By Mike Nurse, CPA, CFE, CGMA
Through assisting boards of directors, management, and other stakeholders with their internal control duties, the Framework helps reduce risk and increase the organization’s ability to meet its objectives.
COSO Series Article Part 1 of 6: The following article is the first part of a six-part series to explore the high-level basics of the COSO1 Integrated Internal Control Integrated Framework (the Framework). The following provides an overview of the Framework itself.
Identifying and Setting Objectives
If you are a manager, director, or business owner, you know the importance of a solid mission statement. You also know the importance of maintaining a clear view of the objectives and goals of the organization.
Your specific objectives may be financially focused, customer-service focused, philanthropically focused, or any unique combination. They could also be other goals set out by your organization.
Setting and reaching goals are two very different things, however. This is because challenges—both expected and unexpected—will ultimately impede your progress. These business challenges come in all shapes and sizes, and knowing how to deal with them effectively is critical.
More importantly, though, your organization should be able to maintain reasonable assurance that its goals are being met despite challenges.
What is the COSO Integrated Internal Control Framework?
The Framework is a universal tool for evaluating and improving your business. Through assisting boards of directors, management, and other stakeholders with their internal control duties, the Framework helps reduce risk and increase the organization’s ability to meet its objectives.
The Framework defines internal control as, “a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.” In other words, internal control helps an entity reach its objectives, and the Framework provides a structure wherein your business can develop a functional system.
How Does the Framework Work?
The Framework can be visually represented by imagining a three-dimensional cube where the length, width, and depth of the cube represent inter-related elements of your entity. The Framework evaluates these elements and helps your company asses and design its internal controls. The three dimensions of the cube can be explained as follows:
- Length of cube: Components. The length of the cube represents the elements required to meet business objectives, including:
- Control Environment (e.g. tone at the top),
- Risk Assessment (e.g. understanding the unique risks of the organization),
- Control Activities (e.g. policies and procedures designed to mitigate risk),
- Information and Communication (e.g. communication regarding internal control responsibilities), and
- Monitoring Activities (i.e. ongoing monitoring and evaluation of controls).
- Width of cube: Objectives. The width of the cube represents the goals the business strives to achieve in the areas of operations, reporting, and compliance; and
- Depth of cube: Entity structure. The depth of the cube can be seen as the unique entity structure, including divisions, operating units, and other structures.
This multi-dimensional approach helps organizations develop adaptive internal control systems that mitigate risks, support sound decision making, and assist the business in reaching overall objectives.
In the next article, we will discuss the details of the first component of the Framework: the Control Environment. In the meantime, we encourage you to explore and learn more about COSO at on their website.
Please contact Mike Nurse with questions or comments about this article.
1COSO, which is an acronym for Committee of Sponsoring Organizations of the Treadway Commission, was formed in 1985 as a joint initiative of five organizations, including the American Institute of CPAs and the Institute of Internal Auditors, among others. Since that time, the committee has been developing and refining frameworks and guidance around enterprise risk management, internal control and fraud deterrence, with the most recent revisions of the Internal Control – Integrated Framework model in 2013.
© Clark Nuber PS and Focus on Fraud, 2017. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Clark Nuber PS and Focus on Fraud with appropriate and specific direction to the original content.