Internal Control Integrated Framework

1
Internal Control Integrated Framework
COSOs

• An Overview..

Source COSOs Internal Control Integrated
framework
Prepared by Wael F. Bibi ,JCPA,CPA,CIA
Bibi Consulting,Inc.
2

• What is COSO?

Who are the sponsors?
3
What Is Internal Control ?

• A process effected by an entitys board of
  directors,management and other personnel,designed
  to provide reasonable assurance regarding the
  achievements of objectives in the following
  categories
• Effectiveness efficiency of operations.
• Reliability of financial reporting.
• Compliance with applicable laws and regulations.

4

• Internal control is a process. It is a means to
  an end, not an end in itself.
• Internal control is effected by people. Its not
  merely policy manuals and forms, but people at
  every level of an organization.
• Internal control can be expected to provide only
  reasonable assurance, not absolute assurance, to
  an entitys management and board.
• Internal control is geared to the achievement of
  objectives in one or more separate but
  overlapping categories.

5
Components Of Internal Control

• Control Environment.
• Risk Assessment.
• Control Activities.
• Information Communication.
• Monitoring.

6
(No Transcript)
7
Control Environment

• Sets the tone of the organization.
• The foundation for all other components.
• It includes the integrity,ethical values and
  competence of the people.
• Reflects managements philosophy operating
  style,the way management assigns authority and
  responsibility and organizes and develops its
  people, and the attention and direction provided
  by the board of directors.

8
Risk Assessment

• Every entity faces internal external risks.
• Every entity sets objectives.
• Risk assessment is the identification and
  analysis of relevant risks to achievements of the
  objectives.

9
Control Activities

• The policies and procedures that help ensure
  management directives are carried out.
• They help ensure that necessary actions are taken
  to address risks.
• Control activities occur throughout the entity at
  all levels and in all functions.
• They include activities such as approvals ,
  authorization,reconciliations and segregation of
  duties.

10
Information Communication

• Relevant information must be identified ,
  captured and communicated in a form timeframe
  that enables people to carry out their
  responsibilities.
• Information systems produce reports containing
  operational,financial and compliance related
  information that make it possible to run and
  control the business.
• Effective communication must occur in a broader
  sense,flowing down,across and up the organization.

11
Monitoring

• Internal control systems need to be monitored.
• Types of monitoring
• - ongoing during the course of operations.
• - evaluation for which the scope and frequency
  will depend primarily on an assessment of risks
  and the effectiveness of ongoing monitoring
  procedures.

12
Responsibilities

• Who is responsible for internal control ?
• Everyone !
• Board of Directors Governance,guidance
  oversight
• Management CEO is the owner
• Internal Auditors evaluate monitor
• Other personnel information and communication

13
What Internal Control Can Do

• It can help achieve performance profitability
  targets.
• It can help prevent loss of resources.
• It can help ensure reliable financial reporting.
• It can help ensure compliance with laws.

It can help an entity get to where it wants to
go,and avoid pitfalls and surprises along the way.
14
What Internal Control Cannot Do

• It cannot ensure success.
• It cannot ensure the reliability of financial
  reporting.
• It cannot ensure compliance with laws and
  regulations.
• Internal controls ,no matter how well designed
  and operated,can provide only reasonable
  assurance to management regarding achievements of
  an entitys objectives.

15
Limitations of Internal Control

• Judgement.
• Breakdowns.
• Management override.
• Collusion.
• Costs Versus Benefits.