How Can The COSO Framework Improve Your Organization’s Internal Controls
Improve Organizational Performance and Oversight with the COSO Framework
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was created and designed to provide thought leadership through the development of comprehensive frameworks and guidance on internal control, fraud prevention and enterprise risk management. The overarching goal of a COSO Framework is to enhance and improve organizational performance and oversight, as well as reducing the extent of the risk of fraud.
Formed in 1985 to support the National Commission on Fraudulent Reporting, also known as the Treadway Commission, COSO began as a joint initiative, sponsored and funded by the five following private sector organizations:
- American Accounting Association (AAA): Serves as a benchmark organization in the promotion of excellence in accounting education, research and practice.
- American Institute of Certified Public Accountants (AICPA): This U.S. professional organization for Certified Public Accounts has more than 400,000 members from 145 countries around the world. The organization works to enhance the careers, experience and knowledge for CPAs by providing support through education and research for professionals in various industries. Perhaps most importantly, the AICPA sets the ethical standards, code of ethics, and alignment with the public’s interest in the field of accounting that is essential for professional CPA members to comply and uphold.
- Financial Executives International (FEI): Primarily serving as a member-based service organization for financial executives at all types and sizes of companies, public and private. Featuring a network of over 10,000 financial professionals in over 75 chapters around the globe, FEI offers practical and ethical support and information for dedicated financial professionals−delivered by fellow members serving in a leadership role−at all levels. FEI allows each member the opportunity to serve as leader or mentor, as needed and appropriate.
- Institute of Management Accountants (IMA): This professional U.S. organization raises awareness in management accounting and includes jobs in decision support, planning and control positions. With additional offices in Switzerland, UAE and China, and including more than 70,000 management accounting professionals, IMA certification and an ever-increasing collection of resources for management accounting industry support.
- The Institute of Internal Auditors (IIA): When it comes to internal audits and enterprise risk management, the IIA serves as the guidance-setting body. Active in more than 195 countries, the IIA has more than 185,000 members across the country and around the world. The IIA’s primary mission is to provide “dynamic leadership” for anyone associated with the internal auditing profession. Through continuing education and research to improve internal auditing methods, shared experiences among members who serve as leaders and mentors, and promotion of the field itself, the IIA helps to continually improve the field for everyone, from the internal auditors to the clients.
Each of these organizations brings its own unique professional philosophy, skills, mission and approach to the development of integrated guidance on internal control.
Integrated Control – the Integrated Framework
In September 1992, COSO released a four-volume report called Internal Control — Integrated Framework. The report established a common definition of internal control and provided a coordinated framework that companies might use as a reference point against which they might compare the health of their own internal control systems to make improvements.
With minor amendments in 1994 and 2013, Internal Control — Integrated Framework continues to serve as the benchmark for organizations trying to improve the outcomes of internal audits and the overall status of enterprise risk management. Now considered “institutional knowledge,” the report continues to provide a solid foundation for organizations to make improvements in the following areas:
- Higher expectations for governance oversight
- Advanced complexities in business
- Globalization of operations and markets
- Meeting complex demands in industry rules, regulations, laws and standards
- Anticipated results for industry competencies and accountabilities
- Adoption and adaptation of evolving technologies
- Expectations surrounding detection and prevention of fraud, along with other effective enterprise risk management improvements
- Improvement of reliability of financial reporting
The Key Concepts of Internal Control— Integrated Framework
The Internal Control— Integrated Framework report features several key concepts to reflect how the COSO Framework helps organizations, including the following:
- Internal control serves more as a process than an end result in itself.
- Internal control is not only a theory, idea, form, point in a manual, or policy. It is also a reflection of the people−and certainly affected by the people−using a particular system regularly.
- Internal control is not an absolute and only offers reasonable assurance to an entity’s governing body.
- Internal control may cover one or more categories, whether distinctly separate or overlapping.
The Five Components of the COSO Internal Control Framework
Any effective internal control system works best with certain components that reflect the overall mission, strategies and related business objectives. The COSO Framework features five components that support the achievement of those goals in any company.
- Control Environment – Built by setting the basic tone of the organization, particularly regarding internal controls, the control environment features policies, procedures and an overarching discipline, structure and integrity. The control environment is so ingrained that variances easily illuminate internal control issues.
- Risk Assessment – Every company around the world faces some degree of risk. This component focuses on identifying specific industry risks, as well as risks specific to the company itself before trying to analyze and outline potential management of risk.
- Control Activities – Setting and following solid policies and procedures−based on risk factors, rules, regulations and experience−help ensure that there are appropriate preventive actions and responses in place for any variation from the norm.
- Information and Communication – The flow of information, when it comes to internal controls, must flow in every direction, ensuring everyone related to a particular sector, or the entire system, stays up-to-date.
- Monitoring – In addition to regularly scheduled audits and auditor’s reports, it is important to continually monitor internal controls to root out and correct inconsistencies and issues right away.
How Can the COSO Framework Help Your Organization?
Whether your organization consistently maintains strong internal controls, or you have faced some uncertainties recently, the COSO Framework can help you and your IT team continue to improve. At I.S. Partners, LLC., the CPA and support staff can help you understand all the benefits of tightening your internal controls.
We hope you will contact us soon to let us know how we can help you understand the COSO Framework better or so we can help you prepare for an upcoming audit. Call us today at 215-675-1400 or request a quote here!