PRESENTING

COSO
FRAMEWORK
ITDC 14a (Stub Code 98)
 PRESENTING

COSO
FRAMEWORK
ITDC 14a (Stub Code 98)
 GROUP COMPOSITION

LEADER MEMBER MEMBER MEMBER

Nicholas Daenielle Daypuyart Princess Gift Parcon Christian Jay Omero Justine Pascual

 Scope of the Presentation

WHAT WE'RE ABOUT TO DISCUSS...

What is a What is COSO? History and Internal Control Internal Control

Framework? Definition of the Goals Components
COSO Framework
 Scope of the Presentation
WHAT WE'RE ABOUT TO DISCUSS...

Developing the Using the COSO COSO Framework

Internal Control Framework Limitations
System
WHAT IS
A FRAMEWORK?
ITDC 14a
What is a Framework?
IT GOVERNANCE
It is that which defines the ways and methods through
which an organization can implement, manage and
monitor IT governance within an organization.

It provides guidelines and measures to effectively

utilize IT resources and processes within an
organization.
WHAT IS
COSO?
ITDC 14a
What is COSO?
IT GOVERNANCE
COSO is a committee composed of representatives from five organizations:

American Accounting Association

American Institute of Certified Public Accountants
Financial Executives International
Institute of Management Accountants
Institute of Internal Auditors

Together, the COSO board develops guidance documents that help organizations with risk
assessment, internal controls and fraud prevention. Their vision is to “be a recognized thought
leader in the global marketplace on the development of guidance in the areas of risk and
control which enable good organizational governance and reduction of fraud.”
The COSO FRAMEWORK
ITDC 14a
What is the COSO FRAMEWORK?
HISTORY AND INFORMATION
Fraud deterrence was the main impetus behind the formation of the Committee of Sponsoring
Organizations of the Treadway Commission (COSO) and its 1992 framework for internal control:

Originally, the Committee of Sponsoring Organizations, or COSO, was organized in 1985 to

sponsor the National Commission on Fraudulent Reporting (NCFR). Its member organizations
were the American Accounting Association (AAA), American Institute of Certified Public
Accountants (AICPA), Financial Executives International (FEI), Institute of Management
Accountants (IMA), and the Institute of Internal Auditors (IIA).

As its name implies, the NCFR formed to study why and how fraudulent financial reporting at
organizations occur, and to recommend ways to reduce it. The NCFR’s 1987 report focused on
internal financial controls, shining a light for perhaps the first time on this important topic. It
also pointed out that there was no standard definition of “internal control,” and began a project
to create one.

What is the COSO FRAMEWORK?

HISTORY AND INFORMATION
The original COSO framework was developed in 1992, with the most recent version published
in 2013. To understand the framework, you must understand what it covers. According to
COSO, internal control:

Focuses on achieving objectives in operations, reporting and/or compliance

Is an ongoing process
Depends on people’s actions, not merely written policies and procedures
Provides assurance senior management of security to a reasonable degree
Can be adapted to the needs of the whole organization as well as each department, unit or
process
COSO FRAMEWORK
The "COSO CUBE"
ITDC 14a
COSO FRAMEWORK
THE "COSO CUBE"

The image of the cube shows the relationship between

all the parts of an effective internal control system.

The columns are the three objective categories

(operations, reporting and compliance).

The rows consist of the five components. Your

organizational structure fits into the third dimension of
the cube.

COSO FRAMEWORK
INTERNAL CONTROL GOALS
ITDC 14a
COSO FRAMEWORK
INTERNAL CONTROL GOALS
The COSO framework divides internal control objectives into three categories:

Operations
Reporting
Compliance.

Operations objectives, such as performance goals and securing the organization’s assets
against fraud, focus on the effectiveness and efficiency of your business operations.
Reporting objectives, including both internal and external financial reporting as well as non-
financial reporting, relate to transparency, timeliness and reliability of the organization’s
reporting habits.
Compliance objectives are internal control goals based around adhering to laws and
regulations that the organization must comply with.
COSO FRAMEWORK
INTERNAL CONTROL COMPONENTS
ITDC 14a
COSO FRAMEWORK
INTERNAL CONTROL COMPONENTS
The COSO framework further teaches that there are five components to an internal control
system.

Control environment
Risk assessment
Control activities
Information and communication
Monitoring activities
COSO FRAMEWORK
INTERNAL CONTROL COMPONENTS

Control environment - is the “set of standards, processes, and structures that provide the basis
for carrying out internal controls across the organization.” This component includes your:

Ethical values
Organizational structure
Commitment to employing competent employees
Human resources policies
COSO FRAMEWORK
INTERNAL CONTROL COMPONENTS
Risk assessment - involves your organization’s analysis of the risks posed by internal and
external changes, the ability to establish objectives and determine their suitability for your
business and the process for weighing risks versus risk tolerances.

Control activities - are the tasks and activities (laid out by organizational policies and
procedures) that help you achieve your internal control objectives. These include actions such
as “authorizations and approvals, verifications, reconciliations, and business performance
reviews.”
COSO FRAMEWORK
INTERNAL CONTROL COMPONENTS
Information and Communication Component - recognizes these two things as essential to
any internal control system.

COSO stresses the importance of relevant and high-quality information to control functions.
Internal messages emphasizing the importance of control responsibilities, in addition to clear
communication of expectations with external parties, is key to a strong system.

