The Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued Internal Control – Integrated Framework. Its is a framework "to help businesses and other entities assess and enhance their internal control systems." These have been further refined and developed with additional standards. Source: www.coso.org.
Internal control consists of five interrelated components:
Control Environment — This component focuses on the risk management culture within organizations. Relevant questions include: are people throughout the organization aware of the importance of risk management and do they understand the risk profile of the organization? Do management and the board of directors set the tone at the top? Is risk awareness and mitigation embedded in the values of the organization, the integrity and competence of staff? Is risk management it part of management’s philosophy and operating style and the way management assigns authority and responsibility?
Risk Assessment — Each organization is faced with external and internal risks that may affect the goals of the organization. Risk assessments identify relevant risks to the objectives and determines how the organization can manage the risks.
Control Activities — These refer to the internal control system of the organization, including policies and procedures that define approval processes, authorization levels, security of assets and the segregation of duties, etc.
Information and Communication — This component refers to an organization's information and communication systems, including the production of operational and financial reports.
Monitoring — This component is often confused with the "control activities" component. While control activities define an organization's internal control system, the monitoring component focuses on the monitoring of these systems, such as direct supervision and evaluation.
More information is available here.
|←Previous COSO 2004 Enterprise Risk Management — Integrated Framework||ISO/IEC Guide 73- Risk Management – Vocabulary Next→|
- Corporate Governance and Risk Management - ERMA Asia Pacific Risk Management Conference 2011
- AS/NZS ISO 31000:2009
- IRM - AIRMIC - PRMA Risk Management Standards
- AS/NZS 4360:2004
- ITGI Risk IT Framework 2009 (COBIT)
- COBIT 4.1 2009
- COSO 2009 Guidance on Monitoring Internal Control Systems
- COSO 2004 Enterprise Risk Management — Integrated Framework