coso s internal control

8/3/2019 Coso s Internal Control

1/15

www.bibiconsulting.com 1

Internal ControlIntegrated Framework

An Overview..

Prepared by Wael F. Bibi ,JCPA,CPA,CIA

Bibi Consulting,Inc.

COSOs

Source: COSOs Internal Control Integrated framework


2/15


What is COSO?

Who are the sponsors?


3/15


What Is Internal Control ?

A process effected by an entitys board ofdirectors,management and other

personnel,designed to provide reasonable

assurance regarding the achievements of

objectives in the following categories:

j Effectiveness & efficiency of operations.

j Reliability of financial reporting.

j Compliance with applicable laws and regulations.


4/15


j Internal control is aprocess. It is a means

to an end, not an end in itself.j Internal control is effected bypeople. Its

not merely policy manuals and forms, butpeople at every level of an organization.

j Internal control can be expected toprovide only reasonable assurance, notabsolute assurance, to an entitysmanagement and board.

j Internal control is geared to theachievement ofobjectives in one or moreseparate but overlapping categories.


5/15


Components Of Internal Control

jControl Environment.

jRisk Assessment.

jControl Activities.j Information & Communication.

jMonitoring.


6/15



7/15


Control Environment

j Sets the tone of the organization.

j The foundation for all other components.

j It includes the integrity,ethical values and competence of

the people.j Reflects: managements philosophy & operating style,the

way management assigns authority and responsibility and

organizes and develops its people, and the attention and

direction provided by the board of directors.


8/15


Risk Assessment

jEvery entity faces internal &external risks.

jEvery entity sets objectives.

jRisk assessment is the identification andanalysis of relevant risks to achievements of

the objectives.


9/15


Control Activities

j The policies and procedures that help ensure

management directives are carried out.

j They help ensure that necessary actions are taken

to address risks.

j Control activities occur throughout the entity at all

levels and in all functions.

j They include activities such as approvals ,authorization,reconciliations and segregation of

duties.


10/15


Information & Communication

j Relevant information must be identified , capturedand communicated in a form & timeframe thatenables people to carry out their responsibilities.

j Information systems produce reports containingoperational,financial and compliance relatedinformation that make it possible to run and

control the business.

j Effective communication must occur in a broadersense,flowing down,across and up theorganization.


11/15


Monitoring

j Internal control systems need to be monitored.

j Types of monitoring:

- ongoing during the course of operations.

- evaluation for which the scope and frequency will

depend primarily on an assessment of risks and the

effectiveness of ongoing monitoring procedures.


12/15


Responsibilities

Who is responsible for internal control ?

Everyone !

Board of Directors :Governance,guidance & oversight

Management : CEO is the owner

Internal Auditors: evaluate & monitor

Other personnel :information and communication


13/15


What Internal Control Can Do

j It can help achieve performance & profitability

targets.

j It can help prevent loss of resources.

j It can help ensure reliable financial reporting.

j It can help ensure compliance with laws.

It can help an entity get to where it wants togo,and avoid pitfalls and surprises along the

way.


14/15


What Internal Control Cannot Do

j It cannot ensure success.

j It cannot ensure the reliability of financial

reporting.

j It cannot ensure compliance with laws and

regulations.

Internal controls ,no matter how well designed and

operated,can provide only reasonable assurance tomanagement regarding achievements of an

entitys objectives.


15/15


Limitations of Internal Control

j Judgement.

jBreakdowns.

jManagement override.jCollusion.

jCosts Versus Benefits.

coso s internal control

Documents