HEAD OFFICE

To
The Committee of Sponsoring Organizations March 31, 2012
of the Treadway Commission (COSO) & PWC


Subject: ICAP COMMENTS ON COSO INTERNAL CONTROLINTEGRATED FRAMEWORK
Dear Sir,
The Institute of Chartered Accountants of Pakistan welcomes the opportunity to offer comments on the above
mentioned Exposure Draft.
Please find enclosed the comments of the relevant Committee of the Institute for your perusal.
If you require any further clarification, please do not hesitate to contact us.

Yours faithfully,



Haroon Tabraze
Director Technical Services
The Institute of Chartered Accountants of Pakistan
haroon.tabraze@icap.org.pk







(Established under the Chartered Accountants Ordinance, 1961-X of 1961)

Chartered Accountants Avenue, Clifton, Karachi-75600 (Paki stan) Ph: (92-21) 111 000 422 Fax: 99251626
Website: http://www.icap.org.pk E-mail: info@icap.org.pk
ICAP COMMENTS ON COSO INTERNAL CONTROLINTEGRATED FRAMEWORK

Public Exposure Feedback Questions

General Questions
1. Are you a member of one or more of the COSO organizations?

No.

2. Are you responding on behalf of yourself or an organization or company?

Responding on behalf of Institute of Chartered Accountants of Pakistan (ICAP)

3. Where do you reside?

Pakistan

4. Where within your organization do you appl y the COSO Framework?

Compliance activities No
External financial reporting No
External non-financi al reporting No
Internal management reporting (financial or non-financial) No
Internal control reporting Yes, Occasionally
Internal audit Yes, Occasionally
Operations activities No
Other No
We do not use the Framework at this time Yes, as mandatory framework



Overall Impressions on the Framework (answered on a scale of 1 to 5)
5. The updated Framework will help strengthen an entity s systems of internal control

4

6. The updated Framework is internall y consi stent and logical

5

7. The updated Framework is written in a manner that is understandable and provides ease of use

4

8. The updated Framework is appl icabl e to organizations of varying l egal structures and sizes, and
operating in various geographies and industri es

3 Ideally it should be; However, due to resource bottlenecks the Framework may not be feasibly mandated for
all industries and in all geographies.

9. The updated Framework will impose additional burdens on entities reporting on internal control
e.g., reporting on internal control over external financial reporting based on SarbanesOxley Act of
2002 (SOX) requirements

No significant burden is expected.

9.a If you believe that there is an additional burden, is the change appropriate? If not, why not?

Not applicable


Questions on Specific Areas of Interest (answered on a scale of 1 to 5)
10. Compared to the 1992 framework, the updated Framework creates a higher threshold for attaining
effectiveness of internal control

5

11. The 17 principles set out in the updated Framework are a complete set of principles

4

12. The 17 principl es with related attributes are helpful in describing important considerations of an
effective system of internal control

5

13. There are necessary changes to the principles

5

14. An entity can conclude that it has effective internal control if one or more of the 17 principles are
not present and functioni ng

3

15. The updated Framework appropriatel y expands the reporting objective category (i.e. internal and
external reporting, financi al and non-financial reporting)

4

16. The expanded reporti ng objective, and the manner in which this objecti ve category is presented in
the Framework, does not diminish our ability to apply the Framework when reporting on internal
control over external financial reporting

4

17. The updated Framework provides an appropri ate balances of reporting, operations, and compliance
related approaches and examples

5

Summary

18. Are there any other general comments that you would like to provide
Please refer below.





GENERAL COMMENTS ON COSO INTERNAL CONTROL INTEGRATED FRAMEWORK
BY INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN (ICAP)
ICAP is a professional body of Chartered Accountants in Pakistan, and represents accountants employed in
public practice, business and industry, and the public and private sectors. ICAP is also an examining body for
the candidates aspiring to become Chartered Accountants. It regulates the accounting and auditing profession
in Pakistan. We are offering these comments as a matter of interest in the revised Internal Control Framework.
The COSOs Internal Control Integrated Framework is not prescribed as a mandatory reference document in
any of the regulations at present in Pakistan. However, the banking industry based on directives from State
Bank of Pakistan is contemplating to implement this framework in the near future. Otherwise in general there
exists limited awareness about the detailed contents of the Framework.
We note that this updated version of the Framework is extensive and takes account of the developments in the
businesses since its first 1992 version.
The three objectives for internal control are the same. However in the explanation the objective of effectiveness
and efficiency of operations is clarified to include safeguarding of assets against loss. We found this to be
proper and required. In fact this can be another objective distinct from effectiveness and efficiency of operations
which is too broad an objective and may have the consequence of entities losing focus on this aspect of
safeguarding the assets against loss while implementing the internal control framework.
The five components of internal control are also same but with enhanced discussion on each of these
components. We consider this to be extremely useful. In particular, the introduction of separate principles and
their attributes are very helpful. The discussion on each of these principles provides the readers/users
appropriate detail to understand the concept and application. The evaluation process will also now be much
easier in the light of these principles and attributes. Inclusion of principles and attributes is probably the
highlight of this revision.
The framework explains the matter of deficiencies in internal control. It seems that the definition in the
framework is not the same as in International Standards on Auditing (ISA) 265 Communicating deficiencies in
internal control to those charged with governance and management. In the context of auditing it would be better
if both definitions are same. Further ISA 265 only has two classifications i.e. significant deficiency and other
deficiency whereas under the framework there is a further concept of material weakness. An alignment of the
definitions and classification will be beneficial in practical use.
In respect of documentation the framework recognizes that the level of documentation is a matter of judgment
and should be done with cost-effectiveness in mind. This is appropriate especially in the context of small and
medium size organizations. However we feel that given the size of small entities in Pakistan to expect the
management of such entities to understand and implement the framework is too onerous a task for them. This
effectively means that although the framework is relevant for small entities but who are not in a position to apply
because of capacity issues.

Z:\Auditing Standards Committee\March 2012\Commnets on COSO framework.doc


1Public Exposure Feedback Questions