevant Consultant for their business needs. Find the right consultants for your Company on LetzConsult.com
The most comprehensive definition of internal audit is given by the IIA, USA. It is,
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes."
The purpose of the presentation is to provide clarification for a better understanding of what internal audit definition, objectives, functions, stages and reporting are all about? What difference does it make in the presence of an external audit? How different is its scope from that of the external audit? How internal audit standards contribute to better performance of internal audit work and its reporting to the Board or Audit Committee?
COSO's Internal Control - Integrated Framework.
Includes:
Objectives;
Components;
Principles relating to the components and
Point of Focus assisting users in determining whether the principles are present and functioning
Internal auditing departments are led by a chief audit executive ("CAE") who generally reports to the audit committee of the board of directors, with administrative reporting to the chief executive officer (In the United States this reporting relationship is required by law for publicly traded companies).
In 2013, COSO released their update to the COSO 1992 framework. This framework is used widely by public companies for SEC compliance. After working on updating their compliance efforts, many users are having discussions with their financial auditors about the use of the new standard.
This presentation looks at the needs of the auditor in understanding internal control and its documentation.
Internal Control Assessment: Lessons Learned and the Pain Felt - 2014 RecapHein & Associates
This presentation will review the backlash resulting from the PCAOB Inspections and the newly implemented COSO 2013. Application of the information provided in the PCAOB Staff Audit Practice Alert 11. What is the definition of “Information Provided by Entity” and how does it apply to you?
For more information visit www.heincpa.com
افراطی گرایی اسلامی در پاکستان و تاثیر آن بر نا امنی در هندوستان1Majid Zavari
کشورهای هند و پاکستان در سال 1947م. در نتیجه مبارزات سیاسی و دینی از زمان تسلط استعمار بریتانیا بر این منطقه مستقل شدند. پیدایش دو کشور هند و پاکستان و رقابت مستمر آنها ناچارا به جهت گیریهای مختلف سیاسی بین این دو کشور منجر شده است. هندوستان با داشتن زمینه های تعدد قومیتی و مذهبی دینی خود دچار تنش های مستمر داخلی می باشد. مسئله کشمیر و جدایی پاکستان شرقی (بنگلادش) به کمک هندوستان بوده که تشدید کننده روابط و به نوعی به پیدایش گروه های افراطی در منطقه منجر شدهاست. بنابراین وجود اندیشه های افراطی اسلامی مانند طالبانیسم در پاکستان و همچنین تعدد و تکثر دینی مذهبی در هند اوضاع داخلی و روابط خارجی این کشورها را متشنج نموده است
بنابراین در مقاله حاضر بدنبال پاسخگویی سوال زیر بوده ایم: آیا افراطی گرایی اسلامی در پاکستان بر نا امنی در هندوستان تاثیر گذار می باشد؟ برای دست یابی به این سوال، در ابتدا به چگونگی شکل گیری افراطی در پاکستان اشاره خواهیم کرد سپس به تاثیر گذاری پاکستان و گروههای افراطی بر نا امنی در هند می پردازیم.
Intelligent water resources management with OGC SOS. Gestión Inteligente de R...Juan Luis Cardoso
El proyecto pretende ayudar a los administradores de la red a contrastar y analizar la información que ofrecen los sensores de la red hidráulica registrados en un sistema SCADA y los datos simulados de su correspondiente red EPANET.
Esa información es procesada y ofrecida a través de un servicio web conforme a los estándares SOS (Sensor Observation Service), basado en la tecnología opensource de 52°North SOS (https://github.com/52North/SOS). Para ello ha sido necesario el desarrollo de nueva funcionalidad en el servicio de 52°North SOS, implementando un mecanismo de plugins para el acoplamiento al vuelo de nuevas fuentes de datos (Sensores y datos observados). Se han implementado también dos nuevos plugins para la integración, respectivamente, de los sensores registrados en el SCADA y de los datos hidráulicos calculados en la simulación de su correspondiente red EPANET. Con esta funcionalidad se permite al usuario el contraste y análisis de la información que ofrecen dichos recursos.
A continuación, y con el objetivo de explotar adecuadamente esa información desde un visualizador web de mapas, se ha implementado una nueva librería en JavaScript que cumple con el estándar SOS 2.0 y que ha sido desarrollada con una arquitectura más modular y agnóstica que la actualmente ofrecida por 52°North (pensada para SOS 1.0 y OpenLayers 2), haciendo sencilla su posible extensión para integrarse con cualquier API de desarrollo web. Además en el marco de este proyecto se ha desarrollado la extensión para su utilización con OpenLayers 3.
El paso final ha consistido en el desarrollo de una aplicación web, utilizando los componentes descritos anteriormente, que permite a los gestores de la Mancomunidad controlar y monitorizar el estado de la red de Abastecimiento y comparar los datos en tiempo real con valores de simulación y valores históricos. Para el desarrollo de esta web se ha utilizado el API SITNA (http://sitna.navarra.es/geoportal/recursos/api.aspx API JavaScript basado en OpenLayers 3).
Posteriores desarrollos nos van a permitir la presentación «al vuelo» de nuevas simulaciones basadas en la modificación de los elementos de la red EPANET. Dichos procesos se ejecutarán basándose en peticiones y rutinas de tipo WPS y ofrecerán al usuario una potente herramienta para la simulación y análisis de los recursos hidráulicos de que dispone; simulación de roturas, o fugas de agua, cambios en la calibración de válvulas, etc.
