SlideShare a Scribd company logo

Internal Audit COSO Framework

Download as PPT, PDF
J
Jesús Gándara

Summary of the document "COSO Internal Control Framework" (www.coso.org )

Business
1 of 12
Internal Audit Internal Control Framework (COSO) Information Source: - COSO Internal Control Framework ( www.coso.org )
Internal Audit Internal Control Framework (COSO) The COSO Framework states that “monitoring ensures that internal control continues to operate effectively.” COSO’s 2006 Guidance enhances the understanding of monitoring by articulating the following two related principles: • Ongoing and/or separate evaluations enable management to determine whether the other components of internal control continue to function over time. • Internal control deficiencies are identified and communicated in a timely manner to those parties responsible for taking corrective action and to management and the board as appropriate. Monitoring involves establishing a foundation for monitoring, designing and executing monitoring procedures that are prioritized based on risk, and assessing and reporting the results, including following up on corrective action where necessary.
Internal Audit Internal Control Framework (COSO) Planning and organizational support form the foundation for monitoring, which includes a tone from the top about the importance of internal control (including monitoring), an organizational structure that considers the roles of management and the board in regard to monitoring and the use of evaluators with appropriate capabilities, objectivity and authority, and a baseline understanding of internal control effectiveness. As with every internal control component, the ways in which management and the board express their beliefs about the importance of monitoring have a direct impact on its effectiveness. Management’s tone influences the way employees conduct and react to monitoring. Likewise, the board’s tone influences he way management conducts and reacts to monitoring. Tone from the Top Organizational Structure Role of Management and the Board — Management has the primary responsibility for the effectiveness of an organization’s internal control system. Management establishes the system and makes sure that it continues to operate effectively. However, controls performed directly by members of senior management cannot be monitored objectively by those individuals or their designees. The board may also need to monitor such controls, which it frequently accomplishes through an audit committee and an internal audit function . In most cases, the board is ultimately responsible for determining whether management has implemented effective internal control (including monitoring). Establishing a Foundation for Monitoring
Internal Audit Internal Control Framework (COSO) Organizational Structure Baseline Understanding of Internal Control Effectiveness When ongoing-monitoring or separate-evaluation procedures identify a change in the environment, the organization determines whether a corresponding change is needed in the internal control system. When monitoring identifies a change in the internal control system, the organization needs to verify whether that change was designed and implemented properly. Characteristics of Evaluators — Monitoring is conducted by evaluators who are appropriately competent and objective in the given circumstances. Competence refers to the evaluator’s knowledge of the controls and related processes, including how controls should operate and what constitutes a control deficiency. The evaluator’s objectivity refers to the extent to which he or she can be expected to perform an evaluation with no concern about possible personal consequences and no vested interest in manipulating the information for personal benefit or self-preservation. Monitoring starts with a supported understanding of the internal control system’s design and of whether controls have been implemented to accomplish the organization’s internal control objectives. An established baseline understanding of internal control effectiveness provides an appropriate starting point for more-effective and more-efficient monitoring — monitoring that focuses on identifying changes either in the environment or in the internal control system and on the organization’s ability to manage those changes properly.
Internal Audit Internal Control Framework (COSO) Designing and Executing Monitoring Procedures The core of effective and efficient monitoring lies in designing and executing monitoring procedures that evaluate important controls over meaningful risks to the organization’s objectives. The model reiterates the importance of understanding risks, and the relationship of controls to risks, as a fundamental part of the COSO Framework.
Internal Audit Internal Control Framework (COSO) Designing monitoring begins with understanding and prioritizing the risks to achieving important organizational objectives. Prioritizing risks helps identify which risks are meaningful enough to subject to control monitoring. In a properly operating internal control system, the risk assessment component will routinely identify and prioritize risks to the organization’s objectives. Important controls — often referred to as key controls — are those that are most important to monitor in order to support a conclusion about the internal control system’s ability to operate effectively. They often have one or both of the following characteristics: • Their failure might materially affect the organization’s objectives, yet not reasonably be detected in a timely manner by other controls, and/or • Their operation might prevent other control failures or detect such failures before they have an opportunity to become material to the organization’s objectives. Once key controls are noted, evaluators identify the information that will support a conclusion about whether those controls have been implemented and are operating as designed. Identifying this information entails knowing how control failure might occur and what information will be persuasive in determining whether the control system is or is not working properly. The identification of persuasive information allows the organization to determine which monitoring procedures to employ (i.e., ongoing monitoring or separate evaluations), as well as the frequency with which the monitoring procedures should take place.
