Читать книгу Internal Control Audit and Compliance - Graham Lynford - Страница 8
Chapter 1
What We All Share
Overview of the COSO Internal Control Integrated Framework
ОглавлениеIn 1985, COSO was formed to sponsor the National Commission on Fraudulent Financial Reporting, whose charge was to study and report on the factors that can lead to fraudulent financial reporting. It was motivated by yet another intense period of time when financial reporting fraud and alleged audit failures were prominent in the news. Since this initial undertaking, COSO has expanded its mission to improving the quality of financial reporting. A significant part of this mission is aimed at developing guidance on internal control. In 1992, COSO published Internal Control – Integrated Framework, which established a framework for internal control and provided evaluation tools that businesses and other entities could use to evaluate their control systems.1
The COSO internal control framework identifies five components of internal control:
1. Control environment
2. Risk assessment
3. Control procedures
4. Information and communication
5. Monitoring
Today these remain unchanged from the 1992 Framework. That is a testament to the fundamental correctness of the COSO Framework. However, the level of detailed guidance over the years has increased due to the more recent widespread implementation of the Framework in our business environment and a desire to have more consistency in the application of COSO principles.
1
In 2003, COSO published a draft of a document, entitled Enterprise Risk Management (ERM) Framework, whose purpose was to provide guidance on the process used by management to identify and manage risk across the enterprise. This new framework is not intended to supersede or otherwise amend its earlier internal control framework guidance on internal control. Internal control is encompassed within and an integral part of enterprise risk management. Enterprise risk management is broader than internal control, expanding the discussion to form a more robust conceptualization of enterprise risk. Internal Control–Integrated Framework remains in place for entities and others looking at internal control over financial reporting by itself. Note: Entities using the ERM Framework will still need to make a pointed financial statement risk assessment, as detailed in the risk assessment component discussion.
