Flashcards in COSO Internal Controls Framework Deck (7):
COSO stands for...
Committee of Sposoring Organizations by the Treadway Commission
Provides frameworks for Internal Controls and Enterprise Risk Management respectively
COSO - Internal Control Framework's objectivs
Provide a framework for an organization in establishing and maintaining sound internal controls over:
1) Financial reporting,
2) Effectiveness and efficiency of operations;
and 3) Compliance with regulations and laws
Which SOX section makes CEO or CFO responsible for reviewing the company's internal control process?
Section 302. Have to perform a Top Down Risk Assessment as well (TDRA), which is a high-level review starting at the entity level then working all the way down to the transaction level of detail
Components of COSO's Internal Control Framework
Control Environment (VIR COSO A)
Risk Assessment (done in-house)
Information and Communication (at all levels of the organization)
Control Activities (policies and procedures)
Monitoring (through audit committee, internal audit, and external audits)
Elements that make up the Control Environment aka Internal Environment
VIR COSO A
Committment to Integrity and Ethical Values (VIR)
Committment to Compentency and having HR policies, processes, and procedures for hiring and training the right people
Organizational Structure - to help clearly identify lines of authority
Committment to Oversight by those charged with corporate governance - BoD establishes an audit committee and is active in the oversight process, e.g. address concerns identified by Internal Auditor and External Auditors
Accountability is enforced
What happens to CEO or CFO that misrepresents the company's financials?
They get penalized and imprisonment. It is up to the Board of Directors to remove the CEO or CFO (which they usually do anyway).