Page 200 - COSO Guidance Book
P. 200
Introduction
This chapter is based largely on the 2013 Committee of Sponsoring Organizations of the Treadway
Commission (COSO) Internal Control — Integrated Framework (“the framework”), and AU-C section 315,
Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AICPA,
1
Professional Standards). AU-C section 315 relates to nonpublic entities (nonissuers). The framework
may apply to all types of entities — public (issuers), nonpublic (nonissuers), government, not-for-profit, or
owner-manager businesses.
Please refer also to appendix A of this course, “Internal Control Examples,” which is reprinted from the
AICPA publication Internal Control for Today’s Smart Business. This appendix provides examples related
to principles and points of focus of the framework.
The framework
The framework does the following related to the control environment component of internal control:
Includes five principles related to integrity and ethical values, oversight responsibilities, structure,
2
authority and responsibility, commitment to competence, and accountability.
Explains linkages between the various components of internal control to demonstrate the
foundational aspects of the control environment for a sound system of internal control.
Discusses governance roles in an organization, recognizing differences in structures, requirements,
and challenges across different jurisdictions, sectors, and types of entities.
Reflects lessons learned and developments in ethics and compliance, including codes of conduct, the
attestation process, whistleblower process, investigation and resolution, and training and
reinforcement — both internally and with third parties.
1
This chapter is based in part on Internal Control — Integrated Framework, commissioned by the Committee of
Sponsoring Organizations of the Treadway Commission (COSO) and authored by PWC (AICPA: Durham, NC), May,
2013. Three volume set is available at: http://www.aicpastore.com/AST/AICPA_CPA2BIZ_Specials/EBooks/
ebooks_bestsellers/PRDOVR~PC-990025/PC-990025.jsp?selectedFormat=eBook
AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
(AICPA, Professional Standards). All auditing standards are available at the AICPA website:
https://www.aicpa.org/research/standards.html
2 The term those charged with governance is used for most nonpublic entities. See AU-C section 260, The Auditor’s
Communication With Those Charged With Governance (AICPA, Professional Standards). Those charged with
governance is defined in this auditing standard as follows: The person(s) or organization(s) (for example, a
corporate trustee) with responsibility for overseeing the strategic direction of the entity and the obligations related
to the accountability of the entity. This includes overseeing the financial reporting process. Those charged with
governance may include management personnel, for example, executive members of a governance board or an
owner-manager. In some cases, all of those charged with governance are involved in managing the entity; the
appropriate person(s) with whom to communicate may not be clearly identifiable from the engagement
circumstances. An example of this is entities in which the governance structures are not formally defined, such as
some family-owned entities, some not-for-profit organizations, and some government entities.
© 2020 Association of International Certified Professional Accountants. All rights reserved. 3-2
