KiTCB-Nhóm 5

INTERNAL CONTROL
AND COSO
FRAMEWORK
GROUP 5
Contents
01 Mission of COSO
02 Internal control
Management and auditor

03 responsibilities for internal
control
Contents
01 Mission of COSO
02 Internal control
Management and auditor

03 responsibilities for internal
control
01. Mission of COSO:
- The Committee of Sponsoring Organizations of the Treadway
Commission (COSO) is a joint initiative of five professional
organizations:
 American Accounting Association (AAA)
 American Institute of Certified Public Accountants (AICPA)
 Financial Executives International (FEI)
 Institute of Management Accountants (IMA)
 Institute of Internal Auditors (IIA)
01. Mission of COSO:
“…To provide thought leadership through the

development of comprehensive frameworks and
guidance on enterprise risk management,
internal control and fraud deterrence designed
to improve organizational performance and
governance and to reduce the extent of fraud in
organizations.”
02. Internal control:
2.1 Definition
2.2 The components of Internal Control system

2.1 Definition
- Internal control is defined in the 2013 COSO Framework

as “a process, affected by an entity’s board of directors,
management, and other personnel, designed to provide
reasonable assurance regarding the achievement of
objectives relating to operations,reporting, and
compliance.”
ed
ezzl
Op
era 2.1 Definition emb
tin d
ga n an
los
to le rty
s S ope
pr
1. Effectiveness and efficiency of
operations.
2. Reliability of financial reporting.
h 3. Compliance with applicable
e wi t laws and regulations. (VSA 315)
l i a nc and
comp laws Fin
a
t le nci
No licab ns al rep
app ulatio orti
reg ng
We need to issue actions,
procedures and policies to
prevent possible risks
2.1 Definition
- An effective IC can only provide a reasonable assurance in
achieving organization's objectives. This is due to the
limitations of IC :
• The potential for human error
• Collusion between employees
• The possibility of controls being by-passed or overridden
by management
• The costs of control not outweighing their benefit
2.2.1. Control environment:

- The control environment consists of the actions, policies, and procedures
that reflect the overall attitudes of top management, directors, and owners
of an entity about internal control and its importance to the entity.
- The control environment sets the tone of an organization, influencing the
control consciousness of its people.

- The five principles related to the control environment include:
1. Demonstrates commitment to integrity and ethical values;
2. An independent board of directors that is responsible for oversight of
internal controls;
3. Establishing appropriate structures and reporting lines;
4. A commitment to attracting, developing, and retaining competent
personnel;
5. Holding individuals accountable for internal control responsibilities.

2.2.2. Risk assessment:

- The four principles related to risk assessment are that the organization should
have:
1. Clear objectives in order to be able to identify and assess the risks relating to
those objectives
2. Determine how the risks should be managed
3. Consider the potential for fraudulent behavior
4. Monitor changes that could impact internal controls
2.2.2. Risk assessment:

- The entity’s risk assessment process:
2.2.3. Control activities:

- Control activities are the actions established by the policies and procedures
to help ensure that management directives to mitigate risks to the
achievement of objectives are carried out

There are 5 types of control activities:
 Adequate separation of duties
 Proper authorization of transactions and activities
 Adequate documents and records
 Physical control over assets and records
 Independent checks on performance

 Adequate separation of duties
- Segregation implies a number of people being involved in the accounting
process to reduce the risk of fraud and errors.
- Segregation should take place in various ways:
o Segregation of function: segregation of carrying out of a traction, recording
that transaction and maintaining custody of assets that arise from the
transaction.
o Segregation of various steps in carrying out a transaction
o The carrying out of various accounting operations should be segregated

 Proper authorization of transactions and activities
- Transactions should be approved by an appropriate person before being
carried out.
- An organization should combine these two types of authorization:
o General authorization: means approval for general policies for
transactions being carried out.
o Specific authorization: relates to individual transactions.

- Documents and records are the records upon which transactions are
entered and summarized such as sales invoices, purchase orders, subsidiary
records, sales journals, and employee time reports.
- Adequate documents are essential for correct recording of trans - actions
and control of assets.

