coso internal control — integrated framework principles sprin… · coso internal control —...

For more information about COSO, visit coso.org. ©2013, Committee of Sponsoring Organizations of the Treadway Commission (COSO). Used by permission. COSO Internal Control — Integrated Framework Principles The organization demonstrates a commitment to integrity and ethical values. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. The organization Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities The organization URGEKƂGU QDLGEVKXGU YKVJ UWHƂEKGPV ENCTKV[ to enable the KFGPVKƂECVKQP CPF assessment of risks relating to objectives. The organization KFGPVKƂGU TKUMU VQ VJG achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. The organization considers the potential for fraud in assessing risks to the achievement of objectives. The organization KFGPVKƂGU CPF CUUGUUGU changes that could UKIPKƂECPVN[ CHHGEV the system of internal control. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. The organization selects and develops general control activities over technology to support the achievement of objectives. The organization deploys control activities through policies that establish what is expected and procedures that put policies into action. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. The organization communicates with external parties regarding matters affecting the functioning of internal control. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. The organization evaluates and communicates internal control FGƂEKGPEKGU in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. it T d T 1 T d 2 M e 3 T T U 6 T KF 7 T c f 8 T KF 9 T T s 10 T o 13 T T s 16 T e 17 T in i 14 T c 15 T s 11 T d 12 T d 4 T i 5 Asse A COSO

Upload: others

Post on 30-Jun-2020

20 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

For more informationabout COSO,visit coso.org.

COSO Internal Control —Integrated Framework Principles

The organization demonstrates acommitment tointegrity and ethical values.

The board of directors demonstratesindependence from management andexercises oversight of the development andperformance of internal control.

Managementestablishes, with boardoversight, structures, reporting lines, andappropriate authorities and responsibilitiesin the pursuit ofobjectives.

The organization demonstrates acommitment to attract, develop, and retaincompetent individuals in alignment withobjectives.

The organization holds individualsaccountable for their internal controlresponsibilities in the pursuit of objectives.

The organization

Control Environment

Risk Assessment

Control Activities

Information &Communication

MonitoringActivities

The organization

to enable the

assessment of risks relating to objectives.

The organization

achievement of its objectives across theentity and analyzes risks as a basis fordetermining howthe risks should be managed.

The organizationconsiders the potential for fraud in assessing risks to theachievement ofobjectives.

The organization

changes that could

the system ofinternal control.

The organization selects and developscontrol activities that contribute to themitigation of risks tothe achievement ofobjectives toacceptable levels.

The organization selects and develops general controlactivities overtechnologyto support theachievement ofobjectives.

The organizationdeploys controlactivities through policies that establish what is expectedand proceduresthat put policiesinto action.

The organization obtains or generates and uses relevant, quality informationto support thefunctioning of internal control.

The organization internally communicatesinformation, including objectives andresponsibilities for internal control,necessary to support the functioning ofinternal control.

The organization communicates withexternal partiesregarding matters affecting thefunctioning ofinternal control.

The organization selects, develops, and performsongoing and/or separate evaluations to ascertain whether the componentsof internal controlare presentand functioning.

The organization evaluates andcommunicates internal control

in a timely mannerto those partiesresponsible for taking corrective action, including senior management and the boardof directors, asappropriate.

TdT1

TT6

Tcf

TTs

Tini