L e a r n I n g o b j e c t I v e s
Download 1.2 Mb. View original pdf
|
- Navigate this page:
- Committee of Sponsoring Organizations (COSO)
- Enterprise Risk Management—Integrated Framework (ERM)
| Management Governance Direct Management Feedback Plan (APO) Build (BAI) Run (DSS) Monitor (MEA) Monitor Evaluate PART II CONTROL AND AUDIT OF ACCOUNTING INFORMATION SYSTEMS COSO’S INTERNAL CONTROL FRAMEWORK The Committee of Sponsoring Organizations (COSO) consists of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute. In 1992, COSO issued Internal Control—Integrated Framework (IC), which is widely accepted as the authority on internal controls and is incorporated into policies, rules, and regulations used to control business activities. In 2013, the IC framework was updated to better deal with current business processes and technological advancements. For example, in 1992, very few businesses used the Internet, sent email, or stored their data in the cloud. The revised IC framework also provides users with more precise guidance on how to implement and document the framework. Many new examples have been added to clarify framework concepts and make the framework easier to understand and use. The new IC framework keeps the five components of the original framework and adds 17 principles that build on and support the concepts. Each of the five components has at least two and up to five principles. The five components and 17 principles of the updated IC framework are summarized in Table 7-1. COSO’S ENTERPRISE RISK MANAGEMENT FRAMEWORK To improve the risk management process, COSO developed a second control framework called Enterprise Risk Management—Integrated Framework (ERM). ERM is the process the board of directors and management use to set strategy, identify events that may affect the Committee of Sponsoring Organizations (COSO) - A private- sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute. Internal Control—Integrated Framework (IC) - A COSO framework that defines internal controls and provides guidance for evaluating and enhancing internal control systems. Enterprise Risk Management Integrated Framework (ERMA COSO framework that improves the risk management process by expanding (adds three additional elements) COSO’s Internal Control—Integrated. FIGURE 7-2 COBIT 5 Process Reference Model COBIT ® 5, figure 16. © 2012 ISACA ® All rights reserved. Used by permission from ISACA. EDM01 Ensure Governance Framework Setting and Maintenance EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimization EDM04 Ensure Resource Optimization EDM05 Ensure Stakeholder Transparency Download 1.2 Mb. Share with your friends:
|