1. Brand Management with Fashionothon By Fashionothon
2. What is a brand? Fashionothon Fashionothon brand is a name, term, sign, symbol, design or a combination of the above to identify the goods or service of a seller and differentiate it from the rest of the competitors
3. Fashionothon Intangible attributes- Fashionothon Tangible attributes -Fashionothon brand comprises of
4. Fashionothon Functional benefits- Fashionothon Attributes - Fashionothon Labelling - Fashionothon Packaging - Fashionothon Product -Fashionothon Tangibles Eg. Fashionothon
5. Fashionothon Image- Fashionothon Culture - Fashionothon Values - Fashionothon Emotional benefits - Fashionothon Quality -Fashionothon Intangibles Eg. Fashionothon
Wiad interface-acessivel-educacao-distancia-5diasJonathas Scott
Interface acessível para educação à distância em 5 dias.
Apresentação realizada no WIADRIO 2017.
O Desafio:
Aluna deficiente visual total com dificuldade para acessar o Ambiente Virtual de Aprendizagem.
Plataforma com tecnologias antigas.
Componentes com falhas de acessibilidade.
Pouca flexibilidade para melhorias de acessibilidade e arquitetura da informação.
Prazo: 5 dias.
O QUE "SER" ACESSIBILIDADE WEB ?
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...miguelserrano5851127
El Libro verde Normas de Control Interno en el Gobierno Federal, proporcionan el marco general para establecer y mantener un sistema de control interno efectivo.
El Libro Verde también puede ser adoptado por el estado, locales y cuasi estatales entidades, así como a las organizaciones sin fines de lucro, como un marco para un sistema de control interno.
Las normas revisadas conservan los cinco componentes del control interno, pero introducen 17 principios para ayudar a los gestores en la consecución de un sistema de control interno efectivo. El documento remarca claramente los requisitos a través del uso de “debe” y del “debería”.
Se adoptaron estos principios al ámbito público una vez que el COSO ha revisado y actualizado, durante el año pasado, su documento Control interno: Marco Integrado y puede ser aplicada por gobiernos estatales, locales, así como organizaciones sin fines de lucro, como un marco para su sistema de control interno.
El libro verde se estructura en cuatro partes. Una visión general de los conceptos fundamentales del control interno, un análisis de sus componentes, principios y atributos, así como una serie de consideraciones finales que se aplican a todos los componentes del sistema de control interno.
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here:
http://flevy.com/browse/business-document/audit-report-model-and-sample-268
This document "Audit Report: Model and Sample" contains a model of an audit report and a real sample from an IT Audit assignment (data of client not disclosed for privacy and confidentiality issues).
This has been used effectively in various types of internal and external audit assignments as well as consulting assignments, especially in reviewing internal controls for all types of companies.
In July 2015, the chief executive officer of Toshiba Corporation (Toshiba) resigned over the revelation of a JPY151.8 billion accounting scandal that shocked the world. Toshiba, a Japanese multinational conglomerate with net sales of JPY6.5 trillion and total assets of JPY6.2 trillion, had been widely criticized in the news for the multi-billion-dollar accounting fraud. The company's stock prices declined by 38% after the accounting probe was announced, and the company withdrew the dividend that had been declared earlier. These setbacks challenged company investors, who had always regarded Toshiba as a reputable company. The investors were wondering the same thing as everyone else watching the scandal unfold: How could a company with a 140-year history do this, and why? What were the consequences? What should Toshiba do in response to this crisis?
A seasoned audit and GRC professional with rich internal audit experience spanning over a decade. I have worked for various National & International corporates in services as well manufacturing sector. From setting-up a new internal audit/Compliance function to taking it to excellence and managing the established functions has been my specialty.
Having qualified, CIA, CISA, CBAP, CCSA, CRMA, APFA, CAMS and CFE I possess specialized knowledge of diversified audit and anti fraud risk areas which makes me an accomplished professional. In addition, my Master’s Degree in Business Admiration equips me with full range of academic and professional knowledge, values, skills & expertise necessary to operate with excellence as Chief Audit Executive.
Along with experience of 10 years in Internal Audit, Anti-Fraud, Risk management (ERM) IC (COSO) and BPR field I have also conducted more than 50 training and seminar sessions in the area of Audit Management, Data Analytics, Fraud Risk Management, COSO/ERM, Control self-assessment and IS Audit.
I am currently serving as Internal Audit Head in Fertilizer sector. I am a member of Advisory Council of Association of Certified Fraud Examiners and member audit committee at charitable institution. I am also a Lead facilitator/Trainer for Anti-Fraud and Risk Management, Audit and Compliance programs at Transformation Services Pvt Ltd.
IFRS Master Class Workshop, 30-31 March 2016Tahir Abbas
A training program providing you with a completely up-to-date practical analysis of the complex requirements of International Financial Reporting Standards.
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
Memorandum Of Association Constitution of Company.pptseri bangash
www.seribangash.com
A Memorandum of Association (MOA) is a legal document that outlines the fundamental principles and objectives upon which a company operates. It serves as the company's charter or constitution and defines the scope of its activities. Here's a detailed note on the MOA:
Contents of Memorandum of Association:
Name Clause: This clause states the name of the company, which should end with words like "Limited" or "Ltd." for a public limited company and "Private Limited" or "Pvt. Ltd." for a private limited company.
https://seribangash.com/article-of-association-is-legal-doc-of-company/
Registered Office Clause: It specifies the location where the company's registered office is situated. This office is where all official communications and notices are sent.
Objective Clause: This clause delineates the main objectives for which the company is formed. It's important to define these objectives clearly, as the company cannot undertake activities beyond those mentioned in this clause.
www.seribangash.com
Liability Clause: It outlines the extent of liability of the company's members. In the case of companies limited by shares, the liability of members is limited to the amount unpaid on their shares. For companies limited by guarantee, members' liability is limited to the amount they undertake to contribute if the company is wound up.
https://seribangash.com/promotors-is-person-conceived-formation-company/
Capital Clause: This clause specifies the authorized capital of the company, i.e., the maximum amount of share capital the company is authorized to issue. It also mentions the division of this capital into shares and their respective nominal value.