Internal Audit Internal Control Framework (COSO) Persuasive Information To be effective, monitoring must evaluate a sufficient amount of suitable information. Suitable information is relevant, reliable , and timely in the given circumstances. Sufficient suitable information provides the evaluator with the support needed to conclude on the internal control system’s ability to manage or mitigate identified risks. One of the most important aspects of suitability (and, thus, of persuasive information) is the distinction between direct and indirect information . Direct information substantiates the operation of controls and is obtained by observing controls in operation, reperforming them, or otherwise testing their operation directly. It can be useful in both ongoing monitoring and separate evaluations. Generally, direct information is highly relevant because it provides an unobstructed view of control operation. Indirect information is all other information used to infer whether controls or control components continue to operate effectively. It either relates to or is produced by the process in which the controls reside. Indirect information might include, but is not limited to, operating statistics, key risk indicators , key performance indicators , and comparative industry metrics. Approaches and Frequency With the risks prioritized, key controls noted, and available persuasive information identified, the organization implements monitoring procedures that evaluate the effectiveness of the internal control system’s ability to manage or mitigate the identified risks. Monitoring involves the use of ongoing monitoring procedures and/or separate evaluations to gather and analyze persuasive information supporting conclusions about the effectiveness of internal control across all five COSO components.
Internal Audit Internal Control Framework (COSO) Approaches and Frequency Ongoing monitoring occurs when the normal operations of an organization provide feedback — through both direct and indirect information — to risk owners about the effectiveness of the internal control system. It includes regular management and supervisory activities, peer comparisons and trend analysis using internal and external data, reconciliations, and other routine actions. Ongoing monitoring might also include automated tools that electronically evaluate controls and/or transactions. Because they are performed routinely, often on a real-time basis, ongoing monitoring procedures can offer the first opportunity to identify and correct control deficiencies. Separate evaluations can employ the same techniques as ongoing monitoring, but they are designed to evaluate controls periodically and are not ingrained in the daily operations of the organization. They do, however, play an important role in monitoring in that they often provide: • A more objective analysis of control effectiveness than ongoing monitoring procedures that are often performed by less objective personnel, and • Periodic feedback regarding the effectiveness of ongoing monitoring procedures. When ongoing monitoring is effective, periodic separate evaluations are used as necessary to reconfirm the conclusions reached through ongoing monitoring. Separate evaluations are also used to address controls that are not subject to ongoing monitoring.
Internal Audit Internal Control Framework (COSO) Assessing and Reporting Results The monitoring process is complete when the results are compiled and reported to appropriate personnel. This final stage enables the results of monitoring to either confirm previously established expectations about the effectiveness of internal control or highlight identified deficiencies for possible corrective action. Prioritizing and Communicating Results Identifying and prioritizing potential control deficiencies allows organizations to determine the levels to which the potential deficiencies should be reported, and the corrective action, if any, that should be taken. Several factors may influence an organization’s prioritization of identified deficiencies, including: • The likelihood that the deficiency will result in an error, • The effectiveness of other, compensating controls , • The potential effect of an identified deficiency on organizational objectives, • The potential effect of the deficiency on other objectives, and • The aggregating effect of multiple deficiencies.
Internal Audit Internal Control Framework (COSO) Reporting Externally A properly designed and executed monitoring program helps support external assertions because it provides persuasive information that internal control operated effectively at a point in time or during a particular period. The presence of external assertion requirements may affect the type, timing, and extent of monitoring an organization decides to perform. Therefore, organizations that are required to report to third parties on the effectiveness of their internal control system may design and execute monitoring activities differently than entities that are not required to report. Reporting protocols vary depending on the purpose for which the monitoring is conducted and the severity of the deficiencies. Typically, the results of monitoring conducted for purposes of evaluating an organization’s entity-wide objectives are reported to senior management and the board. Control deficiencies should be reported to the person directly responsible for the control’s operation and to management that has oversight responsibilities and is at least one level higher. Reporting at least to these two levels gives the responsible person the information necessary to correct control operation and also helps ensure that appropriately objective people are involved in the severity assessment and followup.
Internal Audit Internal Control Framework (COSO) Summary Considerations Regarding Effective Monitoring Many organizations are performing effective monitoring in certain areas, but are not fully utilizing the results of that monitoring to support their conclusions about the effectiveness of the internal control system. Monitoring considers how the entire internal control system addresses meaningful risks, not how individual control activities operate in isolation, without regard to the level of risk and the effectiveness of other elements of the internal control system. Monitoring works best when management approaches it proactively, establishing a baseline understanding of internal control effectiveness and an information system that alerts it to changes in internal control processes or risks that affect the need to change or add controls. The board has important responsibilities in monitoring internal control (especially the controls that relate to ensuring a strong tone from the top) and in mitigating the risk of management override. Internal audit , through added skills and objectivity, can play an important role in assisting management and the board in monitoring, especially as organizations grow in size and complexity. 1. 2. 3. 4. 5.
Internal Audit Internal Control Framework (COSO) Summary Considerations Regarding Effective Monitoring Organizations should follow a systematic process in determining “what” and “how” to monitor. That process is developed in this guidance and starts with identifying and prioritizing the risks that are being mitigated by effective internal controls. Judgment is required in determining both the optimal approach to monitoring, and the effectiveness of monitoring. Monitoring generally includes the use of both direct and indirect information. However, indirect information can be used only for a finite period of time without some direct evidence that the underlying control is operating effectively. Monitoring can be performed using either “ongoing” monitoring activities or “separate evaluations.” Most organizations will use a combination of both approaches, but ongoing monitoring using appropriately persuasive information is often most effective and efficient. Computerized applications have undergone substantial development and can be built into, or added onto, existing computer applications, providing a high degree of continuous monitoring. 6. 7. 8. 9. 10.

