Laserfiche WebLink
COSOICF <br />NTERNAL ONTROLRAMEWORK <br />The clarified auditing standards applicable to governmental audits incorporate a definition of internal <br />control that is based on the internal control integrated framework developed and issued in 1992 by the <br />Committee of Sponsoring Organizations of the Treadway Commission (COSO). In May 2013, COSO <br />issued an updated framework which supersedes the original after December 15, 2014. The new COSO <br />framework retains the basic definition of internal control and its five components established in its <br />original framework, along with the fundamental requirements to consider these five components and to <br />use judgment when assessing and evaluating the effectiveness of a system of internal controls. The new <br />COSO framework enhances and clarifies a number of concepts from the original framework to make it <br />easier to use and apply. One of the more significant enhancements was the establishment of 17 principles, <br />associated with the 5 components of internal control, intended to assist users in understanding the <br />requirements of effective internal control and designing effective systems of internal control. <br />The 5 components of internal control and 17 underlying principles are as follows: <br />Control Environment – <br />1.Organization demonstrates a commitment to integrity and ethical values. <br />2.Governing body is independent from management and exercises oversight control. <br />3.Management establishes structure, reporting lines, authority, and responsibilities. <br />4.Organization demonstrates a commitment to the competence of individuals involved with <br />internal control. <br />5.Organization holds individuals accountable for internal control responsibilities. <br />Risk Assessment – <br />6.Organization specifies clear objectives for the identification and assessment of risks. <br />7.Organization identifies and analyzes risk. <br />8.Organization assesses the potential for fraud risks. <br />9.Organization identifies and assesses significant changes that could impact internal control. <br />Control Activities – <br />10.Organization selects and develops control activities to mitigate risks. <br />11.Organization selects and develops general IT controls. <br />12.Organization establishes and implements control policies and procedures. <br />Information and Communication – <br />13.Organization uses relevant, quality information to support internal control. <br />14.Organization communicates internal control information internally. <br />15.Organization communicates internal control information externally. <br />Monitoring – <br />16.Organization conducts ongoing and/or separate internal control evaluations. <br />17.Organization evaluates and communicates deficiencies to responsible parties for corrective <br />action. <br />COSO defines an effective system of internal control as one that reduces to an acceptable level the risk of <br />failing to achieve an organizational objective in the areas of operations, compliance, or reporting. <br />According to the new framework, an organization can achieve effective internal control by applying all of <br />the principles listed above. To achieve this, each of these five components and the relevant principles <br />must be present and functioning, and the five components must operate in an integrated manner. Local <br />governments should be reviewing their internal control systems to assure these principles have been <br />incorporated and implemented. <br />-21- <br /> <br />