Association Clause: It simply states that the subscribers wish to form a company and agree to become members of it, in accordance with the terms of the MOA.
Importance of Memorandum of Association:
Legal Requirement: The MOA is a legal requirement for the formation of a company. It must be filed with the Registrar of Companies during the incorporation process.
Constitutional Document: It serves as the company's constitutional document, defining its scope, powers, and limitations.
Protection of Members: It protects the interests of the company's members by clearly defining the objectives and limiting their liability.
External Communication: It provides clarity to external parties, such as investors, creditors, and regulatory authorities, regarding the company's objectives and powers.
https://seribangash.com/difference-public-and-private-company-law/
Binding Authority: The company and its members are bound by the provisions of the MOA. Any action taken beyond its scope may be considered ultra vires (beyond the powers) of the company and therefore void.
Amendment of MOA:
While the MOA lays down the company's fundamental principles, it is not entirely immutable. It can be amended, but only under specific circumstances and in compliance with legal procedures. Amendments typically require shareholder
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraAvirahi City Dholera
The Tata Group, a titan of Indian industry, is making waves with its advanced talks with Taiwanese chipmakers Powerchip Semiconductor Manufacturing Corporation (PSMC) and UMC Group. The goal? Establishing a cutting-edge semiconductor fabrication unit (fab) in Dholera, Gujarat. This isn’t just any project; it’s a potential game changer for India’s chipmaking aspirations and a boon for investors seeking promising residential projects in dholera sir.
Visit : https://www.avirahi.com/blog/tata-group-dials-taiwan-for-its-chipmaking-ambition-in-gujarats-dholera/
LA HUG - Video Testimonials with Chynna Morgan - June 2024Lital Barkan
Have you ever heard that user-generated content or video testimonials can take your brand to the next level? We will explore how you can effectively use video testimonials to leverage and boost your sales, content strategy, and increase your CRM data.🤯
We will dig deeper into:
1. How to capture video testimonials that convert from your audience 🎥
2. How to leverage your testimonials to boost your sales 💲
3. How you can capture more CRM data to understand your audience better through video testimonials. 📊
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
1. Introduction
Four different templates are included:
•
•
•
• Deficiencies—A log of all identified internal control deficiencies that can be leveraged in the evaluation of components and principles, and can enable the internal
control deficiencies to be aggregated.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has issued the updated Internal Control–Integrated Framework (Framework) and a
companion document: Internal Control over Financial Reporting – Illustrative Tools for Assessing Effectiveness of a System of Internal Control (Illustrative Tools). It is
expected that organizations will customize the templates presented in the Illustrative Tools to match the facts and circumstances in their particular organizations. To help
organizations customize the templates for their assessment process and organization, this file is an extract of only the blank templates from the Illustrative Tools.
The form and use of the templates are explained in the Introduction to the Illustrative Tools ; they should not be used without reading and understanding that chapter. Also,
please refer t0 the Framework when using these templates, particularly, Chapter 2, Objectives, Components, and Principles, and Chapter 3, Effective Internal Control.
The templates are designed to present only a summary of assessment results. They are not an integral part of the Framework , and they may not address all matters that
need to be considered when assessing a system of internal control. Further, they do not repre-sent a preferred method of conducting and documenting an assessment.
Their purpose is limited to illustrating one possible assessment process based on the requirements for effective internal control set forth in the Framework .
Overall Assessment—Summarizes management’s determination of whether each of the components and relevant principles is present and functioning and
components are operating together in an integrated manner.
Components—Summarizes management’s determination of whether each component and relevant principles are present and functioning. A template for each of the
five components is included.
Principles—Summarizes the controls to effect principles and management’s determination of whether each relevant principle is present and functioning. A template
for each of the seventeen principles is included.
Internal Control — Integrated Framework • May 2013
2. 1. Overall Assessment of a System of Internal Control
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
* If it is determined that there is a major deficiency, management must conclude that the system of internal control is not effective.
Are all components operating together in an integrated manner?
Evaluate if a combination of internal control deficiencies, when aggregated
across components, represent a major deficiency*
<Update Summary of Deficiencies Template as needed>
Basis for conclusion
Control Environment
Monitoring Activities
Information and Communication
Risk Assessment
Is the overall system of internal control effective? <Y/N>*
Control Activities
Operations
Reporting
Compliance
Overall Assessment of a System of Internal Control
Entity or part of organization structure subject to the assessment (entity,
division, operating unit, function)
Objective(s) being considered for the scope of internal control being
assessed
Considerations regarding management’s acceptable level of risk
Internal Control — Integrated Framework • May 2013 2
3. 2. Component Evaluation
Component Evaluation – Control Environment
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
1.
Internal control deficiency description List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
2.
Internal control deficiency description List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Identification No. Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
Demonstrates Commitment to Integrity and Ethical Values—The organization
demonstrates a commitment to integrity and ethical values.
Identification No. Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
Exercises Oversight Responsibility—The board of directors demonstrates
independence from management and exercises oversight of the development and
performance of internal control.
Internal Control — Integrated Framework • May 2013 3
4. Component Evaluation – Control Environment
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
3.
Internal control deficiency description List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
4.
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compens
ating Controls
Identification No. Internal control deficiency description Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Establishes Structure, Authority, and Responsibility—Management establishes, with
board oversight, structures, reporting lines, and appropriate authorities and
responsibilities in the pursuit of objectives.
