Internal Control Integrated Framework



Similar documents
Internal Control Integrated Framework. Guidance on Monitoring Internal Control Systems. Volume III Application Techniques.

Enterprise Risk Management Integrated Framework. Executive Summary

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

Internal Control over Financial Reporting Guidance for Smaller Public Companies. Volume I : Executive Summary

Ten Steps to SOX Compliance for Smaller Public Companies

C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t i o n s o f t h e T r e a d w a y C o m m i s s i o n

The 2013 COSO Framework & SOX Compliance

SOX 404 Compliance Challenges for Small Companies

Accounting Information for Decision Making. Accounting. Financial & Managerial. accounting. The Basis for Business Decisions. Learning Objective LO1

February Sample audit committee charter

Sarbanes-Oxley Control Transformation Through Automation

Strategic Risk Assessment. A first step for improving risk management and governance. COVER STORY. By Mark L. Frigo and Richard J.

Corporate Governor. New COSO Framework links IT and business process

PwC Advisory Internal Audit. PricewaterhouseCoopers State of the internal audit profession study: internal audit post Sarbanes-Oxley*

EXTERNAL AUDITOR ASSESSMENT TOOL

February Audit committee performance evaluation

EXTERNAL AUDITOR ASSESSMENT TOOL

International Institute of Management

The Role of the Board in Enterprise Risk Management

COSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:

COSO 2013 Internal Control Framework

[RELEASE NOS ; ; FR-77; File No. S ]

C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t i o n s o f t h e T r e a d w a y C o m m i s s i o n

How the COSO Frameworks Can Help

Asset Manager Guide to SAS 70. Issue Date: October 7, Asset

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

Sarbanes-Oxley Section 404: Management s Assessment Process

Sarbanes-Oxley Section 404 Implementation Practices of Leading Companies

Developing a Fraud Risk Management Program

Practical and ethical considerations on the use of cloud computing in accounting

Sarbanes-Oxley Compliance: Section 404-Past, Present, and Future

DEFINING OUR ROLE IN A CHANGING LANDSCAPE

Information Paper The Roles and Domain of the Professional Accountant in Business

Risk committee performance evaluation

At a glance. A provision to require a written assertion from company management is the most notable difference between the two standards.

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Partner With Your Auditor on Controls

Careers in Accounting

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

Internal Control - Integrated Framework

There are a number of reasons why more and more organizations

IFIAR 2015 Member Profile - PCAOB

Audit Committee Charter Altria Group, Inc. In the furtherance of this purpose, the Committee shall have the following authority and responsibilities:

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers

Audit of the Policy on Internal Control Implementation

The Committee of Sponsoring Organizations of the Treadway Commission

Third Party Risk Management 12 April 2012

Developing an Effective Enterprise Risk Management Program

Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC

GAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption

From The Womb To The Tomb. Managing The Audit Universe

STATEMENT STANDARDS IN PERSONAL FINANCIAL PLANNING SERVICES. PFP aicpa.org/pfp. Personal Financial Planning

COSO Framework 2013 & SOX Compliance. Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013

Business Management in the Global Economy with emphasis in

CHAPTER 7 PLANNING THE AUDIT: IDENTIFYING AND RESPONDING TO THE RISKS OF MATERIAL MISSTATEMENT

Risk, Governance & Regulatory Compliance Solutions

Internal Control Integrated Framework. May 2013

citybizlist : Citybizlist : Groundbreaking Ceremony Launches VA Health Care Center in Charlotte, NC

The Updated COSO Internal Control Framework. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Internal Auditing & Corporate Governance. ACC 636 Internal Auditing, Corporate Governance, and Control. School of Accountancy & MIS DePaul University

