Enterprise Risk Management Take a Close Look at COSO’s New Internal Control Framework.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper...
-
Upload
rebecca-oliver -
Category
Documents
-
view
213 -
download
0
Transcript of Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper...
Internal Control
COSO’s FrameworkCommittee of Sponsoring
Organizations• 1992 issued a white paper on
internal control• Since this time, this
framework has been incorporated into US auditing standards
Internal control that provides reasonable assurance regarding achievement of objectives in the following categories.
• Effective and efficient operations• Reliable financial reporting • Compliance with applicable laws and regulations
Components of Internal Control
• Control Environment• Risk Assessment• Control Activities• Information and
Communication • Monitoring
Control Environment
• Integrity and ethical values• Commitment to competence• Participation of board of directors or
audit committee• Management’s philosophy and
operating style• Organizational structure • Assignment of authority and
responsibilities • Human resource policies and
practices
Risk Assessment
• Changes may occur in the operating environment
• New personnel may become involved • Information systems may change• Rapid growth • New technologies • New products or services • Restructuring • Foreign operations • New accounting pronouncements
Control Activities
• Segregation of duties • Proper authorization • Assets safeguarded • Compare actual to books• Employees of integrity • Record properly and on a
timely basis
Information and Communication
• Identify and record all valid transactions
• Provide timely description of transactions
• Properly measure transactions • Record transactions in a timely
manner
Monitoring
Assess controls on a timely basis and make modifications when appropriate.
Use internal auditors to review
Test controls
Other factors to consider
• Size of organization• Ownership characteristics • Nature of business• Diversity and complexity of
activities• Data processing methods • Legal and regulatory
environment of the business
Under Sarbanes Oxley Act
• CEO and CFO certification • Internal control report • Document system so others
can review• SEC will review every 3 years
CEO, CFO Certification
• Explicitly must evaluate and report on effectiveness of internal control
• Disclose to audit committee any material deficiencies in financial controls
• Report any changes in IC• Report any corrective actions
CEO, CFO Report
• Assess effectiveness within 90 days of filing dates
• Design disclosure controls and procedures
“ ..are intended to cover a broader range of information than is covered by internal controls related to financial reporting.. They are intended to ensure that an issuer maintains commensurate procedures for gathering, analyzing and disclosing all information that is required to be disclosed…”
Internal Control Report
• A part of annual report • Management responsible for
internal control • States a conclusion on the
effectiveness of IC • External auditor has to attest
to company’s internal control under PCAOB rules