COSO 內(nèi)部控制框架的更新

1、1An Update of COSOsInternal ControlIntegrated FrameworkDecember 20112Internal Control-Integrated Framework First published in 1992 Gained wide acceptance following financial control failures of early 2000s Most widely used framework in the US Also widely used around the worldOriginal COSO Cube3Key C

2、oncepts Timeless A process Effected by people Provides reasonable assurance Geared to achievement of objectives related to (1)operations, (2)compliance and (3)financial reporting Five components: Control Environment Risk Assessment Control Activities Information and Communication Monitoring4ICIF wor

3、ks well todayCOSOs Internal Control Integrated Framework (1992 Edition)Refresh objectivesEnhancementsICIF will work better tomorrowCOSOs Internal Control Integrated Framework (Draft, 2012 Edition)Address significant changes to the business environment and associated risksUpdated, enhanced and clarif

4、ied FrameworkIncrease focus on operations, compliance and non-financial reporting objectivesExpanded internal and non-financial reporting guidanceCodify criteria to use in the development and assessment of systems of internal controlPrinciplesAttributesWhy Update What Works5Project Plan & Timeta

5、bleSept - JanFeb - OctDec - MarApr - DecAssess & Survey StakeholdersDesign & BuildPublic ExposureFinalize2010201120126Project ParticipantsCOSO Board of DirectorsCOSO Advisory Council AICPA AAA IIA FEI IMA Regulatory Observers Public Accounting Firms Others (IFAC, GAVI Alliance, ISACA)PwCAuth

6、or and Project LeaderStakeholder InputSurvey of over 700 stakeholders and users of the 1992 Internal Control Integrated Framework7Obtaining Input: Survey of Stakeholders January 4th to September 1st of 2011 Over 700 responses Responses came from wide range of organizations and individuals Large, sma

7、ll and non-profit organizations well represented 1 in 4 respondents were international (27%) The majority of respondents has been using the 1992 Framework for over 5 years Overall, a large majority of respondents support updating, but not a major overhaul of the 1992 Framework8Summary of UpdatesWhat

8、s changedWhat is not changing.What is changing.1. Definition of internal control2. Five components of internal control3. The fundamental criteria used to assess effectiveness of systems of internal control4. Use of judgment in evaluating the effectiveness of systems of internal control 1. Codificati

9、on of principles with universal application for use in developing and evaluating the effectiveness of systems of internal control2. Expanded financial reporting objective to address internal and external, financial and non-financial reporting objectives3. Increased focus on operations, compliance an

10、d non-financial reporting objectives based on user inputThe experienced reader will find much familiar in the updated Framework, which builds on what has proven effective in the original version.9A changing business environment.Drives updates to the Framework.Expectations for governance oversightGlo

11、balization of markets and operationsChanges in business modelsDemands and complexity of rules, regulations and standardsExpectations for competencies and accountabilitiesUse and reliance on evolving technologyExpectations for preventing and detecting fraud Updated COSO CubeSummary of Updates10Contro

12、l EnvironmentRisk AssessmentControl ActivitiesInformation & CommunicationMonitoring ActivitiesSummary of UpdatesCodification of 17 principles embedded in the original Framework1.Demonstrates commitment to integrity and ethical values2. Exercises oversight responsibility3. Establishes structure,

13、authority and responsibility4. Demonstrates commitment to competence5. Enforces accountability6. Specifies relevant objectives7. Identifies and analyzes risk8. Assesses fraud risk9. Identifies and analyzes significant change10. Selects and develops control activities11. Selects and develops general

14、controls over technology12. Deploys through policies and procedures13. Uses relevant information14. Communicates internally15. Communicates externally16. Conducts ongoing and/or separate evaluations17. Evaluates and communicates deficiencies11Value PropositionEnhance performance with greater agility

15、, confidence and clarityThe updated Framework better supports efforts to design and adapt systems of internal control: Agility Adapt to increasing complexity and pace of change Confidence - Mitigate risks to achieve important objectives Clarity Provide reliable information to support sound decision

16、making 12Agility ClarityConfidenceBenefits of the Updated FrameworkManagement and Board of DirectorsOther UsersExternal PartiesPerformance Improve governance Expand use beyond financial reporting Improve quality of risk assessment Strengthen anti-fraud efforts Adapt controls to changing business nee

17、ds Greater applicability for various business models13Public Exposure ProcessPrimary objectiveObtain feedback about whether the updated Framework will have a positive impact on achieving effective internal control over operations, reporting and compliance objectivesWhen to CommentDecember 19, 2011 t

18、o March 31, 2012How to Who can respondAny interested party wishing to express a point of view relevant to the updated FrameworkHow to RespondAnswer the questions and/orProvide additional feedback as you see appropriate at Access to public written commentsAvailabl

19、e online to December 31, 20121314Topical AreasSpecific Areas to Provide or Consider in Your Commentary1. General Background InformationPlease provide information about your company or organization2. Overall Impression of the updated Framework (Survey format scale of 1 5)Internal consistency and logi

20、c of the updated FrameworkUnderstandability and ease of useApplicability to various types of organizationsImpact or burden on regulatory reporting3. Specific areas of interest (Survey format scale of 1 5)Completeness and appropriateness of the 17 Principles and associated AttributesThe requirement f

21、or all 17 Principles to be present and functioning to have effective internal controlAppropriateness of expanding the reporting objective category beyond financial reporting4. SummaryGeneral comments on any topic of interest relevant to the updated FrameworkPublic Exposure ProcessSpecific areas to provide feedback and to assist respondents in developin