Identification No. Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
Demonstrates Commitment to Competence—The organization demonstrates a
commitment to attract, develop, and retain competent individuals in alignment with
objectives.
Internal Control — Integrated Framework • May 2013 4
5. Component Evaluation – Control Environment
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
5.
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Explanation/Conclusion
Is the component present?
List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Explanation/Conclusion
Enforces Accountability—The organization holds individuals accountable for their
internal control responsibilities in the pursuit of objectives.
Identification No. Internal control deficiency description Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
** If it is determined that there is a major deficiency, management must conclude that the component is not present and functioning and the system of internal control is not effective.
Evaluate deficiencies across the component:*
Evaluate if any internal control deficiencies or combination of internal control deficiencies,
when considered across the component, represent a major deficiency**
Evaluate the component using judgment and based on the principles and the deficiencies** Yes/No
Is the component functioning?
* Note: Record deficiencies in Summary of Deficiencies Template.
Internal Control — Integrated Framework • May 2013 5
6. Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
6.
Internal control deficiency description List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
7.
Internal control deficiency description List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Component Evaluation — Risk Assessment
Specifies Suitable Objectives—The organization specifies objectives with sufficient
clarity to enable the identification and assessment of risks relating to objectives.
Identification No. Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
Identification No. Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
Identifies and Analyzes Risks—The organization identifies risks to the achievement of
its objectives across the entity and analyzes risks as a basis for determining how the
risks should be managed.
Internal Control — Integrated Framework • May 2013 6
7. Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
8.
List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
9.
Internal control deficiency description List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Explanation/Conclusion
Is the component present?
** If it is determined that there is a major deficiency, management must conclude that the component is not present and functioning and the system of internal control is not effective.
Assesses Fraud Risk—The organization considers the potential for fraud in assessing
risks to the achievement of objectives.
Identification No. Internal control deficiency description Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
Component Evaluation — Risk Assessment
Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
Explanation/Conclusion
Identifies and Analyzes Significant Change—The organization identifies and
assesses changes that could significantly impact the system of internal control.
Identification No.
Evaluate deficiencies across the component:*
Evaluate if any internal control deficiencies or combination of internal control deficiencies,
when considered across the component, represent a major deficiency**
Evaluate the component using judgment and based on the principles and the
deficiencies**
Yes/No
Is the component functioning?
* Note: Record deficiencies in Summary of Deficiencies Template.
Internal Control — Integrated Framework • May 2013 7
8. Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
10.
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
11.
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Component Evaluation — Control Activities
Selects and Develops Control Activities—The organization selects and develops
control activities that contribute to the mitigation of risks to the achievement of objectives
to acceptable levels.
Identification No. Internal control deficiency description Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Selects and Develops General Controls over Technology—The organization selects
and develops general control activities over technology to support the achievement of
objectives.
Identification No. Internal control deficiency description
Internal Control — Integrated Framework • May 2013 8
9. Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
12.
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compens
ating Controls
Yes/No
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the component is not present and functioning and the system of internal control is not effective.
Deploys through Policies and Procedures – The organization deploys control
activities through policies that establish what is expected and procedures that put
policies into action.
Component Evaluation — Control Activities
Explanation/Conclusion
Evaluate deficiencies across the component:*
Evaluate if any internal control deficiencies or combination of internal control deficiencies,
when considered across the component, represent a major deficiency**
Evaluate the component using judgment and based on the principles and the deficiencies** Explanation/Conclusion
Identification No. Internal control deficiency description Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Is the component present?
Is the component functioning?
Internal Control — Integrated Framework • May 2013 9
10. Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
13
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
14
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compens
ating Controls
Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Component Evaluation — Information and Communication
Communicates Internally – The organization internally communicates information,
including objectives and responsibilities for internal control, necessary to support the
functioning of internal control.
Identification No. Internal control deficiency description
Uses Relevant Information – The organization obtains or generates and uses relevant,
quality information to support the functioning of internal control.
Identification No. Internal control deficiency description
Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Internal Control — Integrated Framework • May 2013 10
11. Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
15
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compens
ating Controls
Yes/No
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the component is not present and functioning and the system of internal control is not effective.
Communicates Externally – The organization communicates with external parties
regarding matters affecting the functioning of internal control.
Identification No. Internal control deficiency description Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Component Evaluation — Information and Communication
Evaluate the component using judgment and based on the principles and the deficiencies** Explanation/Conclusion
Is the component present?
Is the component functioning?
Explanation/Conclusion
Evaluate deficiencies across the component:*
Evaluate if any internal control deficiencies or combination of internal control deficiencies,
when considered across the component, represent a major deficiency**
Internal Control — Integrated Framework • May 2013 11
12. Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
16
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compen-
sating Controls
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
17
Is internal control
deficiency a major
deficiency? (Y/N)
Comments/Compens
ating Controls
Yes/No
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the component is not present and functioning and the system of internal control is not effective.
Evaluates and Communicates Deficiencies – The organization evaluates and
communicates internal control deficiencies in a timely manner to those parties
responsible for taking corrective action, including senior management and the board of
directors, as appropriate.
Identification No. Internal control deficiency description
Component Evaluation — Monitoring Activities
Conducts Ongoing and/or Separate Evaluations – The organization selects,
develops, and performs ongoing and/or separate evaluations to ascertain whether the
components of internal control are present and functioning.
Identification No. Internal control deficiency description Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Is the component functioning?
Evaluate deficiencies across the component:*
Evaluate if any internal control deficiencies or combination of internal control deficiencies,
when considered across the component, represent a major deficiency**
Evaluate the component using judgment and based on the principles and the deficiencies** Explanation/Conclusion
Is the component present?
Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
List internal control deficiencies related to
another principle that may impact this internal
control deficiency
Explanation/Conclusion
Internal Control — Integrated Framework • May 2013 12
13. 3. Principle Evaluation
Principle Evaluation – Control Environment
•
•
•
•
•
Preliminary Severity
– Is internal control
deficiency a major
deficiency? (Y/N)
Comments/
Compensating Controls
Y/N
Is the principle present?
Is the principle functioning?
* Note: Record deficiencies in Summary of Deficiencies Template.
Addresses Deviations in a Timely Manner – Deviations of the entity’s expected standards of conduct are identified and remedied in a timely and consistent
manner.
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 1
Deficiencies Applicable to Principle 1
Principle 1: Demonstrates Commitment to Integrity and Ethical Values
–The organization demonstrates a commitment to integrity and ethical values.
Points of Focus
Sets the Tone at the Top – The board of directors and management at all levels of the entity demonstrate through their directives, actions, and behavior the
importance of integrity and ethical values to support the functioning of the system of internal control.
Establishes Standards of Conduct – The expectations of the board of directors and senior management concerning integrity and ethical values are defined in the
entity’s standards of conduct and understood at all levels of the organization and by outsourced service providers and business partners.
Evaluate internal control deficiency severity:
(Consider whether controls to effect other
principles within and across components
compensate for the internal control deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Internal control deficiency descriptionIdentification No.
Evaluates Adherence to Standards of Conduct – Processes are in place to evaluate the performance of individuals and teams against the entity’s expected
standards of conduct.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major
deficiency.**
<Update Summary of Deficiencies Template as required>
Evaluate the principle using judgment.**
<Explanation>
Explanation/Conclusion
Internal Control — Integrated Framework • May 2013 13
14. •
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/
Compensating Controls
Y/N
Provides Oversight for the System of Internal Control—The board of directors retains oversight responsibility for management’s design, implementation, and
conduct of internal control:
– Control Environment —Establishing integrity and ethical values, oversight structures, authority and responsibility, expectations of competence, and
accountability to the board.
– Risk Assessment —Overseeing management’s assessment of risks to the achievement of objectives, including the potential impact of significant changes,
fraud, and management override of internal control.
– Control Activities —Providing oversight to senior management in the development and performance of control activities.
– Information and Communication —Analyzing and discussing information relating to the entity’s achievement of objectives.
– Monitoring Activities —Assessing and overseeing the nature and scope of monitoring activities and management’s evaluation and remediation of deficiencies.
Evaluate the principle using judgment.** Explanation/Conclusion
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 2
Deficiencies Applicable to Principle 2
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Principle 2: Exercises Oversight Responsibility
—The board of directors demonstrates independence from management and exercises oversight of the development and
performance of internal control.
Points of Focus
Establishes Oversight Responsibilities—The board of directors identifies and accepts its oversight responsibilities in relation to established requirements and
expectations.
Is the principle present?
Is the principle functioning?
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Applies Relevant Expertise—The board of directors defines, maintains, and periodically evaluates the skills and expertise needed among its members to enable
them to ask probing questions of senior management and take commensurate actions.
Operates Independently—The board of directors has sufficient members who are independent from management and objective in evaluations and decision
making.
Internal Control — Integrated Framework • May 2013 14
16. •
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/
Compensating Controls
Y/N
(Other entity specific points of focus, if any)
Principle 3: Establishes Structure, Authority, and Responsibility
—Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the
pursuit of objectives.
Points of Focus
Considers All Structures of the Entity—Management and the board of directors consider the multiple structures used (including operating units, legal entities,
geographic distribution, and outsourced service providers) to support the achievement of objectives.
Establishes Reporting Lines—Management designs and evaluates lines of reporting for each entity structure to enable execution of authorities and
responsibilities and flow of information to manage the activities of the entity.
Defines, Assigns, and Limits Authorities and Responsibilities —Management and the board of directors delegate authority, define responsibilities, and use
appropriate processes and technology to assign responsibility and segregate duties as necessary at the various levels of the organization:
– Board of Directors — Retains authority over significant decisions and reviews management’s assignments and limitations of authorities and
responsibilities
– Senior Management —Establishes directives, guidance, and control to enable management and other personnel to understand and carry out their internal
control responsibilities
– Management —Guides and facilitates the execution of senior management directives within the entity and its subunits
– Personnel —Understands the entity’s standard of conduct, assessed risks to objectives, and the related control activities at their respective levels of the
entity, the expected information and communication flow, and monitoring activities relevant to their achievement of the objectives
– Outsourced Service Providers —Adheres to management’s definition of the scope of authority and responsibility for all non-employees engaged
Evaluate the principle using judgment.** Explanation/Conclusion
Summary of Controls to Effect Principle 3
Deficiencies Applicable to Principle 3
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Is the principle present?
Is the principle functioning?
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Internal Control — Integrated Framework • May 2013 16
17. •
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/
Compensating Controls
Y/N
Plans and Prepares for Succession—Senior management and the board of directors develop contingency plans for assignments of responsibility important for
internal control.
Principle 4: Demonstrates Commitment to Competence
—The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
Points of Focus
Establishes Policies and Practices—Policies and practices reflect expectations of competence necessary to support the achievement of objectives.
Evaluates Competence and Addresses Shortcomings—The board of directors and management evaluate competence across the organization and in
outsourced service providers in relation to established policies and practices, and act as necessary to address shortcomings.
Attracts, Develops, and Retains Individuals—The organization provides the mentoring and training needed to attract, develop, and retain sufficient and
competent personnel and outsourced service providers to support the achievement of objectives.
