AIS

Accounting Information Systems

COSO Internal Controls 

Internal control is a process involving an entity’s board, management, and personnel, designed to reasonably assure achievement of operations, reporting, and compliance objectives. 

These controls are vital for executing business operations, maintaining accurate accounting records, and ensuring legal compliance.

 The Committee of Sponsoring Organizations of the Treadway Commission (COSO), established in 1985, provides frameworks for Enterprise Risk Management (ERM), Internal Control, and Fraud Deterrence. 

The Sarbanes-Oxley Act (SOX) mandates management to maintain and report on the effectiveness of internal controls, enhancing corporate governance and investor confidence, with auditors attesting to this effectiveness.

For example, Walt Disney Company’s management affirmed responsibility for internal controls over financial reporting, evaluated using the COSO Internal Control—Integrated Framework (2013), and auditors confirmed their effectiveness. COSO's objectives for internal control are:

• Operations: Aligned with management’s plans.

• Reporting: Supports financial and non-financial reporting.

• Compliance: Adheres to laws and regulations.

The COSO framework includes five critical components:

1. Control Environment: Reflects governance, ethical values, oversight, structure, competency, and accountability.

2. Control Activities: Day-to-day measures to prevent and detect issues, including general controls over technology.

3. Risk Assessment: Identifying and analyzing risks related to objectives to formulate management strategies.

4. Information and Communication: Ensuring high-quality accounting systems and clear internal/external communication.

5. Monitoring: Ongoing evaluation of internal controls to assess their presence and effectiveness, with deficiencies communicated for corrective action.