Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Framework for Control

Similar presentations


Presentation on theme: "A Framework for Control"— Presentation transcript:

1 A Framework for Control
COSO’s five components of internal control and questions too important to ignore

2 What is COSO?

3 What is COSO? COSO, the Committee of Sponsoring Organizations of the Treadway Commission, is a private sector initiative established in 1985 by five financial professional associations.

4 Who?

5 Who? The Institute of Internal Auditors

6 Who? The Institute of Internal Auditors
American Institute of Certified Public Accountants

7 Who? The Institute of Internal Auditors
American Institute of Certified Public Accountants American Accounting Association

8 Who? The Institute of Internal Auditors
American Institute of Certified Public Accountants American Accounting Association Institute of Management Accountants

9 Who? The Institute of Internal Auditors
American Institute of Certified Public Accountants American Accounting Association Institute of Management Accountants Financial Executives Institute

10 Why?

11 COSO’s goal is to improve the quality of financial reporting
Why? COSO’s goal is to improve the quality of financial reporting through a focus on corporate governance, ethical practices, and internal control.

12 Definition of Internal Control

13 Definition of Internal Control
A process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.

14 Categories of Internal Control

15 Categories of Internal Control
Effectiveness and efficiency of operations

16 Categories of Internal Control
Effectiveness and efficiency of operations Reliability of financial reporting

17 Categories of Internal Control
Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations

18 Components of Internal Control

19 Components of Internal Control
Control Environment

20 Components of Internal Control
Control Environment Risk Assessment

21 Components of Internal Control
Control Environment Risk Assessment Control Activities

22 Components of Internal Control
Control Environment Risk Assessment Control Activities Information and Communication

23 Components of Internal Control
Control Environment Risk Assessment Control Activities Information and Communication Monitoring

24 Ask the Right Internal Control Questions about:

25 ETHICS

26 ETHICS Do board members and senior executives set a day-in, day-out example of high integrity and ethical behavior? 

27 ETHICS 2. Is there a written code of conduct for employees, and is it reinforced by training, top down communications, and requirements for periodic written statements of compliance from key employees? 

28 ETHICS 3. Are performance and incentive compensation targets reasonable and realistic, or do they create undue pressure on achievement of short- term results?

29 ETHICS 4. Is it clear that fraudulent financial reporting at any level and in any form will not be tolerated?

30 ETHICS 5. Are ethics woven into criteria that are used to evaluate individual and business unit performance?

31 ETHICS 6. Does management react appropriately when receiving bad news from subordinates and business units?

32 ETHICS 7. Does a process exist to resolve close ethical calls?

33 ETHICS 8. Are business risks identified and candidly discussed with the board of directors?

34 RISK

35 RISK Is relevant and reliable internal and external information identified, compiled, and communicated in a timely manner to those who are positioned to act?

36 RISK 2. Are risks identified and analyzed, and actions taken to mitigate them?

37 RISK 3. Are controls in place to assure that management decisions are properly carried out?

38 INTERNAL CONTROL

39 INTERNAL CONTROL Do senior and line management executives demonstrate that they accept control responsibility, not just delegate that responsibility to financial and audit staff? 

40 INTERNAL CONTROL 2. Does management routinely monitor controls in process of running the organization’s operations?

41 INTERNAL CONTROL 3. Does management clearly assign responsibilities for training and monitoring of internal controls?

42 INTERNAL CONTROL 4. Are periodic, systematic evaluations of control systems conducted and documented?

43 INTERNAL CONTROL 5. Are such evaluations conducted by personnel with appropriate responsibilities, business experience, and knowledge of the organization’s affairs?

44 INTERNAL CONTROL 6. Are appropriate criteria established to evaluate controls?

45 INTERNAL CONTROL 7. Are control deficiencies reported to higher levels of management and corrected on a timely basis?

46 INTERNAL CONTROL 8. Are appropriate controls built in as new systems are designed and brought on stream?

47 AUDIT COMMITTEES

48 AUDIT COMMITTEES Has the board recently reviewed adequacy of the audit committee’s written charter? 

49 AUDIT COMMITTEES 2. Are audit committee members functioning and, in fact, independent of management?

50 AUDIT COMMITTEES 3. Do audit committee members possess an appropriate mix of operating and financial control expertise?

51 AUDIT COMMITTEES 4. Does the audit committee understand and monitor the broad organizational control environment?

52 AUDIT COMMITTEES 5. Does the audit committee oversee appropriateness, relevance, and reliability of operational and financial reporting to the board, as well as to investors and other external users?

53 AUDIT COMMITTEES 6. Does the audit committee oversee existence of and compliance with ethical standards?

54 AUDIT COMMITTEES 7. Does the audit committee or full board have a meaningful but challenging relationship with independent auditors, internal auditors, senior financial control executives, and key corporate and business unit operating executives?

55 INTERNAL AUDITING

56 INTERNAL AUDITING Does internal auditing have the support of top management, the audit committee, and the board of directors as a whole?

57 INTERNAL AUDITING 2. Has the written scope of internal audit responsibilities been reviewed by the audit committee for adequacy? 

58 INTERNAL AUDITING 3. Is the organizational relationship between internal auditing and senior executives appropriate?

59 INTERNAL AUDITING 4. Does internal auditing have and use open lines of communication and private access to all senior officers and the audit committee?

60 INTERNAL AUDITING 5. Are audit reports covering the right subjects distributed to the right people and acted upon in a timely manner?

61 INTERNAL AUDITING 6. Do key audit executives possess an appropriate level of expertise?

62 To Purchase the Framework:
Visit The IIA Bookstore at

63 For More about the Framework:

64 For More about the Framework:
Visit

65 A Framework for Control
This presentation was produced by

66 is the internal audit profession’s global voice, recognized authority,
The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate and principal educator worldwide.


Download ppt "A Framework for Control"

Similar presentations


Ads by Google