Evaluate the principle using judgment.** Explanation/Conclusion
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 4
Deficiencies Applicable to Principle 4
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Is the principle present?
Is the principle functioning?
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Internal Control — Integrated Framework • May 2013 17
18. •
•
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/
Compensating Controls
Y/N
Considers Excessive Pressures—Management and the board of directors evaluate and adjust pressures associated with the achievement of objectives as they
assign responsibilities, develop performance measures, and evaluate performance.
Principle 5: Enforces Accountability
—The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.
Points of Focus
Enforces Accountability through Structures, Authorities, and Responsibilities—Management and the board of directors establish the mechanisms to
communicate and hold individuals accountable for performance of internal control responsibilities across the organization and implement corrective action as
necessary.
Establishes Performance Measures, Incentives, and Rewards—Management and the board of directors establish performance measures, incentives, and other
rewards appropriate for responsibilities at all levels of the entity, reflecting appropriate dimensions of performance and expected standards of conduct, and
considering the achievement of both short-term and longer-term objectives.
Evaluates Performance Measures, Incentives, and Rewards for Ongoing Relevance—Management and the board of directors align incentives and rewards with
the fulfillment of internal control responsibilities in the achievement of objectives.
Evaluate the principle using judgment.** Explanation/Conclusion
Evaluates Performance and Rewards or Disciplines Individuals—Management and the board of directors evaluate performance of internal control
responsibilities, including adherence to standards of conduct and expected levels of competence and provide rewards or exercise disciplinary action as
appropriate.
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 5
Deficiencies Applicable to Principle 5
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Is the principle present?
Is the principle functioning?
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Internal Control — Integrated Framework • May 2013 18
19. •
•
•
•
External Financial Reporting Objectives
•
•
•
•
•
•
Internal Reporting Objectives
•
•
•
Compliance Objectives
•
•
•
Includes Operations and Financial Performance Goals—The organization reflects the desired level of operations and financial performance for the entity within
operations objectives.
Principle 6: Specifies Suitable Objectives
—The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
Reflects Management’s Choices—Operations objectives reflect management’s choices about structure, industry considerations, and performance of the entity.
Considers Tolerances for Risk—Management considers the acceptable levels of variation relative to the achievement of operations objectives.
Operations Objectives
Principle Evaluation – Risk Assessment
Reflects External Laws and Regulations—Laws and regulations establish minimum standards of conduct which the entity integrates into compliance objectives.
Forms a Basis for Committing of Resources—Management uses operations objectives as a basis for allocating resources needed to attain desired operations
and financial performance.
Complies with Applicable Accounting Standards—Financial reporting objectives are consistent with accounting principles suitable and available for that entity.
The accounting principles selected are appropriate in the circumstances.
Considers Materiality—Management considers materiality in financial statement presentation.
Reflects Entity Activities—External reporting reflects the underlying transactions and events to show qualitative characteristics and assertions.
External Non-Financial Reporting Objectives
Complies with Externally Established Standards and Frameworks—Management establishes objectives consistent with laws and regulations, or standards and
frameworks of recognized external organizations.
Considers the Required Level of Precision—Management reflects the required level of precision and accuracy suitable for user needs and as based on criteria
established by third parties in non-financial reporting.
Reflects Entity Activities—External reporting reflects the underlying transactions and events within a range of acceptable limits.
Reflects Management’s Choices—Internal reporting provides management with accurate and complete information regarding management’s choices and
information needed in managing the entity.
Considers the Required Level of Precision—Management reflects the required level of precision and accuracy suitable for user needs in non-financial reporting
objectives and materiality within financial reporting objectives.
Reflects Entity Activities—Internal reporting reflects the underlying transactions and events within a range of acceptable limits.
Considers Tolerances for Risk—Management considers the acceptable levels of variation relative to the achievement of compliance objectives.
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 6
Points of Focus
Internal Control — Integrated Framework • May 2013 19
20. Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Evaluate the principle using judgment.** Explanation/Conclusion
Deficiencies Applicable to Principle 6
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Is the principle present?
Is the principle functioning?
Internal Control — Integrated Framework • May 2013 20
21. •
•
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
(Other entity specific points of focus, if any)
Principle 7: Identifies and Analyzes Risk
—The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining
how the risks should be managed.
Points of Focus
Includes Entity, Subsidiary, Division, Operating Unit, and Functional Levels—The organization identifies and assesses risks at the entity, subsidiary, division,
operating unit, and functional levels relevant to the achievement of objectives.
Analyzes Internal and External Factors—Risk identification considers both internal and external factors and their impact on the achievement of objectives.
Involves Appropriate Levels of Management—The organization puts into place effective risk assessment mechanisms that involve appropriate levels of
management.
Estimates Significance of Risks Identified—Identified risks are analyzed through a process that includes estimating the potential significance of the risk.
Determines How to Respond to Risks—Risk assessment includes considering how the risk should be managed and whether to accept, avoid, reduce, or share
the risk.
Summary of Controls to Effect Principle 7
Deficiencies Applicable to Principle 7
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Evaluate the principle using judgment.** Explanation/Conclusion
Is the principle present?
Is the principle functioning?
Internal Control — Integrated Framework • May 2013 21
22. •
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Points of Focus
Principle 8: Assesses Fraud Risk
—The organization considers the potential for fraud in assessing risks to the achievement of objectives.
Considers Various Types of Fraud—The assessment of fraud considers fraudulent reporting, possible loss of assets, and corruption resulting from the various
ways that fraud and misconduct can occur.
Assesses Incentive and Pressures—The assessment of fraud risk considers incentives and pressures.
Assesses Opportunities—The assessment of fraud risk considers opportunities for unauthorized acquisition, use, or disposal of assets, altering of the entity’s
reporting records, or committing other inappropriate acts.
