COSO Internal Controls Framework Flashcards Preview

BEC > COSO Internal Controls Framework > Flashcards

Flashcards in COSO Internal Controls Framework Deck (7):

COSO stands for...

Committee of Sposoring Organizations by the Treadway Commission

Provides frameworks for Internal Controls and Enterprise Risk Management respectively


COSO - Internal Control Framework's objectivs

Provide a framework for an organization in establishing and maintaining sound internal controls over:

1) Financial reporting,
2) Effectiveness and efficiency of operations;
and 3) Compliance with regulations and laws


Which SOX section makes CEO or CFO responsible for reviewing the company's internal control process?

Section 302. Have to perform a Top Down Risk Assessment as well (TDRA), which is a high-level review starting at the entity level then working all the way down to the transaction level of detail


Components of COSO's Internal Control Framework


Control Environment (VIR COSO A)
Risk Assessment (done in-house)
Information and Communication (at all levels of the organization)
Control Activities (policies and procedures)
Monitoring (through audit committee, internal audit, and external audits)


Elements that make up the Control Environment aka Internal Environment


Committment to Integrity and Ethical Values (VIR)

Committment to Compentency and having HR policies, processes, and procedures for hiring and training the right people

Organizational Structure - to help clearly identify lines of authority

Committment to Oversight by those charged with corporate governance - BoD establishes an audit committee and is active in the oversight process, e.g. address concerns identified by Internal Auditor and External Auditors

Accountability is enforced


What happens to CEO or CFO that misrepresents the company's financials?

They get penalized and imprisonment. It is up to the Board of Directors to remove the CEO or CFO (which they usually do anyway).


How is the COSO's framework for internal control different from enterprise risk management?

Framework for enterprise risk management has more components and brings internal control system to a risk management focus.