В данной статье мы проанализировали преимущества эффективного внутреннего контроля на основе модели COSO. Мы рассмотрели данный вопрос в контексте применения модели длякорпоративного контроля, в особенности как слабый внутренний контроль определяет достоверность финансовых данных. Кроме того мы проанализировали модель COSO, а также каким образом реализация данной модели может быть применена на практике.
In this paper, we analyze the benefit of effective internal controls on the base of COSO model. We examine this in the context of the implementation of this law for corporate control and, consequently how weak internal control determines the reliability of financial data. Besides that, we analyzed COSO model and how the sections of the COSO model may be implemented on practice.
Keywords: COSO, audit, internal control, internal control deficiency, financial reporting reliability.
More recently, the concept of «internal control and audit» was known to domestic business very remotely. Today, the situation has changed radically. Large companies and enterprises actively create departments and the internal control and audit services, preferring to train its own employees (accountants, economists, financiers). According to the Institute of Internal Audit the internal auditing may be defined as “an independent, objective assurance and consulting activity designed to add value and improve an organization's operations”. Besides that it may help the organization to reach its objectives by bringing a systematic, very carefully disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Internal control under COSO model
Evaluating internal controls is one of internal auditing's primary responsibilities. The Institute of Internal Auditors (IIA) defines control, the control environment, and control processes as following: A control is any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. The high management of the organization should plan, organize, and even direct the sufficient actions in order to provide reasonable assurance that all strategic objectives and targets will be hitted. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) entitled the Internal Control-Integrated Framework (COSO Report) gives the definition of internal control, which come from the report in 1992 and released as following (http://www.coso.org): Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. The Committee of sponsoring organizations of the Commission Treadway (eng. The Committee of Sponsoring Organizations of the Treadway Commission, COSO is a voluntary private organization established in the United States and intended for making appropriate recommendations to corporate management on critical aspects of organizational governance, business ethics, financial reporting, internal control, risk management companies and fraud.
COSO dedicated to improving organizational performance and governance through effective internal control, enterprise risk management, and fraud deterrence. Five nonprofits are its sponsoring organizations: AAA (American Accounting Association), AICPA (American Institute of Certified Public Accountants), FEI (Financial Executives International), IIA (Institute of Internal Auditors), and IMA (Institute of Management
Accountants). On May 14, 2013, COSO released an updated version of its Internal Control—Integrated Framework. One of the main purposes of COSO is making appropriate recommendations to corporate leadership on critical aspects of organizational governance, business ethics, financial reporting, internal control, risk management companies and to combat fraud. COSO has developed a General model of internal control, in comparison with which companies and organizations can assess their control systems.
COSO has developed a General model of internal control, in comparison with which companies and organizations can assess their control systems. The COSO model was especially important because the emphasis was made on the responsibility of the leadership organization for the state of control. Basic concepts of the COSO model may be defined as following:
1. Internal control is a process, that is, a means to an end, not an end in itself.
2. Internal control is carried out by people, so it is important not only (and not so much) rules, procedures, and other guidance documents, but people at all levels of the organization.
3. From internal control owners and management can only expect a reasonable level of assurance of achieving their goals, but no absolute guarantee error-free operation.
Conceptual framework of internal control continues to act as the broadly accepted standard for satisfying the data requirements for reporting, however, in 2004 COSO published «a Conceptual framework of enterprise risk management. COSO believes that this model continues the review of internal control, with an emphasis on the broader concept of risk management. Internal control ensures the achievement of a goal or several goals in related areas.
According to COSO, internal control is a process carried out by the highest or supreme body of the company, determining its policy (Board of Directors, which represents the owners of the company), its managerial staff of the highest level (management) and all other staff, in sufficient and justified as ensuring the achievement of the company the following purposes: feasibility and financial efficiency (including safeguarding of assets); the reliability of financial reporting; compliance with applicable laws and regulatory requirements.
A conceptual framework of enterprise risk management remains focused on achieving the goals of the organization. The conceptual basis of risk management organizations to remain focused on the objectives of the organization; however, now includes four categories: strategic objectives (strategic) — high-level goals, aligned with mission/vision of the organization; operational objectives (operations) — effective and efficient use of resources; reporting objectives, objectives reporting (reporting — reliability of reporting; legislative objectives, objectives compliance (compliance) to compliance with applicable laws and regulations.
