Internal Control – Integrated Framework, is a new framework for fraud deterrence that was recently released by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”). It provides expanded practical advice regarding effective implementation of internal controls. COSO is a joint initiative of five private sector organizations with a shared interest in enterprise risk management, internal control and fraud deterrence. The sponsoring entities are the American Accounting Association, the American Institute of CPAs, Financial Executives International, the Association of Accountants and Financial Professionals in Business, and the Institute of Internal Auditors. In addition to the weight provided by the influence of the sponsoring entities, the framework has also been influenced by participation from regulators such as the Federal Deposit Insurance Corporation (“FDIC”), Government Accountability Office (“GAO”), International Federation of Accountants (“IFAC”), Public Accounting Oversight Board (“PCAOB”), and Securities Exchange Commission (“SEC”).
The new framework was honed over 2 ½ years and expands on an original framework released in 1992. While the core components remain intact, it provides additional explanations as well as expanded guidance to account for advances and changes in the business environment. The continued goal is to enable organizations to “effectively and efficiently develop systems of internal control that adapt to changing business and operating environments, mitigate risks to acceptable levels, and support sound decision making and governance of the organization.”
As defined in the framework, Internal Control consists of five integrated components and 17 principals, summarized in part below:
1. The Control Environment
a. “The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The board of directors and senior management establish the tone at the top….The control environment comprises the integrity and ethical values of the organization…”.
b. Related principals are:
i. “The organization demonstrates a commitment to integrity and ethical values.
ii. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
iii. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.
iv. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
v. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.”
2. Risk Assessment
a. “Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives. Risk assessment involves a dynamic and iterative process for identifying and assessing