Upload
juni-tambunan
View
214
Download
0
Embed Size (px)
Citation preview
8/13/2019 How Coso Has Improved Imternal Control in the United States
1/3
HOW COSO HAS IMPROVED IMTERNAL CONTROL IN THE UNITED STATES
Since its inception in 1985, the Committee of Sponsoring Organization of the Treadway Commission
(COSO) has created a variety of methods to improve the internal control processes used by
organizations worldwide. All types of the entities can improve internal controls by carefully
examining the contributions of COSO over time.
COSO is a voluntary, private sector entity comprised of the following five professional organizations
a. The American Institute of Certified Public Accountants (AICPA);b. The American Accounting Association (AAA)c. The institute of Managerial Accountants (IMA)d. The Institute of the Internal Auditors (IIA);ande. Financial Executives International (FEI)
COSO has contributed greatly to the audit profession since its inception in 1985. Although COSO was
intended to have only a 12-to 18-month life, it is still making significant contibutions worldwide.
In February 2009, COSO published Guidance Monitoring Internal Control Systems. This guidance can
help auditors and managers at organizations of any size monitor the effectiveness of internal control
objectives related to finance, operations, and compliance.
Internal Control prior to COSO
There had been several modification of the term internal control prior to the creation of COSO. In
1958, Statement of Accounting Practice (SAP) No. 29 defined internal control as having two
components; accounting controls and administrative controls.In attempt to prevent auditors from detecting brides, some corporations established slush funds,
or off-the-books accounts. Because of the transactions involved cash exchanges that were not
recorded on an organizations books, there was no audit trail, which madedetecting bribes almost
imposible.
About COSO
COSO was originally called the National Commission on Management Fraud, and its primary
objective was to identify factors associated with fraudulent financial reporting while reducing
taxpayer dollars allocated to excessive regulaory compliance.
COSO is sometimes referred to as the Treadway Commission, after its first board chairman, James C.Treadway. Prior to being the chairman for COSO, Treadway was appointed by President Ronald
Reagan as the Commissioner of the Securities and Exchange Commission (SEC) from 1982 to 1985.
COSOs guidance
Looking at internal control frameworks from a historical perspective can help management and
auditors comprehend how COSO has contributed to improving organizations risk management
processes and internal control systems.
Internal Control-Intergrated Framework
In 11992, COSO published Internal Control-Intergrated Framework, which defined internal control as
8/13/2019 How Coso Has Improved Imternal Control in the United States
2/3
a process. Hence. This internal control framework went one step further than the FCPA. The
objectives of the COSO internal control framework help address the following questions:
a. How do we define internal control?b. What best practices should we incorporate into internal audits envolving role?c. How can internal audit become an integral part of risk management processes and maintain
independence?
d. What should be the departments strategic plan be?e. How should the audit function deliver its services and communicate its observations?
Control Environment.
The control enviroment sets the tone for an organization and its often perceived as the most crucial
component, although it is difficult to manage and effectively evaluate.
Risk Assessment.
The risks faced by an organization nedd to be continuously monitored, to ensure that anorganizations goals and objectives can be met.
Control Activities.
Control activities are the policies and procedures needed to mitigate risks so that an organizations
goals and obectives can be achieved.
Informayion and Communication
Information should be identified, gathered, and communicated to appropriate individuals in a timely
manner.
Monitoring
Monitoring involves continuous processes to elimate risks so that an organizations goals and
objectives are met.
Internal Control Issues in Derivatives Usage
According to COSO, risk management processes related to derivatives should involve the following:
a. Understanding operations and entity wide objectivesb. Indentifying, measuring, assessing, and modifying business riskc. Evaluating the usage of derivatives to control market risk and linking use to entity wide and
activity level objectivesd. Defining risk management activities and terms relating to derivatives to provide a clear
understanding of their usage
e. Assessing the appropriateness of specified activities and strategies relating to the use ofderivatives
f. Establishing procedures for obtaining and communicating information and analyzing andmonitoring risk management activities and their results.
Enterprise Risk Management-Integrated Framework
In 2001, COSO commissioned a group of professors at the University of Virginia to assits in
determining whether a risk management framework was necessary. In 2004, COSO published
8/13/2019 How Coso Has Improved Imternal Control in the United States
3/3
Enterprise Risk Management-Integarted Framework, often referred to as the COSO ERM framework.
The COSO ERM framework has the following eight components:
Internal enviroment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring
Guidance for Smaller Public Companies
While COSOs Internal Control-Integrated Framework was intended for all types and sizes of
organization, specific guidance was deemed necessary to help smaller organization comply with
Sarbanes-Oxley Act, especially Section 404. In 2006, COSO issued Internal Control Over Financial
Reporting-Guidance Smaller Public Companies. This guidance gives a high level overview for senior
management and board members, real examples drawn from small organizations, and techniques to
help smaller organizations implement and evaluate internal control specifically related to financial
reporting.
Guidance on Monitoring Internal Control Systems
COSO emphasizes the following three primary elements of monitoring:
Organizations should have an effective control environment for monitoring internal controlsto create an appropriate tone at the top that highlights the importance of internal controls
and the related role of monitoring internal control.
Organizations should priorize effective monitoring procedures and allocate monitoringresources consistent with the organizations risk appetite.
Organizations should establish a communication structure to allow timely reporting ofmonitoring activities, including control weaknesses, to appropriate parties.
In order to achieve these objectives and design effective monitoring procedures, COSOsmonitoring
guidance recommends that companies perform the following for steps.
a. Prioritize risks. Understand and prioritize risks to organizational objectives.b. Identify controls. Identify key controls accross the internal controls systems that address
those prioritized risks
c. Identify information. Identify information that will persuasively indicate whether the internalcontrol system is operating effectively.
d. Implement monitoring. Develop and implement cosy effective procedures to evaluate thatpersuasive information.