Five basic components of the system of Internal control. COSO Model.
The COSO Report defines five interrelated components of internal control that must be realesed on the practice as operating together in order to focus that internal control relating to an operations very effective:
1. Control Environment — The Control environment sets the atmosphere in the organization's moral climate), influencing the control consciousness of its staff. It is the basis for all other components of internal control, providing discipline and structure. The factors of the control environment include the integrity, ethical values, style of management, the system of delegation of authority and management processes and staff development in the organization.
2. Risk Assessment — Management ascertains regulations for analyses of risks related to their achievement. A precondition to risk assessment is to identify the objectives, therefore, risk assessment involves the identification and analysis of relevant risks associated with achieving the set objectives. Risk assessment is a prerequisite for determining how the risks should be managed.
3. Control Activities — Any internal regulations, processes and procedures help management in the implementation of their decisions. Controls are carried out within the entire organization, at all levels and in all functions. They include a range of activities such as approvals, authorizations, verifications, reconciliations, reports current activities, security of assets and segregation of duties.
4. Information and Communication — Organization of information flows, the collection and analysis of information, and sharing it on purpose. Information and communication help employees to carry out their responsibilities.
5. Monitoring — Regular evaluation processes of the quality system elements, identifying deficiencies and their causes, correction of errors, monitoring of current activities.
COSO draws attention to the limitations of the internal control system, as well as on the roles and responsibilities of the parties, affect the system. Restrictions include erroneous human judgment, misunderstanding of instructions, mistakes, misuse of managers, collusion, the ratio of costs and benefits. The COSO report identifies shortcomings as conditions of the system of internal control that merit attention. The statement of deficiencies shall be provided to the employee who is responsible for considered a plot, and senior management. It is believed that the system of internal control is effective if all 5 components exist and function efficiently in relation to operations, financial reporting and compliance. COSO hoped that the Conceptual framework of enterprise risk management will allow management of organizations to determine directly the relationship between the components of the risk management system and objectives that will satisfy the need for the introduction of new laws, regulations and even new requirements for registration of securities on stock exchanges and expects that it will receive wide recognition by companies and other organizations and stakeholders. Everyone plays a part in the internal control system. Ultimately, it is the management's responsibility to ensure that controls are in place. That responsibility should be delegated to each area of operation, which must ensure that internal controls are established, properly documented, and maintained. Every employee has his own responsibility for making this internal control system function. Therefore, all employees need to be aware of the concept and purpose of internal controls. Internal audit's role is to assist management in their oversight and operating responsibilities through independent audits and consultations designed to evaluate and promote the systems of internal control.
This article is intended to help financial management go beyond mere seize and compliance the opportunity to improve the business practices and processes, drive better performance, and transform the perception of the finance organization into that of a value-added key contributor to the company. This article focuses on the aspects of COSO that impact those employees working directly or indirectly for the CFO. It is designed to lead the reader from initial compliance with the model through ongoing maintenance and monitoring, and ultimately to beyond compliance; however, each section can be read and applied individually. From the perspective of the COSO model, the main aim of the release regulatory authorities regulatory documents should be to reduce the level of systemic risks in the financial system of the country, by projecting mitigating risk controls at the level of the individual financial institution. Nobody can guarantee that once invented financial control authorities will actually buffer the impact of risk in the modern, highly variable conditions, if the system does not receive signals about the level of risk through feedback channels.
1. Internal Control-Integrated Framework, 2013. http://www.coso.org/.
2. PCAOB, Public Company Accounting Oversight Board, 2004 Annual report.
3. The Institute of Internal Auditors. Definition of Internal Auditing. https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspx.
4. The Securities Exchange Act of 1934. http://www.sec.gov/about/laws/sea34.pdf
5. The Combined Code on Corporate Governance. https://www.frc.org.uk/Our-Work/Publications/Corporate-Governance/The-Combined-Code-on-Corporate-Goverance.pdf.