1 / 48

A Framework for Control

Understand the COSO framework's components - Control Environment, Risk Assessment, Control Activities, Information and Communication, Monitoring - and ask crucial internal control questions about ethics, risk, internal control, audit committees, and internal auditing.

cbishop
Download Presentation

A Framework for Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Framework for Control COSO’s five components of internal control and questions too important to ignore

  2. What is COSO? COSO, the Committee of Sponsoring Organizations of the Treadway Commission, is a private sector initiative established in 1985 by five financial professional associations.

  3. Who? • The Institute of Internal Auditors • American Institute of Certified Public Accountants • American Accounting Association • Institute of Management Accountants • Financial Executives Institute

  4. Why? COSO’s goal is to improve the quality of financial reporting through a focus on corporate governance, ethical practices, and internal control.

  5. Definition of Internal Control A process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.

  6. Categories of Internal Control • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations

  7. Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring

  8. Ask the Right Internal Control Questions about:

  9. ETHICS • Do board members and senior executives set a day-in, day-out example of high integrity and ethical behavior? 

  10. ETHICS 2. Is there a written code of conduct for employees, and is it reinforced by training, top down communications, and requirements for periodic written statements of compliance from key employees? 

  11. ETHICS 3. Are performance and incentive compensation targets reasonable and realistic, or do they create undue pressure on achievement of short-term results?

  12. ETHICS 4. Is it clear that fraudulent financial reporting at any level and in any form will not be tolerated?

  13. ETHICS 5. Are ethics woven into criteria that are used to evaluate individual and business unit performance?

  14. ETHICS 6. Does management react appropriately when receiving bad news from subordinates and business units?

  15. ETHICS 7. Does a process exist to resolve close ethical calls?

  16. ETHICS 8. Are business risks identified and candidly discussed with the board of directors?

  17. RISK

  18. RISK • Is relevant and reliable internal and external information identified, compiled, and communicated in a timely manner to those who are positioned to act?

  19. RISK 2. Are risks identified and analyzed, and actions taken to mitigate them?

  20. RISK 3. Are controls in place to assure that management decisions are properly carried out?

  21. INTERNAL CONTROL

  22. INTERNAL CONTROL • Do senior and line management executives demonstrate that they accept control responsibility, not just delegate that responsibility to financial and audit staff? 

  23. INTERNAL CONTROL 2. Does management routinely monitor controls in process of running the organization’s operations?

  24. INTERNAL CONTROL 3. Does management clearly assign responsibilities for training and monitoring of internal controls?

  25. INTERNAL CONTROL 4. Are periodic, systematic evaluations of control systems conducted and documented?

  26. INTERNAL CONTROL 5. Are such evaluations conducted by personnel with appropriate responsibilities, business experience, and knowledge of the organization’s affairs?

  27. INTERNAL CONTROL 6. Are appropriate criteria established to evaluate controls?

  28. INTERNAL CONTROL 7. Are control deficiencies reported to higher levels of management and corrected on a timely basis?

  29. INTERNAL CONTROL 8. Are appropriate controls built in as new systems are designed and brought on stream?

  30. AUDIT COMMITTEES

  31. AUDIT COMMITTEES • Has the board recently reviewed adequacy of the audit committee’s written charter? 

  32. AUDIT COMMITTEES 2. Are audit committee members functioning and, in fact, independent of management?

  33. AUDIT COMMITTEES 3. Do audit committee members possess an appropriate mix of operating and financial control expertise?

  34. AUDIT COMMITTEES 4. Does the audit committee understand and monitor the broad organizational control environment?

  35. AUDIT COMMITTEES 5. Does the audit committee oversee appropriateness, relevance, and reliability of operational and financial reporting to the board, as well as to investors and other external users?

  36. AUDIT COMMITTEES 6. Does the audit committee oversee existence of and compliance with ethical standards?

  37. AUDIT COMMITTEES 7. Does the audit committee or full board have a meaningful but challenging relationship with independent auditors, internal auditors, senior financial control executives, and key corporate and business unit operating executives?

  38. INTERNAL AUDITING

  39. INTERNAL AUDITING • Does internal auditing have the support of top management, the audit committee, and the board of directors as a whole?

  40. INTERNAL AUDITING 2. Has the written scope of internal audit responsibilities been reviewed by the audit committee for adequacy? 

  41. INTERNAL AUDITING 3. Is the organizational relationship between internal auditing and senior executives appropriate?

  42. INTERNAL AUDITING 4. Does internal auditing have and use open lines of communication and private access to all senior officers and the audit committee?

  43. INTERNAL AUDITING 5. Are audit reports covering the right subjects distributed to the right people and acted upon in a timely manner?

  44. INTERNAL AUDITING 6. Do key audit executives possess an appropriate level of expertise?

  45. To Purchase the Framework: Visit The IIA Bookstore at www.theiia.org

  46. For More aboutthe Framework: Visit www.coso.org

  47. A Framework for Control This presentationwas produced by

  48. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate and principal educator worldwide.

More Related