Question

Explain the following COSO framework components:

                a. internal environment
                b. objective setting
                c. event identification
                d. risk assessment
                e. risk response
                f. control activities
                g. information and communication
                h. monitoring

Answer 1

The Committee of Sponsoring Organizations (COSO) was established in 1985 by five of the largest accounting, auditing, and finance oversight committees in the United States. The COSO model defines internal control as “a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance of the achievement of objectives".

COSO framework components are explained below:

a) Internal Environment:

The internal environment sets the foundation for how risk is viewed and addressed by an entity’s people, including risk philosophy risk appetite etc.

b) Objective Setting:

Objectives must exist before management can identify potential events affecting their achievement.

c) Event Identification:

Internal and external events affecting the achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities.

d) Risk Assessment:

Company-wide Objectives are seen, risks are analyzed, as a basis for determining how they should be managed.

e) Risk Response:

After risk analysis is done, a plan is made to combat those risks.

f) Control Activities:

Policies and procedures are made to ensure that the above plan is carried out effectively.

g) Information and Communication:

Quality information is communicated in a identified form and timeframe so that all the procedures are carried out effectively. Effectiveness of Communication is the key, that enable people to carry out their responsibilities.

h) Monitoring:

It is a continuous process, accomplished through ongoing management activities, separate evaluations or both. Deficiencies are reported and worked on.