Internal Control – Integrated Framework is widely accepted as the standard for the design and operation of internal control systems.
COSO Model defines;
Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
Objectives of Internal Control:
1) Intended to achieve three classes of objectives
2) An ongoing process
3) Effected by people at all organizational levels, e.g., the board, management, and all other employees.
4) Able to provide reasonable, but not absolute, assurance.
5) Adaptable to an entity’s structure.
The three classes of objectives direct organizations to the different (but overlapping) elements of control.
a) Operations objectives relate to achieving the entity’s mission. Appropriate objectives include improving ; (a) financial performance, (b) productivity, (c) quality, (d) innovation, and (e) customer satisfaction.
b) Operations objectives also include safeguarding o f assets.Objectives related to protecting and preserving assets assist in risk assessment and development of mitigating controls. Avoidance of waste, inefficiency, and bad business decisions relates to broader objectives than safeguarding of assets.
a) To make sound decisions, stakeholders must have reliable, timely, and transparent financial information.
b) Reports may be prepared for use by the organization and stakeholders.
c) Objectives may relate to Financial and nonfinancial reporting and Internal or external reporting
a) Entities are subject to laws, rules, and regulations that set minimum standards of conduct.
i) Examples include taxation, environmental protection, and employee relations. ii) Compliance with internal policies and procedures is an operational matter.
4) The following is a useful memory aid for the COSO classes of objectives:
O = Operations R = Reporting C = Compliance
Components of Internal Control
a. Supporting the organization in its efforts to achieve objectives are the following five components o f internal control:
1) Control environment
2) Risk assessment
3) Control activities
4) Information and communication
b. A useful memory aid for the COSO components of internal control is, “Controls stop CRIME.”
C – Control activities
R = Risk assessment
I = Information and communication
M = Monitoring
E = Control environment