Monitoring Activities - your internal controls is just as important as establishing them. Use
ongoing evaluations built into your business processes as well as regular separate evaluations,
which will vary based on your level of risk, system effectiveness and regulation requirements.
COSO FRAMEWORK
INTERNAL CONTROL COMPONENTS CHARACTERISTICS
COSO FRAMEWORK
THE COSO COVERAGE AREAS
ITDC 14a
COSO FRAMEWORK
THE COSO COVERAGE AREAS
One of the three sides of the “COSO cube,” a three-dimensional illustration of how the COSO
internal control framework may be applied, lists the areas of an entity to which COSO might be
applied to achieve operational, financial, and compliance objectives:

ENTITY LEVEL
DIVISION
OPERATING UNIT
FUNCTION
COSO FRAMEWORK
THE COSO COVERAGE AREAS
These four coverage area criteria correlate to the top-down structure of a typical organization.
They establish that the COSO framework can be used to gauge the effectiveness of controls
for an enterprise as a whole or at the division, operating unit, or function level—and that control
activities should take place at all these levels.

The higher the level, the more abstract their relation to financial reporting activities. Entity-
level controls often have an indirect relationship to financial statements, and so can be harder
to quantify than more direct process-level controls. Entity-level controls also tend to vary
according to an organization’s complexity and risk profile, and so must be evaluated
qualitatively as opposed to qualitatively.
COSO FRAMEWORK
DEVELOPING THE INTERNAL
CONTROL SYSTEM
ITDC 14a
COSO FRAMEWORK
DEVELOPING THE INTERNAL CONTROL SYSTEM
The COSO framework explains that “an effective system of internal control reduces, to an
acceptable level, the risk of not achieving” objectives. When developing your system, make
sure that:

All five components are present and working properly

The five components work together as an integrated system
It allows the organization to predict external circumstances that could impair the
achievement of your objectives and prepare for them appropriately
It follows reporting regulations, rules and standards
It complies with applicable laws, regulations, etc.

COSO recognizes that, while its framework should help you design a fraud-deterring system of
internal controls, it’s not without limitations. For example, even the strongest system can’t
prevent human error, bad judgement and external events that are beyond your control.
COSO FRAMEWORK

USAGE
ITDC 14a
COSO FRAMEWORK
USAGE AND THINGS TO NOTE
After understanding the COSO framework, senior management and other decision-makers in
the organization should use it to assess the current internal control system. Does the system
meet all of the effectiveness standards? If not, make plans on how to improve it according to
COSO’s model.

Lower-level managers and employees should also familiarize themselves with the COSO
framework. Offer suggestions based on the document to senior management. Put together a
committee of employees at all levels to brainstorm ideas for a stronger internal control system.

In addition, every employee should take their role in preventing fraud seriously. Conduct your
work in a way that supports the COSO framework. For example, follow anti-fraud policies
without exception and always file timely, accurate reports.
COSO FRAMEWORK

LIMITATIONS
ITDC 14a
COSO FRAMEWORK
LIMITATIONS
The framework is intentionally broad in order to apply to a wide array of industries and
processes. This feature can be problematic, though, for “more complex businesses (e.g., those
with varied operations and complex data systems)”

- according to experts from East Carolina University.

Proper execution of the COSO framework is dependent on the ability to establish a strong,
formal control environment; however, the framework provides minimal implementation
guidance.” Small businesses and startups may feel overwhelmed and unsupported, leading
them to use a model with a more detailed framework instead.

In addition, the COSO framework is not designed well to deal with objectives that fall under
multiple categories.
COSO FRAMEWORK

SUMMARY
ITDC 14a
COSO FRAMEWORK
SUMMARY

If you’re looking to create a system of internal controls or improve

upon your current one, the COSO framework is one worthy option.
SOURCES:
https://whatis.techtarget.com/definition/COSO-cub

https://reciprocity.com/guide-to-coso-framework-and-compliance/

https://www.techopedia.com/definition/30607/it-governance-framework

https://i-sight.com/resources/coso-framework-what-it-is-and-how-to-use-it/

END OF PRESENTATION
Q & A SEGMENT
QUESTIONS

What is the set of standards, processes, and structures that

provide the basis for carrying out internal controls across the
organization?”
QUESTIONS

What does COSO mean / stand for?

QUESTIONS

In what year was COSO framework developed?

 QUESTIONS
T/F

Can Internal control be adapted to the needs of the whole organization as

well as each department, unit or process?
QUESTIONS
T/F

The rows in the coso cube consists of operations, reporting and

compliance.
QUESTIONS

What are the internal control goals based around adhering to laws
and regulations that the organization must comply with?
QUESTIONS
T/F
COSO stresses the importance of relevant and high-quality
information to control functions. Internal messages emphasizing
the importance of control responsibilities, in addition to clear
communication of expectations with external parties, is key to a
strong system.
QUESTIONS
T/F

The COSO framework explains that “an ineffective system of internal

control reduces, to an acceptable level, the risk of not achieving”
objectives.
QUESTIONS
T/F

The COSO framework is designed well and could be utilized to deal

with objectives that fall under multiple categories.
QUESTIONS
T/F
The higher the level, the more abstract their relation to financial
reporting activities. Entity-level controls often have an indirect
relationship to financial statements, and so can be harder to
quantify than more direct process-level control
THANK YOU!

-END-