Internal Control-COSO Framework
Internal Control-COSO Framework
Internal Control-COSO Framework
INTERNAL CONTROL
Ali Mugiono Inspektorat Jenderal Kementerian Keuangan Gedung Juanda II Lantai 7, Jl. Dr. Wahidin No. 1 Jakarta Telp. 021-385 3855 +62818858716 - e-mail: [email protected]
Internal Control
Committee of Sponsoring Organizations of the Treadway Commission(COSO) : 1985 The National Commission on Fraudulent Financial Reporting (Treadway Committee) dibentuk oleh 5 organisasi (AICPA, FEI,IIA, IMA dan AAA). Organisasi tersebut kemudian lebih dikenal dengan COSO. Dilatarbelakangi berkembangnya praktek kecurangan (fraud) pada laporan keuangan 1987 Total 49 rekomendasi mencegah dan mendeteksi kecurangan. Menyarankan penerapan pengendalian intern yang efektif, mengatur fungsi internal audit, dan pengawasan oleh Komite Audit 1992 Menerbitkan Internal Control Integrated Framework (COSO Framework I). 2004 Menerbitkan Enterprise Risk Management-Integrated Framework (COSO Framework II)
Internal Control
COSO Internal Control -Integrated Framework (1992): Internal Control is a process effected by
an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievements of objectives in the following categories: Effectiveness & efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations
Internal control is a process. It is a means to an end, not an end in itself. Internal control is effected by people. Its not merely policy manuals and forms, but people at every level of an organization. Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entitys management and board. Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.
Internal Control
Control Environment
1. Managements Philosophy and Operating Style 2. Integrity and Ethical Values 3. Board of Directors and Audit Committee Direction and Policies 4. Commitment to Competence 5. Organizational Structure 6. Assignment of Authority and Responsibility 7. Human Resource Policies and Procedures
The control environment sets the tone of the organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure.
CONTROL ENVIRONMENT
Internal Control
RISK ASSESSMENT
A risk assessment usually includes: a. Estimating the significance of a risk b. Assessing the likelihood (or frequency) of the risk occurring c. Consideration of how the risk should be managed
Internal Control
CONTROL ACTIVITIES
Internal Control
Authorizing and executing transactions and events are only done by persons acting within the scope of their authority. Authorization is the principal means of ensuring that only valid transactions and events are initiated as intended by management. Authorization procedures, which should be documented and clearly communicated to managers and employees, should include the specific conditions and terms under which authorizations are to be made. Conforming to the terms of an authorization means that employees act in accordance with directives and within the limitations established by management or legislation.
CONTROL ACTIVITIES
Internal Control
CONTROL ACTIVITIES
Internal Control
CONTROL ACTIVITIES
Internal Control
Reconciliations Records are reconciled with the appropriate documents on a regular basis, e.g. the accounting records relating to bank accounts are reconciled with the corresponding bank statements.
CONTROL ACTIVITIES
Internal Control
Operations, processes and activities should be periodically reviewed to ensure that they are in compliance with current regulations, policies, procedures, or other requirements. This type of review of the actual operations of an organisation should be clearly distinguished from the monitoring of internal control.
supervision (assigning, reviewing and approving, guidance and training) Competent supervision helps to ensure that internal control objectives are achieved. Assigning, reviewing, and approving an employee's work encompasses: clearly communicating the duties, responsibilities, and accountabilities assigned each staff member; systematically reviewing each member's work to the extent necessary; approving work at critical points to ensure that it flows as intended.
CONTROL ACTIVITIES
Internal Control
Detective controls are designed to identify an error or exception after it has occurred. Such detective controls are:
Exception reports Reconciliations Periodic audits
Entities should reach an adequate balance between detective and preventive control activities. Corrective actions are a necessary complement to control activities in order to achieve the objectives.
CONTROL ACTIVITIES
Internal Control
INFORMATION AND COMMUNICATION
Pertinent information must be identified, captured and communicated in a form and timeframe that enables people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliance related information, that make it possible to run and control the business.
Information Information is needed at all levels of an organization to run the business, and move toward achievement of the entitys objectives in all categories. This will include: Operational reports to management to ensure effective and efficient use of resources Financial reports detailing the performance of the company used by company management and external parties. Obtaining external and internal information and provide management with necessary reports on the entitys performance relative to established objectives. Provide information to the right people in sufficient detail and on time to enable them to carry out their responsibilities effectively and efficiently Communication Communication must take place, dealing with expectations, responsibilities and other important matters. Adequacy of communication across the organization and the completeness and timeliness of information. Openness and effectiveness of channels with customers, suppliers and other external parties for communicating information.
Internal Control
2.
people within the organization and/or internal audit. Controls addressing higher-priority risks and those most critical to reducing a given risk will tend to be evaluated more often.
Internal Control
Reasonable manner Not Absolute
Cost of Control
Internal Control
Evaluation Criteria:
Formal document Formal communication 100% of sample are welldone Day to day activity represent implementation the policies Sound appearance of people
Internal Control
(Group)
Assignment # 03
1. Regarding the COSO-Internal Control Integrated Framework (COSO-ICIF) there are 5 components. Each group of you are demanded to make analysis about one of the components, which includes: its sub-components, reasons why it is a must, its roles and development process in organization, how it contributes in the achievement of 3 categories of internal control objectives, and how it relates to the other components. Also state in your explaination how Internal Audit (IA) affects the component (assurance and consultation roles). Assume that your group is assigned to perform IA evaluation in a tax office. For this assignment you are demanded to create evaluation program which include: evaluation objectives/targets, measurement criteria, and program steps or check list (each group make its own component ). There is an opinion that control is contrary with the comfortability and/or the speed of services. Make your group opinion by using COSO-ICIF approach and how does IA reconciliate them.
2.
3.