COSO Framework - PowerPoint PPT Presentation

coso framework n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
COSO Framework PowerPoint Presentation
Download Presentation
COSO Framework

play fullscreen
1 / 26
COSO Framework
434 Views
Download Presentation
shanae
Download Presentation

COSO Framework

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. COSO Framework

  2. What is COSO? • Committee of Sponsoring Organization (COSO) • voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance.

  3. Defining Internal Control - COSO • A process effected by an agency’s senior management and other personnel – designed to provide reasonable assurance regarding the achievement of objectives in • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with laws and regulations • This process could assist in achieving: • Operating objectives • Safeguarding of assets • Reliable financial statements and reports • Compliance with applicable laws and regulations

  4. Redefine the Control Focus

  5. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  6. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  7. The Control Environment • sets the tone of an agency, influencing the control consciousness of its people • the foundation for all other components of internal control • “Tone at the Top”

  8. The Control Environment Factors to Consider in Assessing Control Environment • Integrity, ethical values and behavior of key executives • Management’s consciousness and operating style • Commitment to competence • Organizational structure and assignment of authority and responsibility • Human resources policies and practices

  9. The Control Environment • Integrity and ethical values • Foundation for effective control • Core values set and communicated by auditee management • Code of Ethics/Conduct • Product of the auditee’s ethical and behavioral standards, how they are communicated and monitored • Management’s control consciousness and operating style • Importance management attaches to internal controls • For the most part, an intangible • A management attitude

  10. The Control Environment • Commitment to competence • Existence of clear job descriptions • Consideration of competence levels for particular jobs • Assessment of employees’ requisite knowledge and skills • Nature and degree of judgment to be applied on the job and extent of supervision

  11. The Control Environment • The organizational structure and assignment of authority and responsibility • Segregation of incompatible duties • Clear lines of responsibility and accountability • How decentralized operations are monitored • Establishing and monitoring policies and procedures • Establishing and monitoring performance measures • Human resources and policies • HR policies relating to hiring, training, evaluating, counseling, promoting and compensating personnel • Competence and integrity of organization’s personnel

  12. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  13. Risk Assessment • The process for identifying, analyzing and managing risks is a critical component of an effective internal control system • Identify • Analyze • Manage Auditee and process or activity level Risks

  14. Risk Assessment • Examples of circumstances requiring special attention • Changed regulatory/political environment • New personnel, high turnover, job rotations • New information systems/ technology • New products/services, lines, activities

  15. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  16. X Company Control Activities • Policies • Regulations • Procedures …that help ensure that management’s directives and control objectives are carried out

  17. X Company Control Activities • Do policies and procedures exist? • Is there a planning and reporting system in place? • Does auditee management review variances and takes corrective actions if needed? • Are there adequate safeguards in place to prevent unauthorized access? • Are duties divided logically through appropriate set up of IT applications?

  18. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  19. Information and Communication • The process of capturing and exchanging information needed to conduct, manage and control the auditee’s operations • Does the IT system provide auditee management with necessary reports on performance relative to goals? • Are information provided to the right people in sufficient detail and on time? • Does auditee management communicate employee’s duties and control activities in an effective manner? • Does auditee management take timely and appropriate follow up on communications received internally and externally?

  20. Information and Communication Communication – in all directions Upward- to provide auditee management at all levels Feedback on decisions and performance Have we effectively communicated control responsibilities to all employees? Sideways- across Organization lines Downward- to provide employees clear Guidance and direction

  21. COSO Framework Five Interrelated Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring The COSO framework

  22. Monitoring • Assessment of internal control performance over time; accomplished by: • Ongoing Monitoring Activities • Separate Evaluations • Reporting Deficiencies

  23. Monitoring • Ongoing Monitoring Activities • Management and supervisory activities • Separate Evaluations • Risk/ Control Self Assessments • Internal Audit • Reporting Deficiencies • Exception Reports • Communication from regulators

  24. Overall Assessment of Internal Control • Reaching conclusions about an auditee’s internal control (at the entity level) involves a high degree of subjectivity due to the intangible nature of factors to consider • Requires considerable professional judgment • The fact remains that the best policies and structure are worthless if the will to make them work is lacking

  25. Two Important Questions in Assessing Internal Control • Has the auditee management created a control environment in which people are motivated to comply with controls rather than ignore or circumvent them? • Has the auditee installed the necessary control mechanisms to monitor and correct non-compliance and are the mechanisms functioning effectively?

  26. ? Questions