Title Thumbnail & Hero Image was developed on Aug.5, 2024.
Internal Control according to COSO guidelines I
First revision: Aug.5, 2024
Last change: Feb.7, 2025
Searched, Gathered, Rearranged, Translated, and Compiled by Apirak Kanchanakongkha.
1.
A
Internal control is a fundamental management concept that encompasses all aspects of an organization’s operations, from basic accounting processes to manufacturing operations, IT systems, and more. However, in recent years, internal control has been a buzzword with no consistent definition of what effective internal control means. Then, after a series of accounting scandals in the early 1990s/1990s, a group of professional accounting and finance organizations, including the American Institute of Certified Public Accountants (AICPA), formed what would become the Committee of Sponsoring Organizations (COSO) to develop a consistent framework for defining the concept of internal control.
After a long period of review and comment as a publicly available document, the first COSO Framework for Internal Control was published in 1992. It is not a formal standard or set of government regulations, but rather a framework that defines the characteristics and concepts of an effective system of internal control for organizations of all types and sizes. The Framework soon became a requirement for external auditors to assess internal control over financial statements and became an important measure of the Sarbanes-Oxley (SOx) certification process.
Although the Framework has not changed and has been in effect since its release in 1992, it no longer reflects the major changes in IT and business systems, the collaborative and global nature of business today, and the growing concern for improved corporate governance. As a result, COSO revised the Internal Control Framework, opening a draft for comment, and a fully revised COSO Internal Control Framework was published in May 2013.
In this blog, Human Excellence (www.huexonline.com) provides an executive-level explanation of COSO’s new internal control framework. In the following chapters, the blog describes the components of the new framework and the elements that are particularly important to an organization’s operations. It will also use COSO’s three-dimensional framework and rotate through it to better explain the importance of all the elements in the internal control framework. The following chapters will examine supporting documentation such as COBIT and ISO’s internal control and risk management standards, with a focus on establishing and implementing effective internal controls for an organization.
1.
2.
B
Another purpose of this blog is to introduce and explain the revised COSO Internal Control Framework in a way that corporate executives can use this internal control framework to understand and implement effective internal control processes, explain the importance of COSO Internal Control to the board of directors and audit committees, other members of the staff, and IT management, and to gain an overall understanding of the importance of COSO Internal Control. In addition, this blog will explore additional transition and implementation rules for using the revised COSO Internal Control Framework to meet the internal control requirements of the Sarbanes-Oxley Act.
At first glance, the COSO Internal Control Framework may seem complex and confusing, but it is an important management tool that should be here for many years to come. Organizations may adopt the new framework immediately or may continue to use the old framework until December 15, 2014, when the updated framework will replace the old one.
1.
2.
Page 1
Chapter 1
Importance of the COSO Internal Control Framework
1. It is not a detailed standard or specification, but rather a framework. Some business executives may ask, "What is COSO?" In our business world, there are many rules and regulations set by government agencies and other entities, often with difficult acronyms. It is easy to overlook or dismiss this new set of standards. Furthermore, the COSO Internal Control (Committee of Sponsoring Organizations) is merely a framework that sets forth professional practices in establishing the desired business systems and processes that promote effective and efficient internal control. Furthermore, the "sponsoring organizations" that issue and disseminate this document are not government agencies or other regulatory bodies. However, the COSO Internal Control Framework is an important set or format of guidance documents that organizations should follow when developing their systems and procedures, including when establishing legal compliance under the SOx Act.
The COSO Internal Control Framework was first introduced in the United States in 1992, which has been around for a long time. This was a time when there were obvious fraudulent business practices in the United States and elsewhere, indicating a well-recognized need for improved internal control processes and procedures to help guide the process. The COSO Internal Control Framework of 1992 soon became a foundational element of the American Institute of Certified Public Accountants (AICPA) auditing standards in the United States, and eventually became the standard for corporate auditors to audit, certifying that an organization’s internal controls were in proper compliance with the Sarbanes-Oxley Act (SOx). Due to the general nature of the COSO Framework, which describes good internal control practices, it has never been revised to this day.
Exhibit 1.1: Importance of Enterprise Internal Controls
Source: joinhorizons.com, access date: Sep.26, 2024.
Exhibit 2.1 COSO Internal Control of Original Framework