Moving Internal Audit Back into Balance

Shaping our Future QANTAS CORPORATE GOVERNANCE STATEMENT 2014 QANTAS AIRWAYS LIMITED ABN

Special Purpose Reports on the Effectiveness of Control Procedures

MOVING FORWARD Newpark Resources, Inc Annual Report

Controls Over EPA s Compass Financial System Need to Be Improved

OBSERVATIONS RELATED TO THE IMPLEMENTATION OF THE AUDITING STANDARD ON ENGAGEMENT QUALITY REVIEW

CHAPTER 12 AUDITING LONG-LIVED ASSETS: ACQUISITION, USE, IMPAIRMENT, AND DISPOSAL

IT GOVERNANCE WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR

Framing the future of corporate governance Deloitte Governance Framework

I. Bachelor of Applied Science Degree - BAS Business Management in the Global Economy with Emphasis in Accounting Program Title: Completion Award:

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

The AICPA s Enterprise Risk Management Initiative

TIS Section 9520, SSAE No. 16, Reporting on Controls at a Service Organization

OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING

Guide to Internal Control Over Financial Reporting

Dynamic Energy Alliance Corporation Florida (State or other jurisdiction of incorporation or organization)

How To Get A Tech Startup To Comply With Regulations

Sarbanes-Oxley Compliance Workbook. From Zero to SOX. Sarbanes-Oxley Compliance Workbook. sensiba san filippo

Introduction to Enterprise Risk Management at UVM DRAFT

Placing a Value on Enterprise Risk Management ADVISORY

FORUM ON TAX ADMINISTRATION

Compliance. TODAY June Meet Lanny A. Breuer. Assistant Attorney General, Criminal Division, U.S. Department of Justice.

Conceptual Basis of Internal Audit

Information about 2015 Inspections

Internal Control Strategies. A Mid to Small Business Guide

Service Organization Control (SOC) Reports

BDO Seidman, LLP Accountants and Consultants

CREDIT UNION CENTRAL OF CANADA NNUAL OVERNANCE REPORT

Annual Report. June, 2015

Revenues before Reimbursements. Add back: Depreciation and Amortization Expense. Diluted Earnings Per Share. Selected Other Information

Dallas Office Dallas Parkway Suite 1100 Dallas, TX

A Sarbanes-Oxley Roadmap to Business Continuity

2013 Compliance Outreach Program Boston Regional Office - May 16, 2013

Denver 311 Follow up Report

Monitoring Outside Service Providers, Part III: SAS 70 Updates

Transcription:

COMMITTEE OF SPONSORING ORGANIZATIONS OF THE TREADWAY COMMISSION Internal Control Integrated Framework Guidance on Monitoring Internal Control Systems Introduction

Committee of Sponsoring Organizations of the Treadway Commission Board Members Larry E. Rittenberg COSO Chair Charles E. Landes American Institute of Certified Public Accountants Mark S. Beasley American Accounting Association David A. Richards The Institute of Internal Auditors Michael P. Cangemi Financial Executives International Jeffrey Thomson Institute of Management Accountants Grant Thornton LLP Author Principal Contributors R. Trent Gazzaway (Project Leader) Managing of Corporate Governance Grant Thornton LLP Charlotte James P. Burton Grant Thornton LLP Denver J. Russell Gates President Dupage Consulting LLC Chicago Keith O. Newton Grant Thornton LLP Chicago Sridhar Ramamoorti Grant Thornton LLP Chicago Richard L. Wood Grant Thornton LLP Toronto R. Jay Brietz Senior Manager Grant Thornton LLP Charlotte Review Team Andrew D. Bailey Jr. Senior Policy Advisor Grant Thornton LLP Phoenix Dorsey L. Baskin Jr. Regional of Professional Standards Grant Thornton LLP Dallas Craig A. Emrick VP Senior Accounting Analyst Moody s Investors Service Philip B. Livingston Vice Chairman, Approva Corporation Former President and CEO, Financial Executives International COSO Task Force Abraham D. Akresh Senior Level Expert for Auditing Standards U.S. Government Accountability Office Douglas J. Anderson Corporate Auditor Dow Chemical Company Robert J. Benoit President and Director of SOX Research Lord & Benoit, LLC Richard D. Brounstein Chief Financial Officer, NewCardio, Inc. Director, The CFO Network Jennifer M. Burns Deloitte & Touche LLP Paul Caban Assistant Director U.S. Government Accountability Office James W. DeLoach Managing Director Protiviti Miles E. Everson PricewaterhouseCoopers LLP Audrey A. Gramling Associate Professor Kennesaw State University Scott L. Mitchell Chairman and CEO Open Compliance & Ethics Group James E. Newton KPMG LLP Edith G. Orenstein Director, Technical Policy Analysis Financial Executives International John H. Rife Ernst & Young LLP Michael P. Rose Grant Thornton LLP Former CEO and Senior GR Consulting LLP Robert S. Roussey Professor of Accounting University of Southern California Andre Van Hoek Vice President, Corporate Controller Celgene Corporation Observer Securities and Exchange Commission Josh K. Jones SEC Observer Professional Accounting Fellow

