Corporate Internal Controls with COSO

Internal Control Integrated Framework

COSO Committee for Sponsoring Organizations

Aimed at creating Methodologies that hinder fraud in the internal control systems of companies traded on global stock exchanges.
Focuses on a restructuring of financial systems dedicated to ‘internal controls’, for all businesses, more applied in financial systems such as banks and insurance companies.

 “We assist large companies in the planning, implementation, optimization, testing, and continuous improvement of internal control systems”

“Internal Control” means The Ability to Regulate

Integrating with Strategy and Performance

There are different risks for each control environment, that is, failures that can bring many losses.

In the same way that a pilot can cause a crash by a mistake/failure or a simply wrong decision, so can the board of a company.
A simple mistake in perspective for not being aligned with your line of business can lead to flawed decisions causing even the failure of a large company causing losses to shareholders and employees.

Errors need to be evaluated, measured and visualized to be managed as well as avoid.

Related Insights

Join our Internal Audit Community

Environments changes

  • Demands and complexities in laws, rules, Standards & Regulations
  • Expectations relating to preventing and detecting fraud
  • Expectations for competencies and accountabilities
  • Expectations for governance oversight
  • Changes and greater complexity in business
  • Use of, and reliance on, evolving technologies
  • Globalization of markets and operations

Tips

  • Check for an adequate training plan
  • The control environment becomes more effective when people become more controllable
  • Create a procedure for monitoring conduct of behavior concerning policies and procedures
  • Create disciplinary procedures to penalize those who act outside the standards of conduct and behavior
  • Make sure employees know their roles & responsibilities

Project Step by Step

Determination of Objectives

This phase involves determining key business objectives, that will drive the COSO framework implementation.

Gap Analysis

This phase involves performing gap analysis on COSO – 17 requirements as well as defining risk and control matrix for areas that have opportunities for fraud.

Control Design and documentation

This phase involves our methodology that involves the distribution of objectives, risks, and control responsibility to internal stakeholders. This also includes the nomination of key roles such as risk and compliance officer – who will drive the ongoing compliance. Each business function has a control framework

Tracking

This phase involves tracking the client risks, documentation, and self-declarations till all internal controls are adequately implemented

Performance Tracking

This phase involves measuring internal control changes on a scale of 0-100%. This gives assurance to internal stakeholders that the processes implemented are adequate (or at risk). If there are deviations or risks identified, they are treated. We have a structured methodology for implementation

Internal Audit

The internal audit involved an independent verification of risk and control implementation as a project and assurance of the ongoing program

COSO | 17 requirements

  • The organization demonstrates a commitment to integrity and ethical values
  • The board of directors demonstrate independence from management and exercises oversight of the development and performance of internal control
  • Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives
  • The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives
  • The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives
  • The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives
  • The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed
  • The organization considers the potential for fraud in assessing risks to the achievement of objectives
  • The organization identifies and assesses changes that could significantly affect the system of internal control
  • The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels
  • The organization selects and develops general control activities over technology to support the achievement of objectives
  • The organization deploys control activities through policies that establish what is expected and procedures that put policies into action
  • The organization obtains or generates and uses relevant, quality information to support the functioning of internal control
  • The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control
  • The organization communicates with external parties regarding matters affecting the functioning of internal control
  • The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning
  • The organisation evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate

Supporting Organizations

Ask For

gaas.coso@pride.solutions

Insights | Proposals | Training | Roadmaps