Recommended

Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkAziz Fataliyev, Internal Audit Practitioner
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Auditijazurrehman
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Coso illustrative tool
Coso illustrative toolCoso illustrative tool
Coso illustrative toolSARVJEET KAUSHAL
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Frameworkhyesue
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing PresentationVernon Benjamin
 

Recommended

Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkAziz Fataliyev, Internal Audit Practitioner
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Auditijazurrehman
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Coso illustrative tool
Coso illustrative toolCoso illustrative tool
Coso illustrative toolSARVJEET KAUSHAL
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Frameworkhyesue
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing PresentationVernon Benjamin
 
Compliance audit
Compliance auditCompliance audit
Compliance auditEmma Yaks
 
MEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCEMEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCEbbongio
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit FrameworkAhmad Tariq Bhatti
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptIbrahim Jimalle
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing PresentationVernon Benjamin
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit MethodologyManoj Agarwal
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The AuditorCorporate Compliance Seminars
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal AuditArmeniaFED
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxHeldaMaryA
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit departmentSalih Islam
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid themSurajit Datta
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptLetzconsult.com
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditingDavid Griffiths
 
Internal Audit effectiveness
Internal Audit effectivenessInternal Audit effectiveness
Internal Audit effectivenessKaran Puri
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit ReportingSALIH AHMED ISLAM
 
COSO Framework Model
COSO Framework ModelCOSO Framework Model
COSO Framework ModelTownofAddison
 
Internal Auditor Roles
Internal Auditor RolesInternal Auditor Roles
Internal Auditor RolesIyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Controlling
ControllingControlling
ControllingSa Na
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 

More Related Content

What's hot

Compliance audit
Compliance auditCompliance audit
Compliance auditEmma Yaks
 
MEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCEMEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCEbbongio
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing PresentationVernon Benjamin
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit MethodologyManoj Agarwal
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal AuditArmeniaFED
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxHeldaMaryA
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit departmentSalih Islam
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid themSurajit Datta
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditingDavid Griffiths
 
Internal Audit effectiveness
Internal Audit effectivenessInternal Audit effectiveness
Internal Audit effectivenessKaran Puri
 
COSO Framework Model
COSO Framework ModelCOSO Framework Model
COSO Framework ModelTownofAddison
 

What's hot (20)

Compliance audit
Compliance auditCompliance audit
Compliance audit
 
MEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCEMEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCE
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
 
Coso framework
Coso frameworkCoso framework
Coso framework
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptx
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guide
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
 
Internal Audit effectiveness
Internal Audit effectivenessInternal Audit effectiveness
Internal Audit effectiveness
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit Reporting
 
COSO Framework Model
COSO Framework ModelCOSO Framework Model
COSO Framework Model
 
Internal Auditor Roles
Internal Auditor RolesInternal Auditor Roles
Internal Auditor Roles
 

Similar to Internal Audit COSO Framework

Controlling
ControllingControlling
ControllingSa Na
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxvailethmwaisanila
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial ControlsStephen G. Lynch
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Evaluation of the effect of monitoring and control activities on fraud detect...
Evaluation of the effect of monitoring and control activities on fraud detect...Evaluation of the effect of monitoring and control activities on fraud detect...
Evaluation of the effect of monitoring and control activities on fraud detect...Alexander Decker
 
