COSO Framework

Internal Control – Integrated Framework is widely accepted as the standard for the design and operation of internal control systems.

COSO Model defines;

Internal control is  a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

Objectives of Internal Control:

1) Intended to achieve three classes of objectives

2) An ongoing process

3) Effected by people at all organizational levels, e.g., the board, management, and all other employees.

4) Able to provide reasonable, but not absolute, assurance.

5) Adaptable to an entity’s structure.

The three classes of objectives direct organizations to the different (but overlapping) elements of control.

1) Operations

a) Operations objectives relate to achieving the entity’s mission. Appropriate objectives include improving ; (a) financial performance, (b) productivity, (c) quality, (d) innovation, and (e) customer satisfaction.

b) Operations objectives also include safeguarding o f assets.Objectives related to protecting and preserving assets assist in risk assessment and development of mitigating controls.  Avoidance of waste, inefficiency, and bad business decisions relates to broader objectives than safeguarding of assets.

2) Reporting

a) To make sound decisions, stakeholders must have reliable, timely, and transparent financial information.

b) Reports may be prepared for use by the organization and stakeholders.

c) Objectives may relate to Financial and nonfinancial reporting and Internal or external reporting

3) Compliance

a) Entities are subject to laws, rules, and regulations that set minimum standards of conduct.

i) Examples include taxation, environmental protection, and employee relations. ii) Compliance with internal policies and procedures is an operational matter.

4) The following is a useful memory aid for the COSO classes of objectives:

 O = Operations R = Reporting C = Compliance

Components of Internal Control

a. Supporting the organization in its efforts to achieve objectives are the following five components o f internal control:

1) Control environment

2) Risk assessment

3) Control activities

4) Information and communication

5) Monitoring

b. A useful memory aid for the COSO components of internal control is, “Controls stop CRIME.”

C – Control activities

R = Risk assessment

I = Information and communication

M = Monitoring

E = Control environment


About Jonathan Ruiz CPA

Entrepreneur, CPA Mentor, Stock market Newbie Mentor, Influential Author and Master's Degree in International Business graduate in Hult International Business School, UK. A father of two lovely daughters.
This entry was posted in Auditing Theory and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s