1 / 26

COSO Framework

COSO Framework. What is COSO?. Committee of Sponsoring Organization (COSO) voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. Defining Internal Control - COSO.

shanae
Download Presentation

COSO Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COSO Framework

  2. What is COSO? • Committee of Sponsoring Organization (COSO) • voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance.

  3. Defining Internal Control - COSO • A process effected by an agency’s senior management and other personnel – designed to provide reasonable assurance regarding the achievement of objectives in • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with laws and regulations • This process could assist in achieving: • Operating objectives • Safeguarding of assets • Reliable financial statements and reports • Compliance with applicable laws and regulations

  4. Redefine the Control Focus

  5. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  6. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  7. The Control Environment • sets the tone of an agency, influencing the control consciousness of its people • the foundation for all other components of internal control • “Tone at the Top”

  8. The Control Environment Factors to Consider in Assessing Control Environment • Integrity, ethical values and behavior of key executives • Management’s consciousness and operating style • Commitment to competence • Organizational structure and assignment of authority and responsibility • Human resources policies and practices

  9. The Control Environment • Integrity and ethical values • Foundation for effective control • Core values set and communicated by auditee management • Code of Ethics/Conduct • Product of the auditee’s ethical and behavioral standards, how they are communicated and monitored • Management’s control consciousness and operating style • Importance management attaches to internal controls • For the most part, an intangible • A management attitude

  10. The Control Environment • Commitment to competence • Existence of clear job descriptions • Consideration of competence levels for particular jobs • Assessment of employees’ requisite knowledge and skills • Nature and degree of judgment to be applied on the job and extent of supervision

  11. The Control Environment • The organizational structure and assignment of authority and responsibility • Segregation of incompatible duties • Clear lines of responsibility and accountability • How decentralized operations are monitored • Establishing and monitoring policies and procedures • Establishing and monitoring performance measures • Human resources and policies • HR policies relating to hiring, training, evaluating, counseling, promoting and compensating personnel • Competence and integrity of organization’s personnel

  12. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  13. Risk Assessment • The process for identifying, analyzing and managing risks is a critical component of an effective internal control system • Identify • Analyze • Manage Auditee and process or activity level Risks

  14. Risk Assessment • Examples of circumstances requiring special attention • Changed regulatory/political environment • New personnel, high turnover, job rotations • New information systems/ technology • New products/services, lines, activities

  15. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  16. X Company Control Activities • Policies • Regulations • Procedures …that help ensure that management’s directives and control objectives are carried out

  17. X Company Control Activities • Do policies and procedures exist? • Is there a planning and reporting system in place? • Does auditee management review variances and takes corrective actions if needed? • Are there adequate safeguards in place to prevent unauthorized access? • Are duties divided logically through appropriate set up of IT applications?

  18. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  19. Information and Communication • The process of capturing and exchanging information needed to conduct, manage and control the auditee’s operations • Does the IT system provide auditee management with necessary reports on performance relative to goals? • Are information provided to the right people in sufficient detail and on time? • Does auditee management communicate employee’s duties and control activities in an effective manner? • Does auditee management take timely and appropriate follow up on communications received internally and externally?

  20. Information and Communication Communication – in all directions Upward- to provide auditee management at all levels Feedback on decisions and performance Have we effectively communicated control responsibilities to all employees? Sideways- across Organization lines Downward- to provide employees clear Guidance and direction

  21. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  22. Monitoring • Assessment of internal control performance over time; accomplished by: • Ongoing Monitoring Activities • Separate Evaluations • Reporting Deficiencies

  23. Monitoring • Ongoing Monitoring Activities • Management and supervisory activities • Separate Evaluations • Risk/ Control Self Assessments • Internal Audit • Reporting Deficiencies • Exception Reports • Communication from regulators

  24. Overall Assessment of Internal Control • Reaching conclusions about an auditee’s internal control (at the entity level) involves a high degree of subjectivity due to the intangible nature of factors to consider • Requires considerable professional judgment • The fact remains that the best policies and structure are worthless if the will to make them work is lacking

  25. Two Important Questions in Assessing Internal Control • Has the auditee management created a control environment in which people are motivated to comply with controls rather than ignore or circumvent them? • Has the auditee installed the necessary control mechanisms to monitor and correct non-compliance and are the mechanisms functioning effectively?

  26. ? Questions

More Related