Page 236 - COSO Guidance Book
P. 236

Introduction

            This chapter is based largely on the 2013 Committee of Sponsoring Organizations of the Treadway
                                                                                      1
            Commission (COSO) Internal Control — Integrated Framework (the framework).
            Please refer also to appendix A of this course, “Internal Control Examples,” which is reprinted from the
            AICPA publication Internal Control for Today’s Smart Business. This appendix provides examples related
            to principles and points of focus in the framework.




            The framework

            The framework does the following related to the control activities component of internal control:

              Incorporates the evolution in technology
              Discusses the relationship between automated control activities and general controls over
               technology to emphasize the linkages to business processes, with the specifics on automated
               control activities and general controls over technology separated into separate sections to clarify the
               distinction between the two types of controls
              Explains that control activities constitute a range of control techniques while providing a more
               detailed description of these types and techniques of controls and a method to categorize them;
               crafting distinct transaction-level controls from controls at other levels of the organization; and
               discussing in more detail information-processing objectives
              Focuses on the widespread concepts of what needs to be controlled as relates to general technology
               controls
              Clarifies that control activities are actions established by policies and procedures rather than being
               the policies and procedures themselves



            Control activities


            The framework states that control activities are the actions established through policies and procedures
            that increase the likelihood that management’s directives to mitigate risks to the achievement of
            objectives are implemented and operating. Control activities are performed at all levels of the entity, at
            different phases within business processes, and over the technology environment. Control activities may
            be preventive or detective in nature and may incorporate a range of manual and automated activities
            such as authorizations and approvals, verifications, reconciliations, and business performance reviews.
            Typically, segregation of duties is designed into the selection and development of control activities. If

            1
              This chapter is based in part on Internal Control — Integrated Framework, commissioned by the Committee of
            Sponsoring Organizations of the Treadway Commission (COSO) and authored by PWC (AICPA: Durham, NC),
            May, 2013. Three volume set is available at: http://www.aicpastore.com/AST/AICPA_CPA2BIZ_Specials/EBooks/
            ebooks_bestsellers/PRDOVR~PC-990025/PC-990025.jsp?selectedFormat=eBook
            AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
            (AICPA, Professional Standards). All auditing standards are available at the AICPA website:
            https://www.aicpa.org/research/standards.html


            © 2020 Association of International Certified Professional Accountants. All rights reserved.    5-2
   231   232   233   234   235   236   237   238   239   240   241