Is the foundation of the other control components in the COSO internal control framework?
Penn has adopted the Integrated Internal Control Framework (IICF), an adaptation of COSO (Committee of Sponsoring Organizations of the Treadway Commission), for utilization as the foundation of the internal control and compliance environment. This Framework defines internal control is a process, effected by an entity’s board of directors, management and other personnel. This process is designed to
provide reasonable assurance regarding the achievement of objectives in the following categories: This definition reflects certain fundamental concepts:
Effective administration involves planning, executing and monitoring. Internal control is a tool used by administrators to accomplish these processes. Management’s Responsibility For Internal ControlIn accordance with University Policy 2701, management is responsible, in both the central and decentralized operating units, for establishing, maintaining and promoting effective business practices and effective internal controls. Such systems of internal control will vary from activity to activity depending upon the operating environment, including the size of the entity, its diversity of operations and the degree of centralization of financial and administrative management. While there may be practical limitations to the implementation of some internal controls, each business function throughout the University and Penn Medicine must establish and maintain a system of controls which meets the minimum requirements as established by the University’s Internal Control Policy. A properly functioning system of controls improves the efficiency and effectiveness of operations, contributes to safeguarding assets and identifies and discourages irregularities, such as questionable or illegal payments and practices, conflict of interest activities and other diversions of assets. Components of Internal ControlInternal Control consists of five interrelated components derived from basic University operations and administrative processes as follows:
The following models show the relationships among these components: COSO Pyramid shows the correlation between internal control components.COSO Cube shows the relationship between units, activity and objectives. The Control Environment provides an atmosphere in which people conduct their activities and carry out their control responsibilities. It serves as the foundation for the other components. Within this environment, management assesses risks to the achievement of specified objectives. Control activities help ensure that management directives are carried out to address the risks. Meanwhile, relevant information is captured and communicated throughout the organization. The entire process is monitored and modified as conditions warrant. Types of ControlsMany types of controls can help management direct their activities, such as:
Often, the best strategy is a combination and collection of all types of controls used together that enable an organization to achieve its goals and objectives. Which component is the foundation of COSO framework?The five components of COSO – control environment, risk assessment, information and communication, monitoring activities, and existing control activities – are often referred to by the acronym C.R.I.M.E.
Which COSO component is the foundation of a system of internal control?According to the Institute of Internal Auditors (IIA), a control environment is the foundation on which an effective system of internal control is built and operated in an organization that strives to 1) achieve its strategic objectives, 2) provide reliable financial reporting to internal and external stakeholders, 3) ...
What are the components of COSO framework?Five Components of the COSO Framework You Need to Know. Operational Effectiveness and Efficiency.. Financial Reporting Reliability.. Applicable Laws and Regulations Compliance.. What is the most important component of the COSO framework?Control Environment is the most important component in the COSO-based audit framework. Control environment is defined by the “tone at the top,” how management at Monmouth University incorporates risk-awareness and control activities into the daily work routines in their areas.
|