Transcription
Overview:Committee of Sponsoring Organizations (COSO)Internal Control Integrated Framework 2013
Michael L. PiazzaPrincipal AssociateProfessional Development Associateswww.pda-usa.comwww.controlsframework.com
New Solutions"Rarely do we find men and women who willinglyengage in hard, solid thinking. There is an almostuniversal quest for easy answers and half-bakedsolutions. Nothing pains some people more thanhaving to think."Rev. Martin Luther King, Jr.
Persian Proverb“He who knows not, and knows not that he knowsnot, is a fool, shun him.He who knows not and knows that he knows not, islike a child, teach him.He who knows and knows not that he knows, isasleep, awake him.He who knows and knows that he knows, is wise,follow him.”
Organizational bjectivesDirectingRISKSControlling
Objectives – Risks – Controls RelationshipRisksObjectivesControls
COSO (Committee of Sponsoring Organizations)Internal Control Integrated FrameworkPublication and Tools - 1992Update – March , 2013
Institute of Internal Auditors - 174Amazon.com - COSO Quick Reference Guide 27 paperback 9.99 Kindle edition
1984 Mercury Grand Marquis LS
1984 Mercury Grand Marquis LS
Phones from 1984Wall phoneDesk phoneCell phone
Committee of Sponsoring Organizationsofthe Treadway Commission (COSO)American Institute of Certified Public AccountantsAmerican Accounting AssociationThe Institute of Internal AuditorsInstitute of Management AccountantsFinancial Executives Institute
Treadway Commission met with President Ronald Reagan“Yes, as auditors we trust that management has sufficient controlsin place, but we must verify that.”“ We trust but verify.”
CommunicationInC ontrolt.AcntioRisklicaunmmCoControgt orinationInformformationMonis.sessAirovEnennmt
COSO Definition of Internal ControlICIF 1992Internal control is broadly defined as a process,effected by an entity’s board of directors, management and otherpersonnel,designed to provide reasonable assurance regarding the achievementof objectives in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations
Definition of Internal ControlFrom ICIF 1992 to 2013Internal control is broadly defined as a process, effected by an entity’s boardof directors, management and other personnel, designed to providereasonable assurance regarding the achievement of objectives in thefollowing categories: Effectiveness and efficiency of operationsReliability of financial reportingCompliance with applicable laws and regulations
Definition of Internal ControlFrom ICIF 1992 to 2013Internal control is broadly defined as a process, effected by an entity’s boardof directors, management and other personnel, designed to providereasonable assurance regarding the achievement of objectives in thefollowing categories: relating to: Effectiveness and efficiency of operationsReliability of financial reportingCompliance with applicable laws and regulations
Definition of Internal ControlICIF 2013Internal control is a process, effected by an entity’s board of directors,management, and other personnel, designed to provide reasonableassurance regarding the achievement of objectives relating to operations,reporting, and compliance.
This definition emphasizes that internal control is: Geared to the achievement of objectives in one or more separate butoverlapping categories - operations, reporting and compliance A process consisting of ongoing tasks and activities - it is a means to an end,not an end in itself Effected by people - not merely about policy and procedure manuals, systems,and forms, but about people and the actions they take at every level of anorganization to effect internal control Able to provide reasonable assurance - but not absolute assurance, to anentity’s senior management and board of directors Adaptable to the entity structure - flexible in application for the entire entityor for a particular subsidiary, division, operating unit, or business process
Relationship within Reporting Category of ObjectiveThe overall relationship between the four sub-categories of reportingobjectives is depicted in the graphic below.
Reporting ObjectivesFinancialNon FinancialExternalExternal FinancialExternal Non FinancialInternalInternal FinancialInternal Non Financial
Definition of Internal ControlICIF 2013Internal control is a process, effected by an entity’s board of directors,management, and other personnel, designed to provide reasonableassurance regarding the achievement of objectives relating to operations,reporting, and compliance.
Components - COSO Internal Control Integrated FrameworkControl EnvironmentRisk AssessmentControl ActivitiesInformation & CommunicationMonitoring Activities
Framework with Objective Categories and Organizational Levels
COSO ICIF from 1992 to 2013 Applies a principles-based approach Clarifies the role of objective-setting in internal control Reflects the increased relevance of technology Enhances governance concepts Expands the reporting category of objectives Enhances consideration of anti-fraud expectations Considers different business models and organizational structures
Limitations of Internal Control Reasonable assurance Preconditions of Internal Control – governance processes andmanagement’s strategy-setting or objective-setting processes JudgmentooooTime availableInformation at handManagement biasesPressures of the conduct of business External Events
Limitations of Internal Control Management Overrideo Overruling prescribed policies or procedures for illegitimate purposes withthe intent of personal gain or an enhanced presentation of an entity’sperformance or compliance.o Not to be confused with management intervention, which representsmanagement’s actions to depart from prescribed controls for legitimatepurposes. Management intervention is necessary to deal with non-recurringand non-standard transactions or events that otherwise might be handledinappropriately. Collusion - Individuals acting collectively to perpetrate and conceal an actionfrom detection often can alter financial or other management information so that itcannot be detected or prevented by the system of internal control.
Perceptual/Practical PerspectivesComply or elseApply or explain
Principles - COSO Internal Control Integrated FrameworkControl Environment1.2.3.4.5.The organization demonstrates a commitment to integrity and ethicalvalues.The board of directors demonstrates independence of management andexercises oversight for the development and performance of internalcontrol.Management establishes, with board oversight, structures, reportinglines, and appropriate authorities and responsibilities in the pursuit ofobjectives.The organization demonstrates a commitment to attract, develop, andretain competent individuals in alignment with objectives.The organization holds individuals accountable for their internal controlresponsibilities in the pursuit of objectives.
Principles - COSO Internal Control Integrated FrameworkRisk Assessment6.The organization specifies objectives with sufficient clarity to enablethe identification and assessment of risks relating to objectives.7.The organization identifies risks to the achievement of its objectivesacross the entity and analyzes risks as a basis for determining howthe risks should be managed.8.The organization considers the potential for fraud in assessing risksto the achievement of objectives.9.The organization identifies and assesses changes that couldsignificantly impact the system of internal control.
Principles - COSO Internal Control Integrated FrameworkControl Activities10. The organization selects and develops control activities that contributeto the mitigation of risks to the achievement of objectives to acceptablelevels.11. The organization selects and develops general control activities overtechnology to support the achievement of objectives.12. The organization deploys control activities as manifested in policies thatestablish what is expected and in relevant procedures to effect thepolicies.
Principles - COSO Internal Control Integrated FrameworkInformation & Communication13. The organization obtains or generates and uses relevant, qualityinformation to support the functioning of other components ofinternal control.14. The organization internally communicates information, includingobjectives and responsibilities for internal control, necessary tosupport the functioning of other components of internal control.15. The organization communicates with external parties regardingmatters affecting the functioning of other components of internalcontrol.
Principles - COSO Internal Control Integrated FrameworkMonitoring Activities16. The organization selects, develops. and performs ongoing and/orseparate evaluations to ascertain whether the components ofinternal control are present and functioning.17. The organization evaluates and communicates internal controldeficiencies in a timely manner to those parties responsible fortaking corrective action, including senior management and theboard of directors, as appropriate.
Committee of Sponsoring Organizations (COSO) Internal Control Integrated Framework 2013. Michael L. Piazza. Principal Associate. Professional Development Associates. www.pda-usa.com www.controlsframework.com. . From ICIF 1992 to 2013. Internal control is a process, effected by an entity's board of directors, management, and other personnel .
