Coso 2013 - Internal Control and Integrated Frameworks

        COSO 2013 : Internal control and integrated frameworks        

Chapter 1: Definition of internal control

• Geared to the achievement of objectives: 3 categories of objectives (allows the organization to focus on separate aspects of the internal control)

• Operations objectives = effectiveness and efficiency of the entity’s operation (operational and financial performance goals included + safeguarding assets against loss)
• Reporting objectives = internal and external financial and non-financial reporting (reliability, timeliness, transparency, and other terms set by regulators or the entity’s policies)
• Compliance objectives = adherence to laws and regulations to which the entity is subject

• Achieving these objectives depends on how the activities of the organization’s controls are performed. Generally, there is greater discretion about internal reporting objectives.
• When the organization operates in accordance with external standard, it is able to attain reasonable assurance that objectives relating to efficiency and effectiveness of operations are achieved. BUT achievement of operations objectives isn’t always within the organization’s control: internal control cannot prevent bad judgments or decisions or external events (that can cause the organization to fail its operational goals)

• A process: it is not an event, it is a dynamic process (that includes many processes)

• Controls consist in policies => management statements of what should be done to effect internal control, and in procedures => actions that implement the policies
• Business processes are embedded in these fundamental management activities : planning, executing, checking => internal control is integrated with these processes

• Effected by people: board of directors, management, and other personnel.

• The board and senior management establish the tone for the organization concerning the importance of internal control and the expected standards of conduct across the entity

• Provides reasonable assurance regarding achievements of the entity’s objectives

• It is NOT absolute assurance: there are limitations to the internal control system (human error, uncertainty inherent in judgment)

• the organization cannot always achieve its objectives

• Effective internal control increases the likelihood of achieving these objectives
• people may collude to circumvent the internal control system + if the management can override the controls the whole systems fails

•  Adaptable to the entity’s structure (there are various dimensions)

• Reporting may be done for consolidated entity / divisions / operating unit + with geographic divisions that provide further information -> which management operating model
• Legal structure : designed to follow regulatory reporting requirements, limit risks, …

• Internal control can be applied based on management model OR legal structure OR both

Chapter 2 :  Objectives, components and principles

Supporting the companies in achieving its objectives (namely : sustain organisational success + report to the shareholders + recruit and retain motivated employees + achieve and maintain a positive reputation + comply with laws and regulations) are 5 components of internal control :

• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring activities

• Relationships of Objectives, Components and the entity [pic 1][pic 2]

• Internal control isn’t a linear process but an integrated one:  a component can and will affect another
• No two entities will or should have the same system of internal control, because they differ dramatically by industry or regulatory environment (and internal model)

Objectives: choices about how the organization seeks to create/preserve/realize value

Setting objectives = prerequisite to internal control + key part to management process. Individuals who are part of system of the internal control need to understand the overall strategies and objectives set by the organization

• operations objectives: relate to the achievements of an entity’s mission/vision

• objectives vary based on management’s choices related to the management operating model, industry considerations and performance
• safeguarding of assets (some time considered as a separate objective): protecting and preserving entity assets. Yet the efficient use of assets and prevention of loss through waste / inefficiency / poor business decisions = not only part of safeguarding assets

• reporting objectives

• external financial reporting objectives: financial statements = necessary to assess the entity’s performance (to access capital markets, …)
• external non-financial reporting objectives:  ask an independent auditor to report its conformance to standards
• internal financial and non-financial reporting objectives: information deemed necessary to manage the organization. These objectives are based on preferences and judgments of management and the board, thus they vary depending on the type of industry.
• relationship within reporting category and objectives:

[pic 3]

• compliance objectives: accordance with applicable laws and regulations

• the organization needs to understand which laws/regulations apply across the entity

• some laws are well-known like taxation, but other are more obscure like those to apply to an entity conducting operations in a remote foreign country

• the entity is expected to incorporate these standards in its objectives, some entities even set objectives at a higher level of performance than the one established by laws and regulations

Overlap of objectives categories: an objective in one category may overlap or support an objective in another category.

Basis of objectives categories: some objectives are derived from the regulatory or industry environment of the entity.

Objectives and Sub-objectives: sub-objectives for operating units and functional activities must be specific, measurable and attainable. For example procurement operations objectives might be : purchase of goods that meet engineering specifications + purchase of goods from companies that meet environmental standards.

...