Classroom Rules

Start on time, finish on time

Be Respectful

Learn together

Clarify topics if not understood

 Learning Objectives
 COSO Internal Control Framework
 COSO
 COSO, the Committee of Sponsoring Organizations
of the Treadway Commission, is a private sector
initiative established in 1985 by five financial
professional associations.

 COSO is a joint initiative to combat corporate fraud.

 WHO
 The Institute of Internal Auditors (IIA)
 American Institute of Certified Public Accountants
(AICPA)

 American Accounting Association (AAA)

 Institute of Management Accountants (IMA)

 Financial Executives International (FEI)

 WHY?
 COSO was formed to sponsor the National Fraudulent
Financial Information Commission (the Treadway
Commission).

 The Treadway Commission was formed to inspect,

analyze, and make recommendations on fraudulent
corporate financial reports.

 The Treadway Commission studied financial

information system during the period from October
1985 to September 1987.
 HISTORY
 The Treadway Commission studied financial
information system during the period from October
1985 to September 1987.
 Report was issued in October 1987 i.e. “Report of the
National Commission on Fraudulent Financial
Information”.
 Based on the initial report, COSO was formed and
retained “Coopers & Lybrand, CPA company, to study
the problem and write a report on an integrated
internal control framework.
 HISTORY
 In 1992, “Internal Control: Integrated Framework” was
published.
 COSO GOAL
 COSO’s goal is to improve the quality of financial
reporting through a focus on corporate governance,
ethical practices, and internal control.
 Key Concepts of the COSO
Framework
The COSO framework involves several key concepts:
 Internal control is a “process”. It is a means to an end, not an in
itself.
 Internal control is carried out by “people”. It is not simply about
policies, manuals and forms, but about people at all levels of an
organization.
 Internal control can be expected to provide only “reasonable
security”, not absolute security, to the administration and
directory of an entity.
 Internal control is aimed at achieving “objectives” in one or more
separate but overlapping categories.
 Internal Control
The COSO Framework defines Internal Control as a
process, carried out by the board of directors, the
administration and other personnel of an entity,
designed to provide “reasonable security” with respect to
the achievement of objectives in the following
Categories:
 Effectiveness and efficiency of the operations
 Reliability of “financial reports”
 Compliance with applicable laws and regulations
Components of Internal Control
1. Control Environment

2. Risk Assessment

3. Control Activities

4. Information and Communication

5. Monitoring
 Control Environment
 The control environment sets the tone of an
organization, influencing the control consciousness
of its people.

 It is the basis of all other components of internal

control, providing discipline and structure.

 Factors in the control environment include integrity,

ethical values, the operational style of administration,
the delegation of authority systems, as well as the
processes for managing and developing people in the
organization.
 Risk Assessment
 Risk assessment is the identification and analysis of
risks relevant to the achievement of the assigned
objectives.

 Risk assessment is a prerequisite for determining how

risks should be managed.
 Risk Assessment
Four principles related to risk assessments:

 Clear objectives to be able to identify and assess the

risks relating to those objectives.
 Determine how the risks should be managed.

 Consider the potential for fraudulent behavior

 Monitor changes that could impact internal controls
 Control Activities
 Control Activities are the policies and procedures
that help ensure that management directives are
carried out.
 Control activities occur throughout the organization,
at all levels and in all functions.
 Control Activities
 Control Activities includes:

1. Approval
2. Authorizations
3. Verifications
4. Reconciliations
1. Operational performance reviews
1. Asset Safety
1. Segregation of functions
Information and Communication
 Information systems product reports, including
operational, financial and compliance-related
information, which make the operation and control of
the business possible.
 Effective communication must ensure information
flows down, across and up the organization.
 Effective communication with external parties, such as
customers, suppliers, regulators and shareholders on
related political positions, must also be guaranteed.
 Monitoring
 Internal control systems must be monitored, a process
that evaluates the quality of system performance over
time.
 Continuous monitoring activities or separate
evaluations.
 Internal control deficiencies detected through these
monitoring activities must be reported upstream and
corrective measures must be taken to ensure
continuous improvement of the system.