Page 272 - COSO Guidance Book
P. 272

Introduction

            This chapter is based largely on the 2013 Committee of Sponsoring Organizations of the Treadway
            Commission (COSO) Internal Control — Integrated Framework (the framework) and AU-C section 265,
                                                                                                             1
            Communicating Internal Control Related Matters Identified in an Audit (AICPA, Professional Standards).
            Please refer also to appendix A of this course, “Internal Control Examples,” which is reprinted from the
            AICPA publication Internal Control for Today’s Smart Business. This appendix provides examples related
            to principles and points of focus in the framework.




            The  framework

            The framework does the following related to the monitoring activities component of internal control:

              Classifies monitoring activities into two categories: ongoing evaluations and separate evaluations
              Includes a requirement for a baseline understanding in establishing and evaluating ongoing and
               separate evaluations
              Addresses the use of technology and external service providers




            Monitoring activities

            The framework notes that ongoing evaluations, separate evaluations, or some combination of the two
            are used to determine whether each of the five components of internal control — including each
            component’s corresponding principles — is present and functioning. Ongoing evaluations, which are
            included within business processes at different levels of the entity, should provide timely information.
            Separate evaluations, conducted periodically, will vary in scope and frequency depending on risk
            assessment, effectiveness of ongoing evaluations, and other management issues. The findings from
            ongoing evaluations or separate evaluations are assessed in accordance with benchmarks established
            by regulators, standards-setting bodies, or management and the board of directors (those charged with
            governance). Deficiencies are communicated to management and the board of directors (those charged
            with governance) and others, such as regulators, as appropriate.








            1
              This chapter is based in part on Internal Control — Integrated Framework, commissioned by the Committee of
            Sponsoring Organizations of the Treadway Commission (COSO) and authored by PWC (AICPA: Durham, NC), May,
            2013. Three volume set is available at: http://www.aicpastore.com/AST/AICPA_CPA2BIZ_Specials/EBooks/
            ebooks_bestsellers/PRDOVR~PC-990025/PC-990025.jsp?selectedFormat=eBook
            AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
            (AICPA, Professional Standards). All auditing standards are available at the AICPA website:
            https://www.aicpa.org/research/standards.html


            © 2020 Association of International Certified Professional Accountants. All rights reserved.    7-2
   267   268   269   270   271   272   273   274   275   276   277