Guidance on Monitoring Internal Control Systems Introduction January 2009

. 1 2 3 4 5 6 7 8 9 0 LCN 0870517953 All Rights Reserved. No part of this publication may be reproduced, redistributed, transmitted or displayed in any form or by any means without written permission. For information regarding licensing and reprint permissions please contact the American Institute of Certified Public Accountants, licensing and permissions agent for COSO copyrighted materials. Direct all inquiries to copyright@aicpa.org or to AICPA, Attn: Manager, Rights and Permissions, 220 Leigh Farm Rd., Durham, NC 27707. Telephone inquiries may be directed to 888-777-7707. Additional copies of this work may be obtained by visiting www.cpa2biz.com.

1 Monitoring: An Integral Component of Internal Control Over the past decade, organizations have invested heavily in improving the quality of their internal control systems. They have made the investment for a number of reasons, notably: (1) good internal control is good business it helps organizations ensure that operating, financial and compliance objectives are met, and (2) many organizations are required to report on the quality of internal control over financial reporting, compelling them to develop specific support for their certifications and assertions. Internal control is designed to assist organizations in achieving their objectives. The five components of COSO s Internal Control Integrated Framework (the COSO Framework) work in tandem to mitigate the risks of an organization s failure to achieve those objectives. The COSO Board recognizes that management s assessment of internal control often has been a time-consuming task that involves a significant amount of annual management and/or internal audit testing. Effective monitoring can help streamline the assessment process, but many organizations do not fully understand this important component of internal control. As a result, they underutilize it in supporting their assessments of internal control. Figure 1 depicts the comprehensive nature of monitoring and illustrates how effective monitoring considers the collective effectiveness of all five components of internal control. Monitoring Applied to the Internal Control Process Figure 1 COSO s 2008 Guidance on Monitoring Internal Control Systems (COSO s Monitoring Guidance) was developed to clarify the monitoring component of internal control. It does not replace the guidance first issued in the COSO Framework or in COSO s 2006 Internal Control over Financial Reporting Guidance for Smaller Public Companies (COSO s 2006 Guidance). Rather, it

2 expounds on the basic principles contained in both documents, guiding organizations in implementing effective and efficient monitoring. How Does Monitoring Benefit the Governance Process? Unmonitored controls tend to deteriorate over time. Monitoring, as defined in the COSO Framework, is implemented to help ensure that internal control continues to operate effectively. 1 When monitoring is designed and implemented appropriately, organizations benefit because they are more likely to: Identify and correct internal control problems on a timely basis, Produce more accurate and reliable information for use in decision-making, Prepare accurate and timely financial statements, and Be in a position to provide periodic certifications or assertions on the effectiveness of internal control. Over time effective monitoring can lead to organizational efficiencies and reduced costs associated with public reporting on internal control because problems are identified and addressed in a proactive, rather than reactive, manner. Fundamentals of Effective Monitoring COSO s Monitoring Guidance builds on two fundamental principles originally established in COSO s 2006 Guidance: 2 Ongoing and/or separate evaluations enable management to determine whether the other components of internal control continue to function over time, and Internal control deficiencies are identified and communicated in a timely manner to those parties responsible for taking corrective action and to management and the board as appropriate. The monitoring guidance further suggests that these principles are best achieved through monitoring that is based on three broad elements: Establishing a foundation for monitoring, including (a) a proper tone at the top; (b) an effective organizational structure that assigns monitoring roles to people with appropriate capabilities, objectivity and authority; and (c) a starting point or baseline of known effective internal control from which ongoing monitoring and separate evaluations can be implemented; 1 COSO Framework, p. 69. 2 See principles #19 and #20 in COSO s Internal Control over Financial Reporting Guidance for Smaller Public Companies issued in 2006 (COSO s 2006 Guidance).

