Coso Framework: Defining Internal Controls

by Danielle Bloom

2 min read

If you own a business, it’s important to understand how to know whether your internal control system is effective. In 1992, the Committee of Sponsoring Organizations of the Treadway Commission established general criteria for internal control implementation and maintenance. Although a bit of time has passed since this framework has been developed, it still remains a widely accepted model to measure the effectiveness and quality of an internal control system.

Purpose of COSO Framework

The processes and procedures of an organization to make sure certain objectives are met are known as internal controls. The COSO model identified three main objectives when establishing internal controls. First, internal controls must measure the effectiveness and efficiency of operations. Second, they must provide a level of reliability regarding internal and external financial reporting. Finally, internal controls should make sure the company is in compliance with all relevant and applicable laws and regulations.

Five Supported Components

The COSO framework identifies five elements a business should keep in mind regarding internal controls. First, the control environment is the overall atmosphere of the business. Is there a commitment to integrity? Does the board exercise its responsibilities? Are managers and employees held accountable? Your control environment should foster competency and reliability. Management establishes this control element, which influences all employees. Second, the COSO framework identifies a company’s risk assessment procedures. You should evaluate risk and have procedures in place to identify areas of risk. For example, a company goal to maintain cash reserves on site instead of in a bank will result in higher risk. Third, a company should implement control activities. This includes procedures, policies, physical security, back-up, and encryption on sensitive information and documentation. Employees should only have access to information and resources they need. The controls should monitor the ability to read, distribute, manipulate, change, or physically take resources. A great example is locking a warehouse of inventory and only issuing a few sets of keys to specific employees. Finally, information and communication makes sure everyone knows the internal control plans. Management must make priorities and assign goals. Then, everyone should know their responsibilities and duties. Finally, the COSO framework states that internal controls must be monitored. By performing ongoing and periodic tests and evaluations, a company will become aware of internal control deficiencies and be able to make proper adjustments. This includes working with an auditor to have your internal controls reviewed.

Purpose of Control Elements

These five control elements identified in the COSO framework work together to minimize risk throughout your company. These control components identify, assess, and report problems before they end up on the financial statements. For instance, internal controls will detect theft before the wrong cash balance is reported. This relates to internal reports used by management to make decisions and external reports required by investors. Ultimately, the main goal of internal controls is to ensure that no material misstatements occur on financial statements. These misstatements can happen due to poorly executed processes, or as a result of fraud or theft. In either case, the policies outlined by the COSO framework can help you design and assess the effectiveness of internal controls over financial reporting.

References & Resources

Related Articles

Understanding Limitations of Internal Controls

Internal controls help you keep your business operating smoothly and ensures that…

Read more

Developing Internal Controls: Understanding ARC

Establishing internal controls is a way to make sure everything is operating…

Read more

Segregation of Duties Is Key to Non-Profit Accounting Practices

Fraud, embezzlement, and theft are all serious threats to your non-profit, which…

Read more