What is COSO?
COSO, the Committee of Sponsoring
Organizations of the Treadway Commission, is a private sector initiative
established in 1985 by five financial professional associations. COSO’s goal is
to improve the quality of financial reporting through a focus on corporate governance, ethical practices, and internal control. COSO’s
Internal Control—Integrated Framework (Framework) enables organizations to
effectively and efficiently develop systems of internal control that adapt to
changing business and operating environments, mitigate risks to acceptable
levels, and support sound decision making and governance of the organization.
Definition of Internal Control
According to COSO
A process, effected by an
entity's board of directors, management,
and other personnel, designed to provide reasonable assurance regarding the
achievement of objectives. The categories of internal control, there are:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
Components of Internal Control
Internal
control consist of eight integrated components according to the updated COSO:
1. Internal Environment
It’s made the guidelines for how risk is viewed
and addressed by people on an entity, including risk philosophy and risk
appetite, their ethical values, and the environment in which they do the work
activities.
2. Objective – Setting
It must exist before management can identify the potential
events affecting their good results, so that entity must ensure that management
has in place a process to set objectives and that the chosen objectives support
and align with the mission of the entity itself or not and are consistent with
its risk appetite.
3. Event Identification
The internal control should identify the internal and
external events which is affecting the good result of an entity’s objectives and also
distinguish between risks and opportunities.
4. Risk Assesment
It involves a
dynamic and iterative process for identifying and assessing risks to the
achievement of objectives. Risks to the achievement of these objectives from
across the entity are considered relative to established risk tolerances. Thus,
risk assessment forms the basis for determining how risks will be managed.
5. Risk Response
Management of the entity should selects risk responses in
order to avoiding, accepting, reducing or sharing risk which aligned with the
entity’s risk tolerance and risk apetite.
6. Control
Activities
Is the actions
established through policies and procedures that help ensure that management’s
directives to mitigate risks to the achievement of objectives are carried out.
7. Information and Communication
Information is
necessary for the entity to carry out internal control responsibilities to
support the achievement of its objectives. Communication is the continual,
iterative process of providing, sharing, and obtaining necessary information.
8. Monitoring
Ongoing evaluations, separate
evaluations, or some combination of the two are used to ascertain whether each
of the eight components of internal control, including controls to effect the
principles within each component, is present and functioning.
References:
No comments:
Post a Comment