Committee of Sponsoring

Organizations (COSO)
& Internal Control

COBGOVE
COSO’S INTERNAL CONTROL CUBE COSO’S ENTERPRISE RISK MANAGEMENT CUBE
Definition of terms Similarities = process and BOD
Differences = design

• Enterprise Risk Management - a process, effected by an entity's Board of

Directors, Management and other personnel, applied in strategy setting and
across the enterprise that is designed to identify potential events that may
affect the entity, manage risks to be within its risk appetite, and provide
reasonable assurance regarding thePutachievement
in control + assessment of entity objectives. (SEC
MC No. 24, lifted from COSO)
• Internal control - a process designed and effected by the entity's Board of
Directors/ Trustees, Senior Management, and all levels of personnel to provide
reasonable assurance on the achievement of objectives through efficient and
effective operations; reliable, complete and timely financial and
management of corporate information; and compliance with applicable laws,
regulations, and the organization's policies and procedures. (SEC MC No. 24)
Only put in control
Objectives of internal control
• Reliability of financial reporting
• Effectiveness and efficiency of operations
• Compliance with laws and regulations
Factors affecting internal control
• Nature of operations
• Size of business
• Geographical dispersion of activities
• Objectives of the organization
Characteristics of a good internal control
system
• Adherence to management policies Very burdensome and impractical to employees
• Assets are safeguarded Not just physical, but also software (not leaked to competitors)
• Prevention and detection of fraud and error Fraud = intentional
Error = human error (more chances to commit)
Prevention = before the facts
Detection = after the facts (have tools for it)

• Accuracy and completeness of accounting records Ensure internal control promotes

that kind of system

• Timely preparation of reliable financial and non-financial information

If outdated and/or obsolete = irrelevant
Has to be accurate for it to be reliable
Components of Internal Control
1. Control environment Concerned with knowing that control is in place

• Communication and enforcement of integrity and ethical values

• Commitment to competence Assign people who are fit for the job
• Participation by those charged with governance Have good policies in promoting good governance
• Management’s philosophy and operating style
• Organizational structure
• Assignment of authority and responsibility
• Human resources and procedures Have adequate controls
Components of Internal Control
2. Entity’s Risk Assessment Process
• Risk assessment – identification, analysis, and management of risks
pertaining to preparation of financial statements
• Accept or reject
• Factors affecting risks:
• Changes in operating environment
• New personnel
• New information systems and technology Devices must not be obsolete
• Rapid growth
• New business models, products, activities
• Corporate restructuring
• Expanded foreign operations
• New accounting pronouncements
Components of Internal Control
3. Information System relevant to Financial Reporting and
Communication
• Journal entries (standard and non-standard)
• Related business processes Must be compliant with the law
• Communication

4. Control activities and procedures

• Performance review
• Information processing controls
• Physical controls Software and hardware = ensure assets are protected

5. Monitoring controls
Internal control affecting assets, liabilities,
equity
Description of Examples Internal Control Weakness or Factors
Misstatement that increase the risk of the
misstatement

Recording fictitious Fraud: Overstating cash receipts by Lack of segregation of duties of functions
cash receipts transferring cash between bank accounts (access to cash vs. record-keeping); no
without appropriate recording of the effective review of bank reconciliations
Also applies to transfer to cover up embezzlement of
fictitious sales cash

Failure to record Fraud: Failure to record cash sales and Inadequate supervision, failure to
receipts from cash embezzles the cash encourage customers to secure cash
sales receipts

Error: accidental omission Inadequate controls for reconciling cash

register tapes and accounting records,
inadequate controls for reconciling bank
accounts
Internal control affecting assets, liabilities,
equity
Description of Examples Internal Control Weakness or Factors
Misstatement that increase the risk of the
misstatement

Failure to record cash Fraud: embezzlement of cash collection, Lack of segregation of duties
from collection of without debiting cash and crediting AR,
accounts receivable or writes off AR

Error: Accidental omission Inadequate reconciliation of subsidiary

records of AR, with the general ledger
control account
Early (late) recognition Fraud: Holding cash receipts journal open Ineffective management, and undue
of cash receipts – cut- to record next year’s cash receipts pressure to show improved financial
off issues position

Error: Honest error making entry on Failure to list and deposit on a timely
wrong date basis
Internal control affecting assets, liabilities,
equity
Description of Examples Internal Control Weakness or Factors
Misstatement that increase the risk of the
misstatement

Inaccurate recording of Fraud: preparation of a check for a Segregation of duties is lacking

a purchase/ purpose other than issuance to a supplier
disbursement Ineffective control over matching invoices
Error: incorrect entry/recording/
Unrecorded omission Ineffective accounting coding procedures
disbursements may result from incompetent accounting
personnel, inadequate chart of accounts,
(affects liabilities) or no controls over the posting process
Duplicating purchase Error: Purchase recorded upon receipt of Lack/ineffective controls for review and
entries invoice from supplier/seller, and another cancellation of supporting documents by
purchase recorded when a duplicate the check issuer
(affects liabilities) invoice is sent to the supplier/seller
Internal control affecting assets, liabilities,
equity
Description of Examples Internal Control Weakness or Factors
Misstatement that increase the risk of the
misstatement
Misstatement of value Fraud: Intentional misstatement Ineffective management, undue pressure
of investments to meet earning targets

Error: Failure to record changes in market Inadequate accounting manual

values
Unauthorized Fraud: access to securities and use Inadequate segregation of duties (record-
investment thereof for personal interests keeping vs. custody of securities)
transactions

Incomplete recording Error: failure to record derivative Inadequate accounting manual,

of investments agreements which are embedded in incompetent accounting personnel;
other agreements inadequate monitoring by internal
auditors
Internal control affecting assets, liabilities,
equity
Description of Examples Internal Control Weakness or Factors
Misstatement that increase the risk of the
misstatement
Recording unearned Fraud: fictitious sales, intentional Ineffective management, top
revenue overshipment of goods management fails to encourage ethical
conduct
(affects equity)
Error: inaccurate billing and recording Ineffective billing process, ineffective
controls for testing invoices, ineffective
input validation

Cut-off issues Fraud: sales for next year recorded this Ineffective management, top
year management fails to encourage ethical
conduct
(affects equity) Error: improper recording based on the
wrong information Ineffective cut-off procedures
Internal control affecting assets, liabilities,
equity
Description of Examples Internal Control Weakness or Factors
Misstatement that increase the risk of the
misstatement
Recording revenue Fraud: recording sales even when it Ineffective management, top
even when significant should have been recorded as sales management fails to encourage ethical
uncertainties exist returns conduct

Error: consignment recorded outright as Undue pressure and incompetent chief

sales accounting officer

Overstated sales Fraud: overstating/misstating percentage Ineffective management, top

of completion of several projects (for
construction companies) using
percentage of completion
management fails to encourage ethical
conduct
Undue pressure and incompetent chief
accounting officer