Summary of Internal Control-Integrated Framework by COSO:



Similar documents
Internal Control - Integrated Framework

COSO Internal Control Integrated Framework (2013)

Internal Control Questionnaire and Assessment

FRAMEWORK FOR THE EVALUATION OF INTERNAL CONTROL SYSTEMS

Table of Contents: Chapter 2 Internal Control

FRAMEWORK FOR INTERNAL CONTROL SYSTEMS IN BANKING ORGANISATIONS (September 1998)

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

Module 6 Documenting Processes and Controls

COSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

[RELEASE NOS ; ; FR-77; File No. S ]

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Accounting Information for Decision Making. Accounting. Financial & Managerial. accounting. The Basis for Business Decisions. Learning Objective LO1

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners

Guide to Internal Control Over Financial Reporting

A LAYPERSON S GUIDE INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR)

Risk Management Advisory Services, LLC Capital markets audit and control

Fraud Prevention and Deterrence

The PNC Financial Services Group, Inc. Business Continuity Program

PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES

RISK ASSESSMENT CHECKLIST

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNATIONAL STANDARD ON AUDITING 240 THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

WHITE PAPER INTERNAL CONTROL WITH ADRA

COMPANY LEVEL CONTROLS A PRACTICAL FRAMEWORK

Control Environment Questionnaire

MEMORANDUM. Municipal Officials. From: Karen Horn, Director, Public Policy and Advocacy; and Abby Friedman, Director, Municipal Assistance Center

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

A new approach in the assessment of the internal control systems applied in the public sector 1

FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE

On the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal

One source. One amazing service. Procurement Process and the Sarbanes-Oxley Act

GARMIN LTD. CORPORATE GOVERNANCE GUIDELINES

Audit of the Policy on Internal Control Implementation

IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Industry Sound Practices for Financial and Accounting Controls at Financial Institutions

Inspection Observations Related to PCAOB "Risk Assessment" Auditing Standards (No. 8 through No.15)

Antifraud program and controls assessment grid*

Inspection of Fazzari + Partners LLP Chartered Accountants (Headquartered in Vaughan, Canada) Public Company Accounting Oversight Board

STAFF GUIDANCE FOR AUDITORS OF SEC-REGISTERED BROKERS AND DEALERS JUNE 26, 2014

INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT NO. П4-01 П-01 REVISION1.00

This is Appendix A: Sarbanes-Oxley and Other Recent Reforms, appendix 1 from the book Governing Corporations (index.html) (v. 1.0).

United States General Accounting Office GAO. Internal Control Standards. Internal Control Management and Evaluation Tool. August 2001 GAO G

Audit Committee Charter

PRINCIPLES FOR PERIODIC DISCLOSURE BY LISTED ENTITIES

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

6/8/2016 OVERVIEW. Page 1 of 9

Enterprise Risk Management

Standards for Internal Control

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:

Master Document Audit Program. Version 1.8, dated November B-01 Planning Considerations

Audit Phases. Phase 1: Planning and Risk Identification

ISACA PROFESSIONAL RESOURCES

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition

CYBER SUPPLY INC. (Exact name of registrant as specified in its charter)

Corporate Governance Guidelines

CITY OF BURLINGTON COSO FRAMEWORK & COMPLIANCE

Sample Financial institution Risk Management Policy 2011

White Paper: The Sarbanes-Oxley Act Public Company Accounting Reform and Investment Protection Act

February Sample audit committee charter

CHAPTER 4 EFFECTIVE INTERNAL CONTROLS OVER PAYROLL

Josephine Mathias. Kenneth J. Horowitz Phone: Ext

Enterprise Risk Management

How To Audit A Financial Statement

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

BAHRAIN TELECOMMUNICATIONS COMPANY B.S.C. AUDIT COMMITTEE CHARTER

GODADDY INC. CORPORATE GOVERNANCE GUIDELINES. Adopted as of February 3, 2015

7/22/2014. From Treadway To the Cube ( ) So, Who is COSO? What Does COSO Do?

