COSO (Comm.of Sponsoring Org. of the Treadway Commission)
established in the United States by five private sector organizations
IMA
AAA
AICPA
IIA
FIA
joint initiative to combat corporate fraud
business ethics
internal control
enterprise risk management
fraud
financial reporting
formed in 1985
to sponsor the National Commission on Fraudulent Financial Reporting (the Treadway Commission)
The original chairman of the Treadway Commission
James C. Treadway, Jr.,
COSO framework involves several key concepts
Internal control is a process. It is a means to an end, not an end in itself.
The COSO framework defines internal control as a process, effected by an entity's board of directors, management and other personnel, designed to provide "reasonable assurance" regarding the achievement of objectives in the following categories:
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations.
Safeguarding of Assets (MHA)
The five components / internal control framework
See Below
Internal control is affected by people. It's not merely policy, manuals, and forms, but people at every level of an organization.
nternal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity's management and board.
Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.
Role of internal audit
Evaluate the effectiveness of control systems.
able to assess the internal control systems implemented by the organization and contribute to ongoing effectiveness
In order to preserve its independence of judgment internal audit should not take any direct responsibility in designing, establishing, or maintaining the controls it is supposed to evaluate. It may only advise on potential improvement to be made.
Role of external audit
Under Section 404 of the Sarbanes-Oxley Act, management and the external auditors are required to report on the adequacy of the company's internal control over financial reporting. Auditing Standard No. 5, published by the Public Company Accounting Oversight Board, requires auditors to "use the same suitable, recognized control framework to perform his or her audit of internal control over financial reporting as management uses for its annual evaluation of the effectiveness of the company's internal control over financial reporting".[8]Section 143(3)(i) of the Indian Companies Act, 2013 also required Statutory Auditors to comment on Internal Control over Financial Reporting