Internal Control Integrated Framework
Executive Summary
Internal control helps entities achieve important objectives and sustain and improve performance. COSO’s Internal Control Integrated Framework (Framework) enables organizations to effectively and efficiently develop systems of internal control that adapt to changing business and operating environments, mitigate risks to acceptable levels, and support sound decision making and governance of the organization.
Designing and implementing an effective system of internal control can be challenging; operating that system effectively and efficiently every day can be daunting. New and rapidly changing business model
s, greater u and dependence on technology, increasing regulatory requirements and scrutiny, globalization, and other challenges demand any system of internal control to be agile in adapting to changes in business, operating and regulatory environments.
An effective system of internal control demands more than rigorous adherence to policies and procedures: it requires the u of judgment. Management and boards of directors u judgment to determine how much control is enough. Management and other personnel u judgment every day to lect, develop, and deploy controls across the entity. Management and internal auditors, among other personnel, apply judgment as they monitor and asss the effectiveness of the system of internal control.
The Framework assists management, boards of directors, external stakeholders, and others interacting with the entity in their respective duties regarding internal control without being overly prescriptive. It does so by providing both understanding of what constitutes a system of internal control and insight into when internal control is being applied effectively.
For management and boards of directors, the Framework provides:
A means to apply internal control to any type of entity, regardless of industry or legal structure, at the levels of entity, operating unit, or function
A principles-bad approach that provides flexibility and allows for judgment in designing, implementing, and conducting internal control—principles that can be applied at the entity, operating, and functional levels
dering how components and principles are prent and functioning and how components operate together
A means to identify and 新年爱情祝福语
analyze risks, and to develop and manage appropriate respons to risks within acceptable levels and with a greater focus on anti-fraud measures
An opportunity to expand the application of internal control beyond financial reporting to other forms
of reporting, operations, and compliance objectives.
An opportunity to eliminate ineffective, redundant, or inefficient controls that provide minimal value in reducing risks to the achievement of the entity’s objectives
For external stakeholders of an entity and others that interact with the entity, application of this Framework provides:
Greater confidence in the board of directors’ oversight of internal control systems
Greater confidenc元旦节的来历简介
e regarding the achievement of entity objectives
Greater confidence in the organization’s ability to identify, analyze, and respond to risk and changes in the business and operating environments ★对组织识别,分析和应对来自商业与运营环境风险与变化的能力更有信心;
Greater understanding of the requirement of an effective system of internal control
Greater understanding that through the u of judgment, management may be able to eliminat儿童水粉画教程
e ineffective, redundant, or inefficient controls
Internal control is not a rial process but 绿萝有什么特点
a dynamic and integrated process. The Framework applies to all entities: large, mid-size, small, for-profit and not-for-profit, and government bodies. However each organization may choo to implement internal control differently. For instance, a smaller entity’s system of internal control may be less formal and less structured, yet still have effective internal control.
The remainder of this Executive Summary provides an overview of internal control, including a definition, categories of objective, description of the requisite components and associated principles, and requirement of an effective system of internal control. It also includes a discussion of limitations—the reasons why no system of internal control can be perfect. Finally, it offers considerations on how various parties may u the Framework.
Defining Internal Control
Internal control is defined as follows:
rnal control is a proces好听的句子
s, affected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
This definition reflects certain fundamental concepts. Internal control is:
Geared to the achievement of objectives in one or more categories—operations, reporting, and compliance.
A process consisting of ongoing tasks and activities—a means to an end, not an end in itlf.
Effected by people—not merely about policy and procedure manuals, systems, and forms, but about people and the actions they take at every level of an organization to affect internal control
Able to provide reasonable assurance—but not absolute assurance, to an entity’s nior management and board of directors
Adaptable t艺术类专业留学
o the entity structure—flexible in application for the entire entity or for a particular subsidiary, division, operating unit, or business process 可以适应组织的结构—可灵活应用于整个组织或一个分支机构,业务部,运营单元或业务流程。
This definition is intentionally broad. It captures important concepts that are fundamental to how organizations design, implement, and conduct internal control, providing a basis for application across organizations that operate in different entity structures, industries, and geographic regions.
The Framework provides for three categories of objectives, which allow organizations to focus on differing aspects of internal control:
Operations Objectives—The pertain to effectiveness and efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding asts against 享受人生
Reporting Objectives—The pertain to internal and external financial and non-financial reporting and may encompass reliability, timeliness, transparency or other terms as t forth by regulators, recognized standard tters, or the entity′s policies.
Compliance Objectives—The pertain to adherence to laws and regulations to which the entity is subject.
Components of Internal Control
Internal control consists of five integrated components.