Scribd
Upload
13 views11 pages

Control Framework

operation auditing

Uploaded by

hadjihassanjohanisa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
13 views11 pages

Control Framework

operation auditing

Uploaded by

hadjihassanjohanisa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Group 4

Chapter 5: CONTROL FRAMEWORKS

INTRODUCTION
Key points about control frameworks:
1. Need for frameworks: Complex business
environment requires organized internal
controls.
2. Purpose: Create value, minimize risks, and
evaluate results systematically.
3. Examples of frameworks:
- COSO's Internal Control Integrated
Framework (IC-IF)
- COBIT (IT controls)
- ISO 17799 (IT controls)
- ITIL (IT controls)
- CMMI (project management and process
improvement)
These frameworks help organizations manage
risks and improve business results.

CONTROL FRAMEWORKS
THE COSO FRAMEWORKS: ICF AND ERM
The COSO Framework, developed by the
Committee of Sponsoring Organizations of the
Treadway Commission, is a widely recognized
internal control framework. Key points:

1. Creation: Formed in 1985 to address


fraudulent financial reporting.
2. Goal: Improve financial reporting quality
through corporate governance, ethics, and
internal control.
3. Components: Five components, 17
principles, and three categories of objectives
(operations, reporting, compliance).
4. Framework structure: Represented as a
cube, showing components, objectives, and
entity structure.
5. Principles: Fundamental concepts for
achieving effective internal control.

The COSO Framework helps organizations


achieve effective internal control and mitigate
risks.

CONTROL ENVIRONMENT
The control environment is a critical
component of an organization's internal
controls, encompassing:

1. Workplace environment: Leadership style,


openness, and operating style.
2. Tone at the top: Board and senior
management's attitude, integrity, and ethics.
3. Organizational culture: Shared values,
beliefs, and traditions.
4. Competence and development: Employee
skills, training, and accountability.
A strong control environment promotes:
1. Ethical behavior
2. Employee morale
3. Productivity and efficiency
4. Customer satisfaction

Unethical behavior can lead to:


1. Financial losses
2. Reputational damage
3. Legal consequences

Examples of unethical behavior include:


1. Undue emphasis on bottom-line
performance
2. High-pressure sales tactics
3. Kickbacks or bribes
A well-established control environment is
essential for maintaining a positive corporate
image and achieving long-term success.

COMMUNICATION, CONSISTENCY AND..


Effective communication and consistency are
crucial in promoting a strong control
environment. Key points:

1. Clear expectations: Management should


clearly communicate what is allowed and not
allowed.
2. Walking the talk: Management's actions
should align with their words to demonstrate
belief in the message.
3. Codes of ethics and conduct: Establish
guidelines for acceptable behavior and ethical
decision-making.
4. Training and refresher programs: Educate
employees on ethics, codes, and policies.
Best practices include:

1. Regular communication: Articles, vignettes,


and surveys to reinforce ethics and
compliance.
2. Lunch and learn sessions: Informal
discussions on topics related to risks and
controls.
3. Partnerships: Collaborate with HR, Legal, IT,
and other departments to promote education
and awareness.

By promoting a culture of ethics and


compliance, organizations can foster a
positive work environment and reduce the
risk of unethical behavior.

FORM OVER SUBSTANCE


The control environment is built on five key
principles:
1. Integrity and ethical values: Demonstrate
commitment through actions and
consequences.
2. Board oversight: Independent board
provides guidance and oversight.
3. Organizational structure: Clear roles,
responsibilities, and reporting lines.
4. Competence: Attract, develop, and retain
skilled employees.
5. Accountability: Hold individuals responsible
for internal control responsibilities.

These principles foster a strong control


environment, promoting accountability,
transparency, and ethical behavior, enabling
organizations to achieve objectives and
mitigate risks.

ENTITY LEVEL CONTROLS


Entity-level controls assess an organization's
values, systems, policies, and processes to
determine if they promote proper conduct or
dissuade fraud. Key areas of interest include:

1. Management style and corporate culture


2. Organizational structure and policies
3. Controls over management override
4. Risk assessment methodology
5. Monitoring results of operations
6. Financial and operational reporting
7. Hiring and retention practices
8. Fraud prevention and detection controls
9. Internal audit function
10. Whistle-blower hotline effectiveness

Lewin's equation (B = f(P, E)) highlights the


importance of considering both the person
and the environment in shaping behavior.
Internal auditors should work with
management to create a positive
environment that promotes ethical behavior
and accountability.
TONE IN THE MIDDLE
The "tone in the middle" refers to the
influence of middle managers and supervisors
on workplace culture, ethics, and employee
behavior. Key points:

1. Manager's impact: Employees judge the


organization based on their boss's actions.
2. Ethics and values: Managers determine and
reinforce values, ethics, and workplace
dynamics.
3. Employee engagement: Workplace
environment is influenced by employee
engagement levels.
4. Impact on results: Employee engagement
affects customer satisfaction, turnover,
profits, and goal achievement.
Internal auditors should assess employee
engagement and work with management to
foster a positive work environment.

RISK ASSESSMENT
Risk assessment is a critical component of the
COSO framework, involving:

1. Identifying risks: Events that can jeopardize


achieving objectives.
2. Analyzing risks: Assessing likelihood and
impact.
3. Responding to risks: Deciding how to
manage or mitigate risks.

Key aspects:

1. Establishing objectives: Precondition to risk


assessment.
2. Risk linkage: Tracing risks throughout the
organization.
3. Dynamic process: Regularly reassessing
risks in a changing environment.

Risk assessment categories:

1. Reporting: Reliability, timeliness, and


transparency of internal and external reports.
2. Compliance: Adherence to laws,
regulations, and contractual terms.
3. Operations: Effectiveness and efficiency of
operations, safeguarding assets.

Aligning objectives with strategic priorities is


essential to ensure congruence and
coordination.

You might also like