Embed Size (px)
Citation preview
www.theiia.org
A Framework for Control
COSO’s five components of internal control and questions
too important to ignore
www.theiia.org
What is COSO?
www.theiia.org
What is COSO?
COSO, the Committee of Sponsoring Organizations of the Treadway Commission, is a private sector initiative established in 1985 by
five financial professional associations.
www.theiia.org
Who?
www.theiia.org
Who?
• The Institute of Internal Auditors
www.theiia.org
Who?
• The Institute of Internal Auditors• American Institute of Certified
Public Accountants
www.theiia.org
Who?
• The Institute of Internal Auditors• American Institute of Certified
Public Accountants• American Accounting Association
www.theiia.org
Who?
• The Institute of Internal Auditors• American Institute of Certified
Public Accountants• American Accounting Association• Institute of Management
Accountants
www.theiia.org
Who?• The Institute of Internal Auditors• American Institute of Certified
Public Accountants• American Accounting Association• Institute of Management
Accountants• Financial Executives Institute
www.theiia.org
Why?
www.theiia.org
Why?
COSO’s goal is to improve the quality of financial reporting
through a focus on corporate governance, ethical practices, and
internal control.
www.theiia.org
Definition of Internal Control
www.theiia.org
Definition of Internal Control
A process, effected by an entity's board of directors, management, and other personnel, designed to
provide reasonable assurance regarding the achievement of
objectives.
www.theiia.org
Categories of Internal Control
www.theiia.org
Categories of Internal Control
• Effectiveness and efficiency of operations
www.theiia.org
Categories of Internal Control
• Effectiveness and efficiency of operations
• Reliability of financial reporting
www.theiia.org
Categories of Internal Control
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
www.theiia.org
Components of Internal Control
www.theiia.org
Components of Internal Control
1. Control Environment
www.theiia.org
Components of Internal Control
1. Control Environment
2. Risk Assessment
www.theiia.org
Components of Internal Control
1. Control Environment
2. Risk Assessment
3. Control Activities
www.theiia.org
Components of Internal Control
1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
www.theiia.org
Components of Internal Control
1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring
www.theiia.org
Ask the Right Internal Control Questions about:
www.theiia.org
ETHICS
www.theiia.org
ETHICS
1. Do board members and senior executives set a day-in, day-out example of high integrity and ethical behavior?
www.theiia.org
ETHICS
2. Is there a written code of conduct for employees, and is it reinforced by training, top down communications, and requirements for periodic written statements of compliance from key employees?
www.theiia.org
ETHICS
3. Are performance and incentive compensation targets reasonable and realistic, or do they create undue pressure on achievement of short-term results?
www.theiia.org
ETHICS
4. Is it clear that fraudulent financial reporting at any level and in any form will not be tolerated?
www.theiia.org
ETHICS
5. Are ethics woven into criteria that are used to evaluate individual and business unit performance?
www.theiia.org
ETHICS
6. Does management react appropriately when receiving bad news from subordinates and business units?
www.theiia.org
ETHICS
7. Does a process exist to resolve close ethical calls?
www.theiia.org
ETHICS
8. Are business risks identified and candidly discussed with the board
of directors?
www.theiia.org
RISK
www.theiia.org
RISK
1. Is relevant and reliable internal and external information identified, compiled, and communicated in a timely manner to those who are positioned to act?
www.theiia.org
RISK
2. Are risks identified and analyzed, and actions taken to mitigate them?
www.theiia.org
RISK
3. Are controls in place to assure that management decisions are properly carried out?
www.theiia.org
INTERNAL CONTROL
www.theiia.org
INTERNAL CONTROL
1. Do senior and line management executives demonstrate that they
accept control responsibility, not just delegate that responsibility to financial and audit staff?
www.theiia.org
INTERNAL CONTROL
2. Does management routinely monitor controls in process of running the organization’s operations?
www.theiia.org
INTERNAL CONTROL
3. Does management clearly assign responsibilities for training and monitoring of internal controls?
www.theiia.org
INTERNAL CONTROL
4. Are periodic, systematic evaluations of control systems conducted and documented?
www.theiia.org
INTERNAL CONTROL
5. Are such evaluations conducted by personnel with appropriate responsibilities, business experience, and knowledge of the organization’s affairs?
www.theiia.org
INTERNAL CONTROL
6. Are appropriate criteria established to evaluate controls?
www.theiia.org
INTERNAL CONTROL
7. Are control deficiencies reported to higher levels of management and corrected on a timely basis?
www.theiia.org
INTERNAL CONTROL
8. Are appropriate controls built in as new systems are designed and brought on stream?
www.theiia.org
AUDIT COMMITTEES
www.theiia.org
AUDIT COMMITTEES
1. Has the board recently reviewed adequacy of the audit committee’s written charter?
www.theiia.org
AUDIT COMMITTEES
2. Are audit committee members functioning and, in fact, independent of management?
www.theiia.org
AUDIT COMMITTEES
3. Do audit committee members possess an appropriate mix of operating and financial control expertise?
www.theiia.org
AUDIT COMMITTEES
4. Does the audit committee understand and monitor the broad organizational control environment?
www.theiia.org
AUDIT COMMITTEES
5. Does the audit committee oversee appropriateness, relevance, and reliability of operational and financial reporting to the board, as well as to investors and other external users?
www.theiia.org
AUDIT COMMITTEES
6. Does the audit committee oversee
existence of and compliance with ethical standards?
www.theiia.org
AUDIT COMMITTEES
7. Does the audit committee or full board have a meaningful but challenging relationship with independent auditors, internal auditors, senior financial control executives, and key corporate and business unit operating executives?
www.theiia.org
INTERNAL AUDITING
www.theiia.org
INTERNAL AUDITING
1. Does internal auditing have the support of top management, the audit committee, and the board of directors as a whole?
www.theiia.org
INTERNAL AUDITING
2. Has the written scope of internal audit responsibilities been reviewed by the audit committee for adequacy?
www.theiia.org
INTERNAL AUDITING
3. Is the organizational relationship between internal auditing and senior executives appropriate?
www.theiia.org
INTERNAL AUDITING
4. Does internal auditing have and use open lines of communication and private access to all senior officers and the audit committee?
www.theiia.org
INTERNAL AUDITING
5. Are audit reports covering the right subjects distributed to the right people and acted upon in a timely manner?
www.theiia.org
INTERNAL AUDITING
6. Do key audit executives possess an appropriate level of expertise?
www.theiia.org
To Purchase the Framework:
Visit The IIA Bookstore at
www.theiia.org
www.theiia.org
For More aboutthe Framework:
www.theiia.org
For More aboutthe Framework:
Visit
www.coso.org
www.theiia.org
A Framework for Control
This presentationwas produced
by
www.theiia.org
The IIA is the internal audit profession’s
global voice, recognized authority, acknowledged leader, chief advocate
and principal educatorworldwide.