GAO. Government Auditing Standards Revision. By the Comptroller General of the United States. United States Government Accountability Office

Internal Audit Framework

RISK MANAGEMENT POLICY

COSO Framework 2013 & SOX Compliance. Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

ACNB CORPORATION & SUBSIDIARIES BOARD AUDIT COMMITTEE CHARTER

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

M-IC. Comptroller of the Currency Administrator of National Banks. Internal Control. Comptroller s Handbook. January 2001.

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

JAZZ PHARMACEUTICALS PLC CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

BRISBANE BRONCOS LIMITED AUDIT AND RISK MANAGEMENT CHARTER

October 21, Ms. Joan A. Cusack Chairwoman NYS Crime Victims Board 845 Central Avenue, Room 107 Albany, New York

Lauren Sundararajan, CFE, Internal Audit Manager

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS

An Investment Company Director s Guide to. Oversight of. Codes of Ethics. and. Personal Investing INVESTMENT COMPANY INSTITUTE

Internal Control Integrated Framework. May 2013

Transcription:

Summary of Internal Control-Integrated Framework by COSO: COSO stands for Commission of Sponsoring Organizations a private commission chartered to research and report on improving quality of financial reporting through business ethics, effective internal controls and corporate governance. The sponsoring organizations of COSO were American Institute of Certified Public Accountants, the Institute of Internal Auditors, Financial Executive International, Institute of Management Accountants, and American Accounting Association. COSO has prepared a document in 1992 on the Internal Controls-Integrated Framework. Because, Internal control has different meanings to different parties, COSO tries to establish a common definition and standard that can serve such parties. Under COSO s report, (quoted from July 1994 Edition of COSO Internal Controls-Integrated Framework, COSO Report ), Internal Control is broadly defined as a process, effected by an entity s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations. Reliability of financial reporting. Compliance with applicable laws and regulations. The first categories address an entity s basic business objective, including performance and profitability goals and safeguarding of resources. The second relates to the preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements, such as earnings, reported publicly. The third deals with complying with those laws and regulations to which the entity is subject. These distinct but overlapping categories address different needs and allow a directed focus to meet the separate needs. As defined in COSO Report, Internal Control consists of five interrelated components, Monitoring, Information & Communication, Control Activities, Risk Assessment, Control Environment, as illustrated and defined below: Source: COSO Internal Control-Integrated Framework The definition of the above components as set forth in the COSO Report and quoted herein are as follows:

Control Environment- The core of any business is its people- their individual attributes, including integrity, ethical values and competence-and the environment in which they operate. They are the engine that drives the entity and the foundation on which everything rests. Risk Assessment- The entity must be aware of and deal with the risks it faces. It must set objectives, integrated with the sales, production, marketing, financial and other activities so that the organization is operating in concert. It also must establish mechanisms to identify, analyze and manage the related risks. Control Activities- Control policies and procedures must be established and executed to help ensure that the actions indemnified by management as necessary to address risks to achievement of entities objectives are effectively carried out. Information and communication- Surrounding these activities are information and communication systems. These enable the entity s people to capture and exchange the information needed to conduct, manage and control its operations. Monitoring- The entire process must be monitored, and modifications made as necessary. In this way, the system can react dynamically, changing as conditions warrant.

Summary of Internal Control-Integrated Framework-Control Environment The control Environment is influenced by the style of management, the competence of the employees and positive ethical values of the corporation, which are determined by the board of directors and get implemented all the way to the functional units. The integrity and ethical values of a corporation are important factors in designing, administering and monitoring of all other internal control components of an organization. The board of directors and its audit committee significantly influence the control environment of a corporation. The level of independence of the board members and it audit committee from executive management team, the extent of board members oversight over the operations of the company and questioning management s performance are important factors in the designing an internal control system for a corporation. The report of the National Commission on Fraudulent Financial Reporting (National Commission on Fraudulent Financial reporting, 1987) suggested that certain organizational factors could influence the likelihood of fraudulent and questionable financial reporting. According to this report the level of Incentives and Temptations created by the management style of a corporation can affect the ethical behavior of an organization. These factors as cited in COSO Report are described blow: Incentives: o Pressure to meet unrealistic performance targets, particularly shortterm results. o High performance-dependent rewards. o Upper and lower cutoff on bonus plans. Temptations: o Nonexistence or ineffective controls, such as poor segregation of duties in sensitive areas that offer temptations to steal or to conceal poor performance. o High decentralization that leaves top management unaware of actions taken at lower organizational levels and thereby reduces the chances of getting caught. o A weak internal audit function that does not have the ability to detect and report improper behavior. o An ineffective board of directors that does not provide objective oversight of top management. o Penalties for improper behavior that are insignificant or unpublicized and thus lose their value as deterrents. The following chart illustrates the Role of Responsibilities of parties involved in the establishing the Control Environment:

