Question

What is internal control as defined by COSO? Also, explain the other elements of the definition that are important to internal control.

Answer 1

COSO defines internal control as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

COSO defines internal control as having five components:

Control Environment-sets the tone for the organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control.
Risk Assessment-the identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed
Information and Communication-systems or processes that support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities
Control Activities-the policies and procedures that help ensure management directives are carried out.
Monitoring-processes used to assess the quality of internal control performance over time.