3 Designing and executing monitoring procedures focused on persuasive information about the operation of key controls that address meaningful risks to organizational objectives; and Assessing and reporting results, which includes evaluating the severity of any identified deficiencies and reporting the monitoring results to the appropriate personnel and the board for timely action and follow-up if needed. Breadth of Monitoring Processes Organizations may select from a wide variety of monitoring procedures, including but not limited to: Periodic evaluation and testing of controls by internal audit, Continuous monitoring programs built into information systems, Analysis of, and appropriate follow-up on, operating reports or metrics that might identify anomalies indicative of a control failure, Supervisory reviews of controls, such as reconciliation reviews as a normal part of processing, Self-assessments by boards and management regarding the tone they set in the organization and the effectiveness of their oversight functions, Audit committee inquiries of internal and external auditors, and Quality assurance reviews of the internal audit department. Continued advancements in technology and management techniques ensure that internal control and related monitoring processes will change over time. However, the fundamental concepts of monitoring, as outlined in COSO s Monitoring Guidance, are designed to stand the test of time. Using the Guidance to Move Monitoring Forward Management can begin the monitoring process by encouraging the people with control system responsibility to read COSO s Monitoring Guidance and consider how best to implement it or whether it has already been incorporated into certain areas. Further, personnel with appropriate skills, authority and resources should be charged by management with addressing these four fundamental questions: 1. Have we identified the meaningful risks to our objectives, for example, the risks related to producing accurate, timely and complete financial statements? 2. Which controls are key controls that will best support a conclusion regarding the effectiveness of internal control in those risk areas? 3. What information will be persuasive in telling us whether the controls are continuing to operate effectively?

4 4. Are we presently performing effective monitoring that is not well utilized in the evaluation of internal control, resulting in unnecessary and costly further testing? Management and the board of directors should understand the concepts of effective monitoring and how it serves their respective interests. As the board learns more about monitoring, it will develop the knowledge necessary to ask management in relation to any area of meaningful risk, How do you know the internal control system is working? COSO s Monitoring Guidance is designed to help organizations answer these and other questions within the context of their own unique circumstances circumstances that will change over time. As they progress in achieving effectiveness in monitoring, organizations likely will have the opportunity to further improve the process through the use of such tools as continuous monitoring software and exception reports tailored to their processes. The guidance also covers other concepts that are important to effective and efficient monitoring, including: The characteristics associated with the objectivity of the evaluator; The period of time and the circumstances by which an organization can rely on adequately designed indirect information when used in combination with ongoing or periodic persuasive direct information to conclude that internal control remains effective; Determining the sufficiency and suitability of information used in monitoring to ensure that the results can adequately support conclusions about internal control; and Ways in which the organization can make monitoring more efficient without reducing its effectiveness. COSO s Monitoring Guidance encompasses three volumes. Volume I presents the fundamental principles of effective monitoring and develops the linkage to the COSO Framework. Volume II conveys in greater detail the principles outlined in Volume I and provides guidance to those responsible for implementing effective monitoring. Volume III contains examples of effective monitoring. Many organizations, through applying the concepts set forth in the guidance, should improve the effectiveness and efficiency of their internal control systems. To that end, COSO s Monitoring Guidance is designed to help organizations (1) identify effective monitoring where it already exists and use it to the maximum benefit, and (2) identify less effective or efficient monitoring, leading to improvements. In both instances, the internal control system may be improved, increasing the likelihood that organizational objectives will be achieved.

Committee of Sponsoring Organizations of the Treadway Commission COSO is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. www.coso.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information