COSO FRAMEWORK Flashcards
The framework that enables organizations to:
* effectively and efficiently develop systems of
internal control that adapt to changing
business and operating environments,
* mitigate risks to acceptable levels, and
* support sound decision making and
governance of the organization.
What is COSO?
COSO Framework
This is defined as a process, effected by an entity’s board of
directors, management, and other
personnel, designed to provide reasonable
assurance regarding the achievement of
objectives relating to operations,
reporting, and compliance.
Internal Control
- Geared to the achievement of objectives
- A process consisting of ongoing tasks and
activities - Effected by people, not merely about
policy & procedures manual, systems &
forms - Able to provide reasonable assurance
- Adaptable to the entity structure
Internal Control
The main objectives of COSO Framework.
Operations
Reporting
Compliance
Control Environment
The objective of the COSO Framework that is related to the effectiveness and efficiency
of the entity’s operations, including
operational and financial goals, and
safeguarding of assets against loss.
Operations
The objective of the COSO Framework that is related to internal and external financial
and non-financial reporting to
stakeholders, which would encompass
reliability, timeliness, transparency, or
other terms as established by regulators,
standard setters, or the entity’s policies.
COSO Framework – OBJECTIVES
Reporting
The objective of the COSO Framework that is related to adhering to laws and regulations
that the entity must follow
Compliance
The pillars of the COSO Framework
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring Activities
The pillar of the COSO Framework that is a set of standards, processes, and structures that
provide the basis for carrying out internal
control across the organization.
Control Environment
The pillar of the COSO Framework that involves a dynamic and iterative process for identifying and analyzing risks to achieving the entity’s objectives, forming a basis for determining how risks should be managed.
Risk Assessment
The pillar of the COSO Framework that are actions established by the policies and
procedures to help ensure that management
directives to mitigate risks to the achievement
of objectives are carried out.
Performed at all levels of the entity, at various
stages within the business processes, and over
the technology environment.
Control Activities
One of the pillars of the COSO Framework that is necessary to carry out internal control responsibilities in support of achievement of its objectives.
Information
One of the pillars of the COSO Framework that enables personnel to
understand internal control responsibilities and
their importance to achievement of the
objectives.
Communication
One of the pillars of the COSO Framework that are ongoing evaluations to ascertain
whether each of the 5 components of
internal control, including controls to
effect the principles within each
component are present and
functioning.
Monitoring Activities
These are the three lines of defense when it comes to the COSO Framework.
- Operational Management
- Risk Management and Compliance Functions
- Internal Audit
