Page 216 - COSO Guidance Book
P. 216

Introduction

            This chapter is based largely on the 2013 Committee of Sponsoring Organizations of the Treadway
            Commission (COSO) Internal Control — Integrated Framework (the framework) and AU-C section 315,
            Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AICPA,
                                   1
            Professional Standards).
            Please refer also to appendix A of this course, “Internal Control Examples,” which is reprinted from the
            AICPA publication Internal Control for Today’s Smart Business. This appendix provides examples related
            to principles and points of focus of the framework.




            The framework

            The framework does the following related to the risk assessment component of internal control:

              Indicates objective-setting as a prerequisite to risk assessment
              Emphasizes the importance of stating operations, reporting, and compliance objectives clearly so
               that any risks to those objectives can be identified and assessed
              Considers the suitability of the objectives for use as a basis for assessing effectiveness
              Includes in the financial reporting category of objectives aspects of external reporting (financial and
               nonfinancial) and internal reporting (financial and nonfinancial)
              Notes that external financial and nonfinancial reporting is prepared in accordance with external
               requirements or standards
              Notes that risk assessment includes the processes for risk identification, risk analysis, and risk
               response
              Notes that risk severity includes the concepts of velocity and persistence in addition to impact and
               likelihood
              Notes that the assessment of acceptable risk levels includes consideration of risk tolerance (a
               precondition to internal control), the acceptable level of variation in performance, and the relative
               importance of various objectives (operational, financial, or compliance)
              Addresses management’s need to understand significant changes in its internal and external factors
               and how these changes might affect the overall system of internal control
              Notes that the risk assessment process includes consideration of fraud in relation to material
               misstatement or omission or reporting, inadequate safeguarding of assets, and corruption








            1
              This chapter is based in part on Internal Control — Integrated Framework, commissioned by the Committee of
            Sponsoring Organizations of the Treadway Commission (COSO) and authored by PWC (AICPA: Durham, NC), May,
            2013. Three volume set is available at: http://www.aicpastore.com/AST/AICPA_CPA2BIZ_Specials/EBooks/
            ebooks_bestsellers/PRDOVR~PC-990025/PC-990025.jsp?selectedFormat=eBook
            AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
            (AICPA, Professional Standards). All auditing standards are available at the AICPA website:
            https://www.aicpa.org/research/standards.html


            © 2020 Association of International Certified Professional Accountants. All rights reserved.    4-2
   211   212   213   214   215   216   217   218   219   220   221