Page 260 - COSO Guidance Book
P. 260

Introduction

            This chapter is based largely on the 2013 Committee of Sponsoring Organizations of the Treadway
            Commission (COSO) Internal Control — Integrated Framework (the framework) and AU-C section 315,
            Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AICPA,
                                   1
            Professional Standards).
            Please refer also to appendix A of this course, “Internal Control Examples,” which is reprinted from the
            AICPA publication Internal Control for Today’s Smart Business. This appendix provides examples related
            to principles and points of focus of the framework.




            The framework

            The framework does the following related to the information and communication component of internal
            control:

              Stresses the significance of the quality of information
              Discusses expectations for verifying a source and for retention of information when information is
               used to support external parties’ reporting objectives
              Discusses the effect of regulatory requirements on the reliability and safeguarding of information
              Discusses the volume and sources of information in consideration of the increased complexity of
               business processes, increased interaction with external parties, and technological advances
              Addresses the effect of technology and other communication mechanisms on the speed, means,
               and quality of information flow
              Provides material on information and communication needs between the entity and third parties,
               including customers and suppliers; emphasizes the importance of taking into account how
               processes may occur outside the entity, such as cloud service providers; and explains how the entity
               needs to obtain information from, and communicate with, parties that operate outside its legal and
               operational boundaries
            The framework states that information is required for the entity to perform internal control
            responsibilities to support the achievement of its objectives. Management obtains or produces and uses
            information from both internal and external sources to support the functioning of internal control. This
            information should be of a certain quality and it should be relevant.






            1
              This chapter is based in part on Internal Control — Integrated Framework, commissioned by the Committee of
            Sponsoring Organizations of the Treadway Commission (COSO) and authored by PWC (AICPA: Durham, NC), May,
            2013. Three volume set is available at: http://www.aicpastore.com/AST/AICPA_CPA2BIZ_Specials/EBooks/
            ebooks_bestsellers/PRDOVR~PC-990025/PC-990025.jsp?selectedFormat=eBook
            AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
            (AICPA, Professional Standards). All auditing standards are available at the AICPA website:
            https://www.aicpa.org/research/standards.html


            © 2020 Association of International Certified Professional Accountants. All rights reserved.    6-2
   255   256   257   258   259   260   261   262   263   264   265