Internal control.. control env
Internal control.. control envInternal control.. control env
Internal control.. control envPhillys Sebastiane
 
Managerial Control By Rajendra Nath Naik
Managerial Control By Rajendra Nath NaikManagerial Control By Rajendra Nath Naik
Managerial Control By Rajendra Nath NaikRajendra Nath Naik
 
Controlling in management
Controlling in managementControlling in management
Controlling in managementTumblr
 
CS1-1Internal Auditing Assurance & Advisory Services, 3rd Edi.docx
CS1-1Internal Auditing Assurance & Advisory Services, 3rd Edi.docxCS1-1Internal Auditing Assurance & Advisory Services, 3rd Edi.docx
CS1-1Internal Auditing Assurance & Advisory Services, 3rd Edi.docxannettsparrow
 
CHAPTER-1 Management Audit and Planning procedure.pdf
CHAPTER-1 Management Audit and Planning procedure.pdfCHAPTER-1 Management Audit and Planning procedure.pdf
CHAPTER-1 Management Audit and Planning procedure.pdfDr. Dinesh Mehta
 

Similar to Internal Audit COSO Framework (20)

Controlling
ControllingControlling
Controlling
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptx
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial Controls
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...
 
Evaluation of the effect of monitoring and control activities on fraud detect...
Evaluation of the effect of monitoring and control activities on fraud detect...Evaluation of the effect of monitoring and control activities on fraud detect...
Evaluation of the effect of monitoring and control activities on fraud detect...
 
Internal control
Internal controlInternal control
Internal control
 
Controlling
Controlling Controlling
Controlling
 
Internal control.. control env
Internal control.. control envInternal control.. control env
Internal control.. control env
 
Controlling
ControllingControlling
Controlling
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - Templates
 
Control28
Control28Control28
Control28
 
Managerial Control By Rajendra Nath Naik
Managerial Control By Rajendra Nath NaikManagerial Control By Rajendra Nath Naik
Managerial Control By Rajendra Nath Naik
 
Controlling in management
Controlling in managementControlling in management
Controlling in management
 
CONTROLLING
CONTROLLING CONTROLLING
CONTROLLING
 
Audit procedures
Audit proceduresAudit procedures
Audit procedures
 
CS1-1Internal Auditing Assurance & Advisory Services, 3rd Edi.docx
CS1-1Internal Auditing Assurance & Advisory Services, 3rd Edi.docxCS1-1Internal Auditing Assurance & Advisory Services, 3rd Edi.docx
CS1-1Internal Auditing Assurance & Advisory Services, 3rd Edi.docx
 
CHAPTER-1 Management Audit and Planning procedure.pdf
CHAPTER-1 Management Audit and Planning procedure.pdfCHAPTER-1 Management Audit and Planning procedure.pdf
CHAPTER-1 Management Audit and Planning procedure.pdf
 

Recently uploaded

Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 

Recently uploaded (20)

Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 

Internal Audit COSO Framework

  • 1. Internal Audit Internal Control Framework (COSO) Information Source: - COSO Internal Control Framework ( www.coso.org )
  • 2. Internal Audit Internal Control Framework (COSO) The COSO Framework states that “monitoring ensures that internal control continues to operate effectively.” COSO’s 2006 Guidance enhances the understanding of monitoring by articulating the following two related principles: • Ongoing and/or separate evaluations enable management to determine whether the other components of internal control continue to function over time. • Internal control deficiencies are identified and communicated in a timely manner to those parties responsible for taking corrective action and to management and the board as appropriate. Monitoring involves establishing a foundation for monitoring, designing and executing monitoring procedures that are prioritized based on risk, and assessing and reporting the results, including following up on corrective action where necessary.
  • 3. Internal Audit Internal Control Framework (COSO) Planning and organizational support form the foundation for monitoring, which includes a tone from the top about the importance of internal control (including monitoring), an organizational structure that considers the roles of management and the board in regard to monitoring and the use of evaluators with appropriate capabilities, objectivity and authority, and a baseline understanding of internal control effectiveness. As with every internal control component, the ways in which management and the board express their beliefs about the importance of monitoring have a direct impact on its effectiveness. Management’s tone influences the way employees conduct and react to monitoring. Likewise, the board’s tone influences he way management conducts and reacts to monitoring. Tone from the Top Organizational Structure Role of Management and the Board — Management has the primary responsibility for the effectiveness of an organization’s internal control system. Management establishes the system and makes sure that it continues to operate effectively. However, controls performed directly by members of senior management cannot be monitored objectively by those individuals or their designees. The board may also need to monitor such controls, which it frequently accomplishes through an audit committee and an internal audit function . In most cases, the board is ultimately responsible for determining whether management has implemented effective internal control (including monitoring). Establishing a Foundation for Monitoring
  • 4. Internal Audit Internal Control Framework (COSO) Organizational Structure Baseline Understanding of Internal Control Effectiveness When ongoing-monitoring or separate-evaluation procedures identify a change in the environment, the organization determines whether a corresponding change is needed in the internal control system. When monitoring identifies a change in the internal control system, the organization needs to verify whether that change was designed and implemented properly. Characteristics of Evaluators — Monitoring is conducted by evaluators who are appropriately competent and objective in the given circumstances. Competence refers to the evaluator’s knowledge of the controls and related processes, including how controls should operate and what constitutes a control deficiency. The evaluator’s objectivity refers to the extent to which he or she can be expected to perform an evaluation with no concern about possible personal consequences and no vested interest in manipulating the information for personal benefit or self-preservation. Monitoring starts with a supported understanding of the internal control system’s design and of whether controls have been implemented to accomplish the organization’s internal control objectives. An established baseline understanding of internal control effectiveness provides an appropriate starting point for more-effective and more-efficient monitoring — monitoring that focuses on identifying changes either in the environment or in the internal control system and on the organization’s ability to manage those changes properly.
  • 5. Internal Audit Internal Control Framework (COSO) Designing and Executing Monitoring Procedures The core of effective and efficient monitoring lies in designing and executing monitoring procedures that evaluate important controls over meaningful risks to the organization’s objectives. The model reiterates the importance of understanding risks, and the relationship of controls to risks, as a fundamental part of the COSO Framework.
  • 6. Internal Audit Internal Control Framework (COSO) Designing monitoring begins with understanding and prioritizing the risks to achieving important organizational objectives. Prioritizing risks helps identify which risks are meaningful enough to subject to control monitoring. In a properly operating internal control system, the risk assessment component will routinely identify and prioritize risks to the organization’s objectives. Important controls — often referred to as key controls — are those that are most important to monitor in order to support a conclusion about the internal control system’s ability to operate effectively. They often have one or both of the following characteristics: • Their failure might materially affect the organization’s objectives, yet not reasonably be detected in a timely manner by other controls, and/or • Their operation might prevent other control failures or detect such failures before they have an opportunity to become material to the organization’s objectives. Once key controls are noted, evaluators identify the information that will support a conclusion about whether those controls have been implemented and are operating as designed. Identifying this information entails knowing how control failure might occur and what information will be persuasive in determining whether the control system is or is not working properly. The identification of persuasive information allows the organization to determine which monitoring procedures to employ (i.e., ongoing monitoring or separate evaluations), as well as the frequency with which the monitoring procedures should take place.
  • 7. Internal Audit Internal Control Framework (COSO) Persuasive Information To be effective, monitoring must evaluate a sufficient amount of suitable information. Suitable information is relevant, reliable , and timely in the given circumstances. Sufficient suitable information provides the evaluator with the support needed to conclude on the internal control system’s ability to manage or mitigate identified risks. One of the most important aspects of suitability (and, thus, of persuasive information) is the distinction between direct and indirect information . Direct information substantiates the operation of controls and is obtained by observing controls in operation, reperforming them, or otherwise testing their operation directly. It can be useful in both ongoing monitoring and separate evaluations. Generally, direct information is highly relevant because it provides an unobstructed view of control operation. Indirect information is all other information used to infer whether controls or control components continue to operate effectively. It either relates to or is produced by the process in which the controls reside. Indirect information might include, but is not limited to, operating statistics, key risk indicators , key performance indicators , and comparative industry metrics. Approaches and Frequency With the risks prioritized, key controls noted, and available persuasive information identified, the organization implements monitoring procedures that evaluate the effectiveness of the internal control system’s ability to manage or mitigate the identified risks. Monitoring involves the use of ongoing monitoring procedures and/or separate evaluations to gather and analyze persuasive information supporting conclusions about the effectiveness of internal control across all five COSO components.