Assesses Attitudes and Rationalizations—The assessment of fraud risk considers how management and other personnel might engage in or justify
inappropriate actions.
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 8
Deficiencies Applicable to Principle 8
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Evaluate the principle using judgment.** Explanation/Conclusion
Is the principle present?
Is the principle functioning?
Internal Control — Integrated Framework • May 2013 22
23. •
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Points of Focus
Principle 9: Identifies and Analyzes Significant Change
—The organization identifies and assesses changes that could significantly impact the system of internal control.
Assesses Changes in the External Environment—The risk identification process considers changes to the regulatory, economic, and physical environment in
which the entity operates.
Assesses Changes in the Business Model—The organization considers the potential impacts of new business lines, dramatically altered compositions of existing
business lines, acquired or divested business operations on the system of internal control, rapid growth, changing reliance on foreign geographies, and new
technologies.
Assesses Changes in Leadership—The organization considers changes in management and respective attitudes and philosophies on the system of internal
control.
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 9
Deficiencies Applicable to Principle 9
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Evaluate the principle using judgment.** Explanation/Conclusion
Is the principle present?
Is the principle functioning?
Internal Control — Integrated Framework • May 2013 23
24. •
•
•
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Evaluate the principle using judgment.** Explanation/Conclusion
Is the principle present?
Integrates with Risk Assessment—Control activities help ensure that risk responses that address and mitigate risks are carried out.
Principle Evaluation – Control Activities
Principle 10: Selects and Develops Control Activities
—The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to
acceptable levels.
Considers Entity-Specific Factors—Management considers how the environment, complexity, nature, and scope of its operations, as well as the specific
characteristics of its organization, affect the selection and development of control activities.
Evaluates a Mix of Control Activity Types—Control activities include a range and variety of controls and may include a balance of approaches to mitigate risks,
considering both manual and automated controls, and preventive and detective controls.
Considers at What Level Activities Are Applied—Management considers control activities at various levels in the entity.
Addresses Segregation of Duties—Management segregates incompatible duties, and where such segregation is not practical management selects and
develops alternative control activities.
Summary of Controls to Effect Principle 10
Deficiencies Applicable to Principle 10
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
(Other entity specific points of focus, if any)
Determines Relevant Business Processes—Management determines which relevant business processes require control activities.
Is the principle functioning?
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Points of Focus
Internal Control — Integrated Framework • May 2013 24
25. •
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
Determines Dependency between the Use of Technology in Business Processes and Technology General Controls—Management understands and determines
the dependency and linkage between business processes, automated control activities, and technology general controls.
Establishes Relevant Technology Infrastructure Control Activities—Management selects and develops control activities over the technology infrastructure, which
are designed and implemented to help ensure the completeness, accuracy, and availability of technology processing.
Establishes Relevant Security Management Process Control Activities—Management selects and develops control activities that are designed and implemented
to restrict technology access rights to authorized users commensurate with their job responsibilities and to protect the entity’s assets from external threats.
Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control Activities—Management selects and develops control activities
over the acquisition, development, and maintenance of technology and its infrastructure to achieve management’s objectives.
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 11
Deficiencies Applicable to Principle 11
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Principle 11: Selects and Develops General Controls over Technology
—The organization selects and develops general control activities over technology to support the achievement of objectives.
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Evaluate the principle using judgment.** Explanation/Conclusion
Is the principle present?
Is the principle functioning?
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Points of Focus
Internal Control — Integrated Framework • May 2013 25
26. •
•
•
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
* Note: Record deficiencies in Summary of Deficiencies Template.
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Principle 12: Deploys through Policies and Procedures
—The organization deploys control activities through policies that establish what is expected and procedures that put policies into
action.
Establishes Policies and Procedures to Support Deployment of Management’s Directives—Management establishes control activities that are built into business
processes and employees’ day-to-day activities through policies establishing what is expected and relevant procedures specifying actions.
Establishes Responsibility and Accountability for Executing Policies and Procedures—Management establishes responsibility and accountability for control
activities with management (or other designated personnel) of the business unit or function in which the relevant risks reside.
Performs in a Timely Manner—Responsible personnel perform control activities in a timely manner as defined by the policies and procedures.
Takes Corrective Action—Responsible personnel investigate and act on matters identified as a result of executing control activities.
Performs Using Competent Personnel—Competent personnel with sufficient authority perform control activities with diligence and continuing focus.
Reassesses Policies and Procedures—Management periodically reviews control activities to determine their continued relevance, and refreshes them when
necessary.
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 12
Deficiencies Applicable to Principle 12
Points of Focus
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Evaluate the principle using judgment.** Explanation/Conclusion
Is the principle present?
Is the principle functioning?
Internal Control — Integrated Framework • May 2013 26
27. •
•
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Evaluate the principle using judgment.** Explanation/Conclusion
Is the principle present?
Is the principle functioning?
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Deficiencies Applicable to Principle 13
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Processes Relevant Data into Information—Information systems process and transform relevant data into information.
Maintains Quality throughout Processing—Information systems produce information that is timely, current, accurate, complete, accessible, protected, and
verifiable and retained. Information is reviewed to assess its relevance in supporting the internal control components.
Considers Costs and Benefits—The nature, quantity, and precision of information communicated are commensurate with and support the achievement of
objectives.
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 13
Principle Evaluation—Information and Communication
Principle 13: Uses Relevant Information
—The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.
Identifies Information Requirements—A process is in place to identify the information required and expected to support the functioning of the other components
of internal control and the achievement of the entity’s objectives.
Captures Internal and External Sources of Data—Information systems capture internal and external sources of data.
