CORPUZ

INTERNAL CONTROL - In auditing and accounting, internal control is defined as a process that

is designed to help an organization to accomplish specific goals or objectives.

1. COSO - is a widely used framework in the United States and around the world.
Background: In 1992, the Committee of Sponsoring Organizations of the
Tread way Commission (COSO) developed a model for evaluating internal controls. It is
a widely used framework in the United States and around the world.

Definition : The COSO model defines internal control as “a process effected

by an entity’s board of directors, management and other personnel designed to provide
reasonable assurance of the achievement of objectives in the following categories: a.)
Operational Effectiveness and Efficiency, b.) Financial Reporting Reliability, & c.)
Applicable Laws and Regulations compliance.

5 components ( 1992 COSO Model) :

1. Control Environment –
a. Exercise integrity and ethical values.
b. Make a commitment to competence.
c. Use the board of directors and audit committee.
d. Facilitate management’s philosophy and operating style.
e. Create organizational structure.
f. Issue assignment of authority and responsibility.
g. Utilize human resources policies and procedures.

2. Risk Assessment
a. Create companywide objectives.
b. Incorporate process-level objectives.
c. Perform risk identification and analysis.
d. Manage change.
 3. Control Activities
a. Follow policies and procedures.
b. Improve security (application and network).
c. Conduct application change management.
d. Plan business continuity/backups.
e. Perform outsourcing.

4. Information and communication

a. Measure quality of information.
b. Measure effectiveness of communication.

5. Monitoring
a. Perform ongoing monitoring.
b. Conduct separate evaluations.
c. Report deficiencies.

These components work to establish the foundation for sound internal control within the
company through directed leadership, shared values and a culture that emphasizes
accountability for control. The various risks facing the company are identified and
assessed routinely at all levels and within all functions in the organization. Control
activities and other mechanisms are proactively designed to address and mitigate the
significant risks. 

2. CoCo (Criteria of control)

Background: This control framework was issued by The Canadian Institute
of Chartered Accountants (CICA)
Definition: It defines control as “those elements of an organization
(including its resources, systems, processes, culture, and tasks) that, taken
together, support people in the achievement of the organization’s objectives”.
The framework emphasizes that control involves the entire organization but begins on an individual
level, with the employee. The CoCo framework outlines criteria for effective control in the following
four areas:

 Purpose (sense of organization’s directions) – addressing the visions, missions, long

term strategy/ targets
 Commitment (sense of organization’s identity) - human resource policies are updated to
reflect the company's ethical values. ; Accountability and responsibility should be clearly
established.
 Capability(sense of organization’s competence)
 Monitoring and learning ((sense of organization’ evolution)

3. Control Self-Assessment
Definition: It defines as a process by which a department examines and
improves existing internal controls and/or implements new internal
controls to mitigate risks associated with a process or function. It defines
an effective approach to identifying and managing areas of risk exposure,
as well as highlighting potential opportunities.
- Also, CSA involves a structured approach to come up
document business objectives, risks and controls and
having operational management and staff assesses the
adequacy of controls.

Diff. bet. CSA and IA: A CSA differs from an internal audit in that the
direction of a CSA is determined by operating department management;
the direction of an internal audit is determined by Internal Audit
department management. Also, a typical internal audit includes testing of
 transactions to determine whether internal controls are operating as
expected – a CSA typically does not include transaction testing within its
scope of work.

Objectives:

a. Communication and understanding of each department’s roles

and responsibilities within the selected process or function,
including the roles and responsibilities of each individual that is
part of the process or function.
b. Determination of acceptable levels of risk.
c. Determination of the correct cost-benefit trade-off for
establishing new internal controls.

4. Cadbury Report (UK)

Background: Corporate governance in United Kingdom has changed
since the Cadbury Report (1992) was first produced by the Committee on
the Financial Aspects of Corporate Governance (Cadbury Committee), is
changing, and is expected to change in the future, which is evident from
the number of corporate governance codes at national levels and the need
for greater accountability and corporate transparency
Definition: It defines as the “system by which companies are directed
and controlled”, voluntary adoption of the governance best practices and
the “comply or explain” principle.
Code Principles:
a. Openness (Information Disclosure);
b. Integrity (Honesty)
c. Accountability

5. Turnbull Model (UK)

 Background: In 1998, the London Stock Exchange developed a
combined code for corporate governance.
Definition: This control facilitates the effectiveness and efficiency of
operations, helps ensure the reliability of internal and external reporting and
assists compliance with laws and regulation. (Financial Reporting Council, 2005)
Meaning, the company directors should, at least annually, conduct a review of
the effectiveness of the system of internal control and should report the
shareholders that they have reviewed the effectiveness of all 3 types of controls,
including financial, operational, and compliance control.
Principles:
a. Risk Assessment;
b. Control Environment & Control Activities;
c. Information & Communication; and
d. Monitoring.