  • 8. Internal Audit Internal Control Framework (COSO) Approaches and Frequency Ongoing monitoring occurs when the normal operations of an organization provide feedback — through both direct and indirect information — to risk owners about the effectiveness of the internal control system. It includes regular management and supervisory activities, peer comparisons and trend analysis using internal and external data, reconciliations, and other routine actions. Ongoing monitoring might also include automated tools that electronically evaluate controls and/or transactions. Because they are performed routinely, often on a real-time basis, ongoing monitoring procedures can offer the first opportunity to identify and correct control deficiencies. Separate evaluations can employ the same techniques as ongoing monitoring, but they are designed to evaluate controls periodically and are not ingrained in the daily operations of the organization. They do, however, play an important role in monitoring in that they often provide: • A more objective analysis of control effectiveness than ongoing monitoring procedures that are often performed by less objective personnel, and • Periodic feedback regarding the effectiveness of ongoing monitoring procedures. When ongoing monitoring is effective, periodic separate evaluations are used as necessary to reconfirm the conclusions reached through ongoing monitoring. Separate evaluations are also used to address controls that are not subject to ongoing monitoring.
  • 9. Internal Audit Internal Control Framework (COSO) Assessing and Reporting Results The monitoring process is complete when the results are compiled and reported to appropriate personnel. This final stage enables the results of monitoring to either confirm previously established expectations about the effectiveness of internal control or highlight identified deficiencies for possible corrective action. Prioritizing and Communicating Results Identifying and prioritizing potential control deficiencies allows organizations to determine the levels to which the potential deficiencies should be reported, and the corrective action, if any, that should be taken. Several factors may influence an organization’s prioritization of identified deficiencies, including: • The likelihood that the deficiency will result in an error, • The effectiveness of other, compensating controls , • The potential effect of an identified deficiency on organizational objectives, • The potential effect of the deficiency on other objectives, and • The aggregating effect of multiple deficiencies.
  • 10. Internal Audit Internal Control Framework (COSO) Reporting Externally A properly designed and executed monitoring program helps support external assertions because it provides persuasive information that internal control operated effectively at a point in time or during a particular period. The presence of external assertion requirements may affect the type, timing, and extent of monitoring an organization decides to perform. Therefore, organizations that are required to report to third parties on the effectiveness of their internal control system may design and execute monitoring activities differently than entities that are not required to report. Reporting protocols vary depending on the purpose for which the monitoring is conducted and the severity of the deficiencies. Typically, the results of monitoring conducted for purposes of evaluating an organization’s entity-wide objectives are reported to senior management and the board. Control deficiencies should be reported to the person directly responsible for the control’s operation and to management that has oversight responsibilities and is at least one level higher. Reporting at least to these two levels gives the responsible person the information necessary to correct control operation and also helps ensure that appropriately objective people are involved in the severity assessment and followup.
  • 11. Internal Audit Internal Control Framework (COSO) Summary Considerations Regarding Effective Monitoring Many organizations are performing effective monitoring in certain areas, but are not fully utilizing the results of that monitoring to support their conclusions about the effectiveness of the internal control system. Monitoring considers how the entire internal control system addresses meaningful risks, not how individual control activities operate in isolation, without regard to the level of risk and the effectiveness of other elements of the internal control system. Monitoring works best when management approaches it proactively, establishing a baseline understanding of internal control effectiveness and an information system that alerts it to changes in internal control processes or risks that affect the need to change or add controls. The board has important responsibilities in monitoring internal control (especially the controls that relate to ensuring a strong tone from the top) and in mitigating the risk of management override. Internal audit , through added skills and objectivity, can play an important role in assisting management and the board in monitoring, especially as organizations grow in size and complexity. 1. 2. 3. 4. 5.
  • 12. Internal Audit Internal Control Framework (COSO) Summary Considerations Regarding Effective Monitoring Organizations should follow a systematic process in determining “what” and “how” to monitor. That process is developed in this guidance and starts with identifying and prioritizing the risks that are being mitigated by effective internal controls. Judgment is required in determining both the optimal approach to monitoring, and the effectiveness of monitoring. Monitoring generally includes the use of both direct and indirect information. However, indirect information can be used only for a finite period of time without some direct evidence that the underlying control is operating effectively. Monitoring can be performed using either “ongoing” monitoring activities or “separate evaluations.” Most organizations will use a combination of both approaches, but ongoing monitoring using appropriately persuasive information is often most effective and efficient. Computerized applications have undergone substantial development and can be built into, or added onto, existing computer applications, providing a high degree of continuous monitoring. 6. 7. 8. 9. 10.