Scribd Logo
Upload

Welcome to Scribd!

  • Module 5

    Uploaded by

    Renelyn Filoteo
    4 views4 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views4 pages

    Module 5

    Uploaded by

    Renelyn Filoteo

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Institute of Business & Accountancy

    Operational Audit
    BSA4A

    What is a Control Framework?

    A control framework is a conceptual basis for formulating a set of controls for an organization.
    This set of controls is intended to minimize risk through the use of practices and procedures in
    a coordinated manner. The best-known control framework is the Integrated Framework, which
    was developed by the Committee of Sponsoring Organizations (COSO) of the Treadway
    Commission.

    COSO FRAMEWORK

    COSO is a committee composed of


    representatives from five organizations:

    1. American Accounting Association


    2. American Institute of Certified Public
    Accountants
    3. Financial Executives International
    4. Institute of Management
    Accountants
    5. Institute of Internal Auditors

    The original COSO framework was developed in 1992, with the most recent version published in
    2013. To understand the framework, you must understand what it covers. According to COSO,
    internal control:

     Focuses on achieving objectives in operations, reporting and/or compliance


     Is an ongoing process
     Depends on people’s actions, not merely written policies and procedures
     Provides assurance senior management of security to a reasonable degree
     Can be adapted to the needs of the whole organization as well as each department, unit
    or process

    Ref: Internal Control—Integrated Framework (Framework), © [2013] Committee of Sponsoring


    Organizations of the Treadway Commission (COSO).
    Institute of Business & Accountancy
    Operational Audit
    BSA4A

    OBJECTIVES OF COSO FRAMEWORK

    The COSO framework divides internal control objectives into three categories: operations,
    reporting and compliance.

    Operations objectives, such as performance goals and securing the organization’s assets
    against fraud, focus on the effectiveness and efficiency of your business operations.

    Reporting objectives, including both internal and external financial reporting as well as non-
    financial reporting, relate to transparency, timeliness and reliability of the organization’s
    reporting habits.

    Compliance objectives are internal control goals based around adhering to laws and
    regulations that the organization must comply with.

    COMPONENTS OF INTERNAL CONTROL

    The COSO framework further teaches that there are five components to an internal control
    system. First, control environment is the “set of standards, processes, and structures that
    provide the basis for carrying out internal controls across the organization.” This component
    includes your:

     Ethical values
     Organizational structure
     Commitment to employing competent employees
     Human resources policies

    Next, risk assessment involves your organization’s analysis of the risks posed by internal and
    external changes, the ability to establish objectives and determine their suitability for your
    business and the process for weighing risks versus risk tolerances.

    Control activities are the tasks and activities (laid out by organizational policies and
    procedures) that help you achieve your internal control objectives. These include actions such
    as “authorizations and approvals, verifications, reconciliations, and business performance
    reviews.”

    The information and communication component recognizes these two things as essential to
    any internal control system. COSO stresses the importance of relevant and high-quality
    information to control functions. Internal messages emphasizing the importance of control

    Ref: Internal Control—Integrated Framework (Framework), © [2013] Committee of Sponsoring


    Organizations of the Treadway Commission (COSO).
    Institute of Business & Accountancy
    Operational Audit
    BSA4A

    responsibilities, in addition to clear communication of expectations with external parties, is key


    to a strong system.

    Finally, monitoring your internal controls is just as important as establishing them. Use
    ongoing evaluations built into your business processes as well as regular separate evaluations,
    which will vary based on your level of risk, system effectiveness and regulation requirements.

    17 PRINCIPLES OF COSO

    Developing Your Organization’s Internal Control System

    The COSO framework explains that “an effective system of internal control reduces, to an
    acceptable level, the risk of not achieving” objectives. When developing your system, make sure
    that:

     All five components are present and working properly


     The five components work together as an integrated system

    Ref: Internal Control—Integrated Framework (Framework), © [2013] Committee of Sponsoring


    Organizations of the Treadway Commission (COSO).
    Institute of Business & Accountancy
    Operational Audit
    BSA4A

     It allows the organization to predict external circumstances that could impair the
    achievement of your objectives and prepare for them appropriately
     It follows reporting regulations, rules and standards
     It complies with applicable laws, regulations, etc.

    Using the COSO Framework

    After reading the COSO framework, senior management and other decision-makers in your
    organization should use it to assess your current internal control system. Does your system
    meet all of the effectiveness standards? If not, make plans on how to improve it according to
    COSO’s model.

    Lower-level managers and employees should also familiarize themselves with the COSO
    framework. Offer suggestions based on the document to senior management. Put together a
    committee of employees at all levels to brainstorm ideas for a stronger internal control system.

    In addition, every employee should take their role in preventing fraud seriously. Conduct your
    work in a way that supports the COSO framework. For example, follow anti-fraud policies
    without exception and always file timely, accurate reports.

    COSO Framework Limitations

    The COSO framework is a great place to start when designing or modifying a system of internal
    controls. However, it is not without limitations.

    They also mention that “proper execution of the COSO framework is dependent on the ability to
    establish a strong, formal control environment; however, the framework provides minimal
    implementation guidance.” Small businesses and startups may feel overwhelmed and
    unsupported, leading them to use a model with a more detailed framework instead.

    In addition, the COSO framework is not designed well to deal with objectives that fall under
    multiple categories. Not every task fits neatly into either operations, reporting or compliance.

    Ref: Internal Control—Integrated Framework (Framework), © [2013] Committee of Sponsoring


    Organizations of the Treadway Commission (COSO).

    You might also like