Board of Directors & Audit Committee (Governance, Guidance & Oversight) CEO (Ultimate Responsibility & Ownership) Integrity & Ethics Leadership & direction Set Positive Control Environ. Senior/Executive Management (Assign Specific Internal Control Policies & Procedures to Functional Units)

Summary of Internal Control-Integrated Framework-Risk Assessment According to COSO Report, every entity faces a variety of risks from external and internal sources that must be assessed at entity-wide and activity levels throughout its operation. Examples of external factors affecting the entity s risks are technological development, changing customer needs, changes in competition pressures, new legislations, natural catastrophes, and economical changes. Examples of internal factors affecting the entity s risk are disruptions in information processing systems, quality of personnel hired, a change in management responsibilities, nature of entity s activities, employees accessibility to assets, and unassertive on ineffective board or audit committee. In summary, the following are the steps that need to taken by the management to assess its risks: Establishment of company s risk to achieve its objectives. Identification, analysis and assessment of Risks to achieve objectives. Assessment of Risks from internal and external sources at both the entity and the activity levels. Assessment of Risks related to change in conditions. Assessment of financial impacts of Risk Analysis on financial statements.

Summary of Internal Control-Integrated Framework-Control Activities According to COSO Report, control activities are policies and procedures to implement management directives. Control activities can be divided into three types of activities; operation, financial reporting and compliance. Control activities consist of preventive controls, detective controls, manual controls, computer controls, and management controls. Control activities are generally handled by entity s personnel in the following ways; Top Level Reviews, Direct functional or Activity Management, Information processing, Physical Controls, Performance Indicators and Segregation of Duties. In summary, Control Activities consist of the following: Policies/procedures that ensure management directives are carried out Control activities occur throughout the company at all levels and functions. Control activities include approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties Control activities cover controls over IT infrastructure, and software security, including legal/contract activities and off-balance sheet transactions The following flow charts depict the activities of an entity at various levels: (Source: from COSO Evaluation tools)

Summary of Internal Control-Integrated Framework- Information and communication According to COSO Report, Information is needed in all levels of an organization to run the business, and move towards achievement of the entity s objectives in all categories (operations, financial reporting and compliance). The quality of system-generated information affects management s decision. The quality of information includes ascertaining whether the content is appropriate, and the information is timely, current, accurate and accessible to the appropriate parties. Communication is inherent in the information system and must take place in a broader sense dealing with expectations, responsibilities of individuals and groups. In summary, Information and Communication consist of the following: All personnel must receive a clear message from top management to take control activities seriously Information needed by personnel to do their job must be timely identified, captured and communicated to them. Access to internal (operational, financial, and compliance) reports must be provided to employees to perform their tasks External communication with customers, suppliers, regulators, investors and shareholders must be part of the Framework Effective upstream communications by employees of their findings must be established

Summary of Internal Control-Integrated Framework- Monitoring According to COSO Report, Internal control systems change over time. Once-effective procedures can become less effective or perhaps are no longer performed. Monitoring ensures that the internal control continues to operate effectively. Monitoring can be done in two ways: through ongoing activities or separate evaluations. Internal control systems usually will be structured to monitor themselves on an ongoing basis. The greater the degree of effectiveness of ongoing monitoring, the less need for separate evaluation exists. In summary, Monitoring consists of the following: Internal control systems need to be monitored over time to assess their quality and performance Combination of ongoing and separate evaluation of Internal Control Systems must be conducted by management Management and supervisory activities are required to be evaluated and monitored on an ongoing basis Audit of Internal Control Systems needs to done by management to ensure the internal control are functioning as expected

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information