1: Its a means to an end and not an end in itself
2: Its all about people & processes
3: Provides reliable assurance & not absolute assurance
4: Helps achieve business objectives
5: Underlying framework for SOX reqirements
COSO Model
Annotations:
Definition : Internal Control provides reasonable assurance in achieving the objectives of an organization through
1: effective and efficient operations
2: reliable financial reporting
3: compliance with regulations, laws
Control Environment
Sets the tone of the organisation
Integrity, Ethos & Competence of the employees
Management philosophy & operating style
Structure & discipline in organisational activities
Direction provided by the board of directors
Risk Assessment
Understanding the objectives of the organisation
Understanding the risks to those objectives
Understanding threats, likelihood and impact of the risks
Its a continuous process
Changes with rules, laws & operating conditions
Control Activities
Policies and procedures to carry our
management directives and actions
They include control sets and objectives to help
mitigate, handle or avoid risks identified
Activities such as approvals,
authorizations, verification
Reconciliations, security of assets,
segregation of responsibilities
Procedures are key and should be effective
Information & Communication
Pertinent identified, captured and
communicated
Reports related to finances,
operations and compliance
Communication needs to be
across the board
Communicate the responsibilities
of people in clear terms
Monitoring
Internal Monitoring : Monitor day to
day activities and system performance
Separate Monitoring : Monitor the
efficiency of the Internal Control system