Page 194 - COSO Guidance Book
P. 194
COSO definition of internal control
The framework defines internal control as a process, effected by an entity’s board of directors,
management, and other personnel, designed to provide reasonable assurance regarding the achievement
of objectives relating to
operations,
reporting, and
compliance.
Operations objectives pertain to effectiveness and efficiency of the entity’s operations, including
operational and financial performance goals and the protection of assets against loss.
Reporting objectives pertain to internal and external financial and nonfinancial reporting and may
encompass reliability, timeliness, transparency, or other terms as set forth by regulators, standard-setting
organizations, or the entity’s policies.
Compliance objectives pertain to adherence to laws and regulations to which the entity is subject.
For example, a manufacturing entity would need to comply with Occupational Safety and Health
Administration regulations. In matters of financial reporting, the entity should comply with the
pronouncements issued by an authoritative financial accounting body, typically either the FASB or GASB.
Traditionally, internal auditors have been concerned with the effectiveness and efficiency of operations and
compliance with company policies. Governmental auditors’ primary emphasis has been in the arena of
compliance with laws and regulations. External auditors have traditionally focused on reliability of external
financial reporting. Hence, the definition encompasses all three major areas of traditional auditing practice.
A schema of the COSO definition of internal control, taken from the framework, is provided in exhibit 2-1.
3
Exhibit 2-1: COSO model of internal control
3
This schematic, known as the “COSO Cube,” is provided in the framework.
© 2020 Association of International Certified Professional Accountants. All rights reserved. 2-6