Points of Focus
Internal Control — Integrated Framework • May 2013 27
28. •
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
* Note: Record deficiencies in Summary of Deficiencies Template.
Evaluate the principle using judgment.** Explanation/Conclusion
Is the principle present?
Is the principle functioning?
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Deficiencies Applicable to Principle 14
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Communicates with the Board of Directors—Communication exists between management and the board of directors so that both have information needed to
fulfill their roles with respect to the entity’s objectives.
Provides Separate Communication Lines—Separate communication channels, such as whistle-blower hotlines, are in place and serve as fail-safe mechanisms
to enable anonymous or confidential communication when normal channels are inoperative or ineffective.
Selects Relevant Method of Communication—The method of communication considers the timing, audience, and nature of the information.
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 14
Principle 14: Communicates Internally
—The organization internally communicates information, including objectives and responsibilities for internal control, necessary to
support the functioning of internal control.
Points of Focus
Communicates Internal Control Information—A process is in place to communicate required information to enable all personnel to understand and carry out their
internal control responsibilities.
Internal Control — Integrated Framework • May 2013 28
29. •
•
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Evaluate the principle using judgment.** Explanation/Conclusion
Is the principle present?
Is the principle functioning?
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Summary of Controls to Effect Principle 15
Deficiencies Applicable to Principle 15
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Enables Inbound Communications—Open communication channels allow input from customers, consumers, suppliers, external auditors, regulators, financial
analysts, and others, providing management and the board of directors with relevant information.
Communicates with the Board of Directors—Relevant information resulting from assessments conducted by external parties is communicated to the board of
directors.
Provides Separate Communication Lines—Separate communication channels, such as whistle-blower hotlines, are in place and serve as fail-safe mechanisms
to enable anonymous or confidential communication when normal channels are inoperative or ineffective.
Selects Relevant Method of Communication—The method of communication considers the timing, audience, and nature of the communication and legal,
regulatory, and fiduciary requirements and expectations.
(Other entity specific points of focus, if any)
Principle 15: Communicates Externally
—The organization communicates with external parties regarding matters affecting the functioning of internal control.
Points of Focus
Communicates to External Parties—Processes are in place to communicate relevant and timely information to external parties including shareholders, partners,
owners, regulators, customers, and financial analysts and other external parties.
Internal Control — Integrated Framework • May 2013 29
30. •
•
•
•
•
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
Is the principle present?
Is the principle functioning?
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Evaluate the principle using judgment.** Explanation/Conclusion
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Adjusts Scope and Frequency—Management varies the scope and frequency of separate evaluations depending on risk.
Objectively Evaluates—Separate evaluations are performed periodically to provide objective feedback.
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 16
Deficiencies Applicable to Principle 16
Considers a Mix of Ongoing and Separate Evaluations—Management includes a balance of ongoing and separate evaluations.
Considers Rate of Change—Management considers the rate of change in business and business processes when selecting and developing ongoing and
separate evaluations.
Establishes Baseline Understanding—The design and current state of an internal control system are used to establish a baseline for ongoing and separate
evaluations.
Uses Knowledgeable Personnel—Evaluators performing ongoing and separate evaluations have sufficient knowledge to understand what is being evaluated.
Integrates with Business Processes—Ongoing evaluations are built into the business processes and adjust to changing conditions.
Principle Evaluation—Monitoring Activities
Principle 16: Conducts Ongoing and/or Separate Evaluations
—The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of
internal control are present and functioning.
Points of Focus
Internal Control — Integrated Framework • May 2013 30
31. •
•
•
•
Preliminary
Severity—Is internal
control deficiency a
major deficiency?
(Y/N)
Comments/Compensating
Controls
Y/N
Monitors Corrective Actions—Management tracks whether deficiencies are remediated on a timely basis.
(Other entity specific points of focus, if any)
Summary of Controls to Effect Principle 17
Deficiencies Applicable to Principle 17
Identification No. Internal control deficiency description Evaluate preliminary deficiency severity:
(Consider whether other controls to effect this
principle compensate for the internal control
deficiency.)
List internal control deficiencies
related to another principle that
may impact this internal control
deficiency
Principle 17: Evaluates and Communicates Deficiencies
—The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking
corrective action, including senior management and the board of directors, as appropriate.
Points of Focus
Assesses Results—Management and the board of directors, as appropriate, assess results of ongoing and separate evaluations.
Communicates Deficiencies—Deficiencies are communicated to parties responsible for taking corrective action and to senior management and the board of
directors, as appropriate.
* Note: Record deficiencies in Summary of Deficiencies Template.
** If it is determined that there is a major deficiency, management must conclude that the principle is not present and functioning and the system of internal control is not effective.
Evaluate the principle using judgment.** Explanation/Conclusion
Is the principle present?
Is the principle functioning?
Evaluate deficiencies within the principle:*
Evaluate if any internal control deficiencies or combination of internal control
deficiencies, when considered within the principle, represent a major deficiency**
<Update Summary of Deficiencies Template as required>
<Explanation>
Internal Control — Integrated Framework • May 2013 31
32. 4. Summary of Deficiencies
Component Principle
List any internal control
deficiencies in other principles
that may have contributed to this
internal control deficiency
This template is an example of a summary of deficiencies. Management may tailor this template to include additional columns to capture other relevant information, as needed.
Summary of Deficiencies
ID # Source of the internal control
deficiency
Internal Control
Deficiency
Description
Severity
Considerations
Is internal
control
deficiency a
major
deficiency?
(Y/N)
Owner Remediation
Plan and Date
Impact on
Present/
Functioning
Internal Control — Integrated Framework • May 2013 32