Читать книгу Internal Control Audit and Compliance - Graham Lynford - Страница 7

Early auditing literature talked about controls, primarily in terms of controls over more routine transactions, such as cash receipts and disbursements. Based on the analysis of business and accounting failures over decades of experience, it became clear that a broader view of controls was necessary to address the various management, information processing, or oversight weaknesses that so often contributed to these events. However, there was no broader framework or set of criteria against which to evaluate the effectiveness of the entity in controlling its risk of filing materially false financial information and preventing other types of fraud. The COSO Framework has filled that void.

A set of criteria is a standard against which a judgment can be made. In the United States, the internal control integrated framework published by COSO is just about the only overall controls criteria to assess the effectiveness of internal controls over financial reporting (ICFR). Choosing an appropriate control criteria is a Securities and Exchange Commission (SEC) requirement for public companies when performing an assessment of the effectiveness of an entity's internal control. The American Institute of Certified Public Accountants (AICPA) auditing literature references COSO components in its guidance to auditors of nonpublic companies, so from a practical perspective, COSO is the only game in town. While there are other frameworks out there (e.g., the criteria of control (COCO) framework from Canada, the Turnbull Report in the United Kingdom, and SOX of Japan), these are not that dissimilar to COSO in overall concept and have not gained wide acceptance outside of their home countries.