2016-12-14 00:00:00 Growing a Business English Do you want more control over your financial information? Learn internal control policies outlined in the COSO's internal control framework. https://quickbooks.intuit.com/ca/resources/ca_qrc/uploads/2017/06/Board-Of-Directors-Meet-To-Determine-Processes-For-Efficient-And-Effective-Company-Operations.jpg https://quickbooks.intuit.com/ca/resources/growing-business/coso-framework-defining-internal-controls/ Coso Framework: Defining Internal Controls

Coso Framework: Defining Internal Controls

2 min read

If you own a business, it’s important to understand how to know whether your internal control system is effective. In 1992, the Committee of Sponsoring Organizations of the Treadway Commission established general criteria for internal control implementation and maintenance. Although a bit of time has passed since this framework has been developed, it still remains a widely accepted model to measure the effectiveness and quality of an internal control system.

Purpose of COSO Framework

The processes and procedures of an organization to make sure certain objectives are met are known as internal controls. The COSO model identified three main objectives when establishing internal controls. First, internal controls must measure the effectiveness and efficiency of operations. Second, they must provide a level of reliability regarding internal and external financial reporting. Finally, internal controls should make sure the company is in compliance with all relevant and applicable laws and regulations.

Five Supported Components

The COSO framework identifies five elements a business should keep in mind regarding internal controls. First, the control environment is the overall atmosphere of the business. Is there a commitment to integrity? Does the board exercise its responsibilities? Are managers and employees held accountable? Your control environment should foster competency and reliability. Management establishes this control element, which influences all employees. Second, the COSO framework identifies a company’s risk assessment procedures. You should evaluate risk and have procedures in place to identify areas of risk. For example, a company goal to maintain cash reserves on site instead of in a bank will result in higher risk. Third, a company should implement control activities. This includes procedures, policies, physical security, back-up, and encryption on sensitive information and documentation. Employees should only have access to information and resources they need. The controls should monitor the ability to read, distribute, manipulate, change, or physically take resources. A great example is locking a warehouse of inventory and only issuing a few sets of keys to specific employees. Finally, information and communication makes sure everyone knows the internal control plans. Management must make priorities and assign goals. Then, everyone should know their responsibilities and duties. Finally, the COSO framework states that internal controls must be monitored. By performing ongoing and periodic tests and evaluations, a company will become aware of internal control deficiencies and be able to make proper adjustments. This includes working with an auditor to have your internal controls reviewed.

Purpose of Control Elements

These five control elements identified in the COSO framework work together to minimize risk throughout your company. These control components identify, assess, and report problems before they end up on the financial statements. For instance, internal controls will detect theft before the wrong cash balance is reported. This relates to internal reports used by management to make decisions and external reports required by investors. Ultimately, the main goal of internal controls is to ensure that no material misstatements occur on financial statements. These misstatements can happen due to poorly executed processes, or as a result of fraud or theft. In either case, the policies outlined by the COSO framework can help you design and assess the effectiveness of internal controls over financial reporting.

References & Resources

Information may be abridged and therefore incomplete. This document/information does not constitute, and should not be considered a substitute for, legal or financial advice. Each financial situation is different, the advice provided is intended to be general. Please contact your financial or legal advisors for information specific to your situation.

Related Articles

Using the McKinsey 7-S Framework in Your Small Business

Are you trying to get your team to work better together? Looking…

Read more

Is a Holding Company Right for Your Small Business?

As your small business grows, your legal structure will need to evolve…

Read more

How to Make a Living as a Freelance Software Developer

If you have a passion for software development, then becoming a freelance…

Read more