- Certain principles dictate the proper design and use of documents and
records.
o Prenumbered consecutively
o Prepared at the time a transaction takes place, or as soon as possible
o Designed for multiple use
o Constructed in a manner that encourages correct preparation

 Physical control over assets and records
- To maintain adequate internal control, assets and records must be
protected. The most important type of protective measure for safeguarding
assets and records is the use of physical precautions.
o Physical security
o Limiting access to computer programme and data files
o Limiting physical access to assets and records

 Independent checks on performance
- The last category of control activities is the careful and continuous review of
the other four, often called independent checks or internal verification.
- Personnel responsible for performing internal verification procedures must
be independent of those originally responsible for preparing the data.
2.2.4. Information and communication:
Information is
necessary for the
entity to carry out
internal control
responsibilities in
support of the
achievement of its
objectives.
Communication occurs both

Information is
internally and externally and
necessary for the
provides the organization with the
entity to carry out
information needed to carry out day-
internal control
to-day internal control activities.
responsibilities in
Communication enables personnel to
support of the
understand internal control
achievement of its
responsibilities and their importance
objectives.
to the achievement of objectives.
Communication occurs both

Information is
internally and externally and
necessary for the
provides the organization with the
entity to carry out
information needed to carry out day-
internal control
to-day internal control activities.
responsibilities in
Communication enables personnel to
support of the
understand internal control
achievement of its
responsibilities and their importance
objectives.
to the achievement of objectives.

- The principles related to information and communication include:
 uses relevant information
 communicates internally
 communicates externally
2.2.5. Monitoring activities:

- Monitoring ensures that internal control continues to operate effectively.
This process involves assessment by appropriate personnel of the design and
operation of controls on a suitably timely basis, and the taking of necessary
actions. It applies to all activities within an organization, and sometimes to
outside contractors as well.

- The two principles related to monitoring activities include:
 Conducts ongoing and separate evaluations
• Ongoing evaluations are built into the routine operations and are
performed on a real-time basis.
• A separate evaluation is conducted periodically by objective management
personnel, internal audit, and external parties. The scope and frequency
of separate evaluations is a matter of management judgment

- The two principles related to monitoring activities include:
 Conducts ongoing and separate evaluations
 Evaluates and communicates deficiencies.
03. Management and auditor
responsibilities for internal control :
3.1 Management’s responsibilities for establishing Internal Control
Management must establish and maintain the entity’s internal controls. Two key
concepts underlie management’s design and implementation of internal control
Reasonable assurance Inherent limitations

A company should develop Internal controls can never be
internal controls that completely effective
provide reasonable, but not
absolute, assurance that the
financial statements are
fairly stated.

fairly stated.

fairly stated.
3.2 Auditor responsibilities for Understanding Internal Control
- VSA 315:
 The auditor should identify and assess risks of material misstatement, whether
due to fraud or error, based on an understanding of the entity and its
environment, including the entity’s internal control.
 The auditor should also evaluate the design of those controls and determine
whether they have been implemented.
Please indicate which part of the internal
control system each of the following controls
belongs to?
a. Managers always set an example and remind employees Controlled
environment
in the company to be honest and respect ethical values.
Information
Communication
Monitor
belongs to?
environment
Information
Communication
Monitor
belongs to?
environment
b. The job description of a sales accountant is developed in Information
Communication
detail, with specific instructions for sales accountants and
announced to relevant individuals and departments.
Monitor
belongs to?
environment
Communication
Monitor
belongs to?
environment
Communication
c. Supervisors observe whether employees are following Monitor
the time clock regulations on the card when entering the
company.
belongs to?
environment
Communication
c. Supervisors observe whether employees are following Monitor
the time clock regulations on the card when entering the
company.
THANKS FOR
LISTENING
Members
Phạm Minh Đức
Đinh Thị Yến Nhi
Nguyễn Ánh Nhi
Thân Thụy Thảo Nhi
Nguyễn Phương Quyên
Võ Hồng Xuân

KiTCB-Nhóm 5

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

KiTCB-Nhóm 5

Uploaded by

Copyright:

Available Formats

INTERNAL CONTROL

Management and auditor

Management and auditor

“…To provide thought leadership through the

2.2 The components of Internal Control system

- Internal control is defined in the 2013 COSO Framework

2.2.1. Control environment:

2.2.1. Control environment:

2.2.1. Control environment:

2.2.2. Risk assessment:

2.2.2. Risk assessment:

2.2.3. Control activities:

2.2.3. Control activities:

2.2.3. Control activities:

2.2.3. Control activities:

2.2.3. Control activities:

2.2.3. Control activities:

2.2.3. Control activities:

2.2.3. Control activities:

2.2.4. Information and communication:

2.2.4. Information and communication:

Communication occurs both

2.2.4. Information and communication:

Communication occurs both

2.2.4. Information and communication:

2.2.5. Monitoring activities:

2.2.5. Monitoring activities:

2.2.5. Monitoring activities:

Reasonable assurance Inherent limitations

Reasonable assurance Inherent limitations

Reasonable assurance Inherent limitations

You might also like