Laserfiche WebLink
CHAPTER 2: INTERNAL CONTROL CRITIERIA <br />CHAPTER 2 <br />INTERNAL CONTROL CRITERIA <br />COSO Internal Control — <br />Integrated <br />Framework The Committee of Sponsoring Organizations of the Treadway <br />Commission (COSO) is a volunteer private- sector organization <br />comprised of several professional associations, including the <br />American Accounting Association; American Institute of Certified <br />Public Accountants (AICPA); Financial Executives International <br />(FEI); Institute of Management Accountants (IMA); and Institute of <br />Internal Auditors (IIA). Its mission is to guide executive <br />management and governance entities in the establishment of <br />more effective, efficient, and ethical business operations on a <br />global basis. It sponsors and disseminates frameworks and <br />guidance based on in -depth research, analysis, and best <br />practices. <br />The COSO Internal Control — Integrated Framework provides that <br />internal control consists of five interrelated components, which are <br />derived from the way management runs a business and are <br />integrated with the management process: <br />Component No. 1: Control Environment — The control <br />environment sets the tone of an organization and is the <br />foundation for all other components of internal control, <br />providing discipline and structure. Control environment factors <br />include the integrity, ethical values and competence of the <br />organization's people; management's philosophy and <br />operating style; the way management assigns authority and <br />responsibility and organizes and develops its people; and the <br />attention and direction provided by its board of directors. <br />Component No. 2: Risk Assessment — Every entity faces a <br />variety of risks from external and internal sources that must be <br />assessed. A precondition to risk assessment is the <br />establishment of organizational objectives that are linked at <br />different levels and are internally consistent. Risk assessment <br />is the identification and analysis of relevant risks to the <br />achievement of management objectives, forming a basis for <br />determining how risks should be managed. <br />Component No. 3: Control Activities — Control activities are <br />the policies and procedures that help ensure management's <br />directives are carried out. They help ensure that necessary <br />actions are taken to address risks to the achievement of <br />0 <br />