COSO FRAMEWORK

Introduction:

The Committee of Sponsoring Organizations of the Treadway Commission – or simply COSO as it’s known to many – is a “joint initiative” organizational body that develops and facilitates risk management frameworks and initiatives – specifically those related to internal control. Organized in 1985, COSO firmly planted its roots around issues relating to fraudulent financial reporting, providing recommendations and guidance to companies, auditors and other intended parties.

Applicability

• 1. Every Publicly held American Company
• 2. Any international company that has registered equity or debt securities with the U.S Securities and Exchange Commission (SEC)
• 3. Any accounting firm or other third party that provides financial services to either a publicly held American company or an international company that has registered equity or debt securities with the SEC.

Objectives of COSO:

Strategic:

Strategic objectives are purposes statements that helps to create an overall vision and set goals to help achieve a desired outcome. It is most effective when it is quantifiable either by statistical results or observable data.

Operating:

Operating objectives May relate to improving financial performance, productivity, quality, environmental practices, innovation, customer satisfaction etc.

Reporting:

To Provide useful information to the users of financial report. To Disclose the obligations and economic resources of an entity.

Compliance:

Organizations need to understand which laws, rules and regulations apply across the entity. Laws, rules and regulations establish minimum standards of conduct expected of the entity.

Components of COSO:

Control Environment:

The control environment is the set of standards, processes and structures that provide the basis for carrying out internal control across the organization.

Principles:

Risk Assessment:

The uncertainty of an event occurring that could have an impact on the achievement of objective

Principles

Risk Categories:

1. Inherent Risk: Risk organization faces before application of Controls
2. Residual Risk: Risk organization faces after application of Controls

Responses to Risk:

1. Avoid
2. Mitigate
3. Accept
4. Transfer

Information and Communication:

Appropriate Information must be communicated from Top to Bottom or Bottom to top in a timely manner with the help of automated Systems.

Principles:

Control Activities:

control activities as the policies and procedures necessary to ensure that identified risk responses are carried out. Although some of these activities may only relate to an identified risk and approved risk response in one area of the enterprise.

Principles:

Potential Indicators for Control Failure

1. Accounting and Reporting Changes
2. Reliance on Self-Assessment
3. Governance
4. Usually, Prolonged Success
5. Reliance on management Integrity

Monitoring

Monitoring is the process of overseeing if the controls are functioning effectively in order to identify lapses and to take corrective actions.

Principles

Implementing COSO

Five Components and its Principles