6. King Model in South Africa

Background: The purpose of this control was to promote the highest
standards of corporate governance in South Africa. Also, it has been cited
as "the most effective summary of the best international practices in
corporate governance".
Approach: The philosophy of the code consists of the three key
elements of leadership, sustainability and good corporate citizenship. It
views good governance as essentially being effective, ethical leadership. It
indicates that leaders should direct the company to achieve sustainable
economic, social and environmental performance.

7. Kon trag (Germany)

Background: This control went effect in May 1, 1998. It is primarily
concerned with improving the functioning of the supervisory board
(Aufsichtsrat), increasing transparency, strengthening the control
exercised by the shareholders' meeting, reducing differences in voting
 rights, permitting the use of modern financing and remuneration
instruments, improving the quality of the annual audit and the co-operation
between the auditor and the supervisory board, as well as the critical
examination of the holdings of credit institutions.

Significant changes:
a. One Share, One Vote (Prohibits Multiple & Maximum
Voting Rights)
b. Repurchase of Own Shares; and
c. Implementation of Stock Option Plans for Management.

In 1998, the German government proposed changes for the reform of corporate governance.
The model affects control and transparency in business. Specifically, it impacts the board of
directors, supervisory board, corporate capitalization principles, authorization of no-par value
shares, small unlisted stock corporations, banks investing in industrial companies, and the
acceptance of internationally recognized accounting.

REFERENCES:

 KnowledgeLeader, P. (n.d.). Five Components of the COSO Framework You

Need to Know. Retrieved from
https://info.knowledgeleader.com/bid/161685/what-are-the-five-components-of-
the-coso-framework
 Internal Control Frameworks: COSO, CoCo, and the UK Corporate Governance
Code. (2011, July 12). Retrieved from
https://cgleaders.wordpress.com/2011/07/12/codes-2/
 Internal Control Frameworks: COSO, CoCo, and the UK Corporate Governance
Code. (2011, July 12). Retrieved from
https://cgleaders.wordpress.com/2011/07/12/codes-2/
 (n.d.). Retrieved from https://study.com/academy/lesson/coco-internal-control-
framework-definition-key-concepts.html
 Law on Control and Transparency in Enterprises (Gesetz zur Kontrolle und
Transparenz im Unternehmensbereich, KonTraG). (1998, September 11).
Retrieved from https://www.internationallawoffice.com/Newsletters/Company-
Commercial/Germany/Gleiss-Lutz-Hootz-Hirsch/Law-on-Control-and-
Transparency-in-Enterprises-Gesetz-zur-Kontrolle-und-Transparenz-im-
Unternehmensbereich-KonTraG
 caew.com. 2020. Internal Control: Guidance For Directors On The Combined
Code. [online] Available at: <https://www.icaew.com/technical/corporate-
governance/codes-and-reports/turnbull-report> [Accessed 15 March 2020].
  Icaew.com. 2020. Internal Control: Guidance For Directors On The Combined
Code. [online] Available at: <https://www.icaew.com/technical/corporate-
governance/codes-and-reports/turnbull-report> [Accessed 15 March 2020].
COSO Principle:

https://info.knowledgeleader.com/bid/161685/what-are-the-five-components-of-the-coso-
framework

https://cgleaders.wordpress.com/2011/07/12/codes-2/

https://info.knowledgeleader.com/bid/178711/coso-integrated-control-framework-do-the-
changes-really-matter

COCO Model:

https://study.com/academy/lesson/coco-internal-control-framework-definition-key-concepts.html

https://cgleaders.wordpress.com/2011/07/12/codes-2/

Control Self-Assessment Model

https://www.utoledo.edu/offices/internalaudit/No._13.html

https://www.pwc.com/th/en/rcs/control-self-assessments.html

Cadbury Report (UK)

http://cadbury.cjbs.archios.info/report

Turnbull Model UK

King Model Africa

Kon Trag Germany

https://www.internationallawoffice.com/Newsletters/Company-Commercial/Germany/Gleiss-
Lutz-Hootz-Hirsch/Law-on-Control-and-Transparency-in-Enterprises-Gesetz-zur-Kontrolle-und-
Transparenz-im-Unternehmensbereich-KonTraG

Classification of organization

https://accountlearning.com/classification-of-organization-features-merits-demerits/

https://www.slideshare.net/kumar_vic/concept-of-organization

http://www.yourarticlelibrary.com/organization/organization-meaning-definition-concepts-and-
characteristics/53217

Organization Chart

https://www.smartdraw.com/organizational-chart/organizational-chart-types.htm

Traditional and modern

https://www.linkedin.com/pulse/modern-organization-vs-traditional-safinaz-jahan

X and U Theory

https://www.toolshero.com/leadership/theory-x-and-theory-y/

Lawrence and Lorsch Model

http://faculty.babson.edu/krollag/org_site/org_theory/Scott_articles/lawren_lorsch_cont.html

Human Relations Movement

https://www.hrzone.com/hr-glossary/what-is-the-human-relations-movement