Internal Contol

2013 COSO IC Framework

What is a control?
An activity put in place to mitigate a risk.
COSO (Committee of Sponsoring Organization
of the Tradeway Commission)
A joint initiative of 5 private organization
American Accounting Association
American Institute of CPAs
Financial Executives International
Institute of Management
Accountants
The Institute of Internal Auditors
History of Internal Control Legislation
1. SEC Acts of 1933 and 1934
(BLACK TUESDAY)
Enacted because something
happened (Great Depression)
during this period
i. Great Depression Decline
of economy
1. Market of penny
stock
a. Those Acts
were passed
to protect the
public
2. Replacement of
human labor by
machines
2. Copyright Law of 1976
To protect the users and creator of
software (people were blaming
faulty software creators), so that
management will be liable for the
flaws and not the creators of the
software.
3. Foreign Corrupt Practices Act of 1977
ECPA
A company must have independent
audit committee
Companies must submit its records
to SEC
4. COSO of 1992
5. SOX (Sarbanes-Oxley Act of 2002)
COSO
Mission
The
Committee
of
Sponsoring
Organizations (COSO) mission is to provide
thought leadership through the development of
comprehensive frameworks and guidance on
enterprise risk management, internal control and
fraud
deterrence
designed
to
improve
organizational performance and governance and
to reduce the extent of fraud in organizations.

Components
1. Control Environment
a. Integrity
and
ethical
values
of
management
i. The tone at the top.
ii. Should have at a minimum
1. Organizational Chart and Role
Descriptions
2. Policies
and
Procedures
(Company Manual)
2. Risk Assessment
a. Establishment of mechanisms to identify
and analyze risk
i. At a minimum, a company must
conduct the following:
1. Annual Risk Assessment
2. Business Performance Review
3. Control Activities
a. Various policies and procedures at
process level
i. At a minimum, a company must have
the following:
1. Financial Reconcialition
2. Transaction Approval
4. Information and Communication
a. Systems enabling people to identify,
capture and exchange on a timely
basis the information needed to
conduct,
manage
and
control
operations.
b. Examples are:
i. Standard operation Procedure
ii. Management Information System
5. Monitoring
a. Supervision of established controls
and communication to appropriate
authority as often as required.
b. Examples are:
i. Internal Audit
ii. Non-compliance of policies will be
dealt with accordingly.

Section 301 Responsibilities of corporate

management
Section 302 Establishment of hotlines for
anonymous whistleblowers

THE PDC MODEL (Preventive-Detective-

Corrective Internal Control Model )

Prevention First Line of Defense

An ounce of prevention is worth a pound of

cure Benjamin Franklin

Sarbanes Oxley Act of 2002

Founders:
1. Michael Oxley
2. Paul Sarbanes

Section
404
Requirements

Internal

Control

Detective symptotic
Corrective reversal of defects