Page 192 - COSO Guidance Book
P. 192

COSO definition of internal control and the


            framework



                              1
            In May 2013, COSO  published the 2013 Internal Control   Integrated Framework (the framework). The
            update to COSO’s 1992 Internal Control   Integrated Framework (the superseded framework) became
            necessary because of the increasing complexity of business, evolving technologies, and changing
                                                                                      2
            expectations of stakeholders since the superseded framework was published .
            Although generally accepted auditing standards do not require a specific internal control framework, the
            framework is widely used by entities for designing, implementing, and conducting internal control. The
            framework provides useful guidance to auditors charged with evaluating the design and implementation
            of controls during a financial statement audit.

            For an entity’s system of internal control to be effective, the  framework states that each of the five
            components of internal control and relevant principles should be present and functioning and that these
            components operate together in an integrated manner.

            Points of focus are also provided within the framework. There is no requirement that an assessment be
            performed to determine whether all points of focus are present and functioning. Management may
            determine that some points of focus are not suitable or relevant to the entity. Similarly, management may
            identify other suitable and relevant points of focus in addition to those provided in the framework.

            The framework views the five components and 17 principles as suitable to all entities. It presumes that
            the principles are relevant because they have a significant bearing on the presence and functioning of an
            associated component.

            The framework retains the core definition of internal control and the five components of internal control.
            At the same time, it includes enhancements and clarifications intended to ease use and application. One
            significant enhancement is the aforementioned formalization of fundamental concepts introduced in the
            superseded framework as principles. These principles associated with the five components provide
            clarity for users in designing and implementing systems of internal control.

            The framework comprises the following five components of internal control:

              Control environment
              Risk assessment
              Control activities
              Information and communication
              Monitoring activities


            1  These organizations included the AICPA, the American Accounting Association, the Institute of Internal Auditors,
            the Institute of Management Accountants, and Financial Executives International. Further background information
            about COSO can be found at www.coso.org.
            2
              Refer to Appendix F “Summary of Changes to the COSO Internal Control — Integrated Framework (1992)” of the
            framework for a summary of enhancements made to the superseded framework.


            © 2020 Association of International Certified Professional Accountants. All rights reserved.    2-4
   187   188   189   190   191   192   193   194   195   196   197