    May 2013

    Internal Control–Integrated Framework

    COSO & Project Overview

    COSO O"er"#ew – Internal Control P%bl#!at#ons

    1992 2006 2009 2013

    Proe!t +art#!#+ants


    Board of irectors

    COSO Advisor$ Council

    8 A*CPA8 AAA8 (#*8 **A8 *+A8 Pu"lic Accountin! (irms8 Re!ulator$ o"servers ,S#C' -AO' (*C'

    PCAOB.8 Oters ,*(AC' *SACA' oters.

    PwCAutor &

    Project /eader 


    8 Over 011 sta%eolders in (ramewor%responded to !lo"al surve$ durin! 2133

    8 Over 211 sta%eolders pu"licall$ commented

    on proposed updates to (ramewor% durin!

    first quarter of 2132

    8 Over 41 sta%eolders pu"licall$ commented on

    proposed updates in last quarter of 2132

    Proe!t del#"erable :1 – Internal Control$Integrated

    Framework 2013 (d#t#on• Cons#sts of t-ree "ol%mes,

    ▫ ()e!%t#"e S%mmary

    ▫ Framework and '++end#!es▫ Ill%strat#"e Tools for

     'ssess#ng (ffe!t#"eness of a

    System of Internal Control

    • Sets o%t,

    ▫ef#n#t#on of #nternal !ontrol▫ Categor#es of obe!t#"es

    ▫ Com+onents and +r#n!#+les of

    #nternal !ontrol

    ▫ *e;%#rements for


    Proe!t del#"erable :2 – Internal Control o"er ()ternal

    F#nan!#al *e+ort#ng, ' Com+end#%m5555• Ill%strates a++roa!-es and

    e)am+les of -ow +r#n!#+les are

    a++l#ed #n +re+ar#ng f#nan!#al


    • Cons#ders !-anges #n b%s#ness

    and o+erat#ng en"#ronments

    d%r#ng +ast two de!ades

    • Pro"#des e)am+les from a"ar#ety of ent#t#es – +%bl#!<

    +r#"ate< not$for$+rof#t< and


    •  'l#gns w#t- t-e %+dated


    *nternal Control5*nte!rated (ramewor%

    =+date e)+e!ted to #n!rease ease of %se and broadena++l#!at#on

    6at is not  can!in!777 6at is can!in!777

    85 Core def#n#t#on of #nternal !ontrol

    85 T-ree !ategor#es of obe!t#"es andf#"e !om+onents of #nternal !ontrol

    85 (a!- of t-e f#"e !om+onents of#nternal !ontrol are re;%#red for

    effe!t#"e #nternal !ontrol85 Im+ortant role of %dgment #n

    des#gn#ng< #m+lement#ng and!ond%!t#ng #nternal !ontrol< and #nassess#ng #ts effe!t#"eness

    85 C-anges #n b%s#ness and o+erat#ngen"#ronments !ons#dered

    85 O+erat#ons and re+ort#ng obe!t#"ese)+anded

    85 F%ndamental !on!e+ts %nderly#ng

    f#"e !om+onents art#!%lated as+r#n!#+les

    85 'dd#t#onal a++roa!-es ande)am+les rele"ant to o+erat#ons<!om+l#an!e< and non$f#nan!#alre+ort#ng obe!t#"es added

    Environments changes... …have driven Framework updates

    ()+e!tat#ons for go"ernan!e o"ers#g-t

    >lobal#?at#on of markets and o+erat#ons

    C-anges and greater !om+le)#ty #n b%s#ness

    emands and !om+le)#t#es #n laws< r%les<reg%lat#ons< and standards

    ()+e!tat#ons for !om+eten!#es anda!!o%ntab#l#t#es

    =se of< and rel#an!e on< e"ol"#ng te!-nolog#es

    ()+e!tat#ons relat#ng to +re"ent#ng anddete!t#ng fra%d

    COSO C%be 2013 (d#t#on

    =+date !ons#ders !-anges #n b%s#ness and o+erat#ngen"#ronments

    Control #nvironment

    =+date art#!%lates +r#n!#+les of effe!t#"e #nternal !ontrol!ont#n%ed

    15 T-e organ#?at#on demonstrates a !omm#tment to

    #ntegr#ty and et-#!al "al%es5

    25 T-e board of d#re!tors demonstrates #nde+enden!efrom management and e)er!#ses o"ers#g-t of t-e

    de"elo+ment and +erforman!e of #nternal !ontrol5

    35 Management establ#s-es< w#t- board o"ers#g-t<

    str%!t%res< re+ort#ng l#nes< and a++ro+r#ate

    a%t-or#t#es and res+ons#b#l#t#es #n t-e +%rs%#t of


    /5 T-e organ#?at#on demonstrates a !omm#tment to

    attra!t< de"elo+< and reta#n !om+etent #nd#"#d%als

    #n al#gnment w#t- obe!t#"es5

    5 T-e organ#?at#on -olds #nd#"#d%als a!!o%ntable for

    t-e#r #nternal !ontrol res+ons#b#l#t#es #n t-e +%rs%#t

    of obe!t#"es5

    65 T-e organ#?at#on s+e!#f#es obe!t#"es w#t-

    s%ff#!#ent !lar#ty to enable t-e #dent#f#!at#on and

    assessment of r#sks relat#ng to obe!t#"es5

    75 T-e organ#?at#on #dent#f#es r#sks to t-e

    a!-#e"ement of #ts obe!t#"es a!ross t-e ent#ty

    and analy?es r#sks as a bas#s for determ#n#ng

    -ow t-e r#sks s-o%ld be managed5

    95 T-e organ#?at#on !ons#ders t-e +otent#al forfra%d #n assess#ng r#sks to t-e a!-#e"ement of


    5 T-e organ#?at#on #dent#f#es and assesses

    !-anges t-at !o%ld s#gn#f#!antly #m+a!t t-e

    system of #nternal !ontrol5

    Ris% Assessment

    =+date art#!%lates +r#n!#+les of effe!t#"e #nternal !ontrol!ont#n%ed

    105 T-e organ#?at#on sele!ts and de"elo+s !ontrol

    a!t#"#t#es t-at !ontr#b%te to t-e m#t#gat#on of r#sks

    to t-e a!-#e"ement of obe!t#"es to a!!e+tablele"els5

    115 T-e organ#?at#on sele!ts and de"elo+s general

    !ontrol a!t#"#t#es o"er te!-nology to s%++ort t-e

    a!-#e"ement of obe!t#"es5

    125 T-e organ#?at#on de+loys !ontrol a!t#"#t#es

    t-ro%g- +ol#!#es t-at establ#s- w-at #s e)+e!ted

    and +ro!ed%res t-at +%t +ol#!#es #nto +la!e5

    Control Activities

    =+date art#!%lates +r#n!#+les of effe!t#"e #nternal !ontrol!ont#n%ed

    135 T-e organ#?at#on obta#ns or generates and %ses

    rele"ant< ;%al#ty #nformat#on to s%++ort t-e

    f%n!t#on#ng of #nternal !ontrol51/5 T-e organ#?at#on #nternally !omm%n#!ates

    #nformat#on< #n!l%d#ng obe!t#"es and

    res+ons#b#l#t#es for #nternal !ontrol< ne!essary to

    s%++ort t-e f%n!t#on#ng of #nternal !ontrol5

    15 T-e organ#?at#on !omm%n#!ates w#t- e)ternal

    +art#es regard#ng matters affe!t#ng t-e

    f%n!t#on#ng of #nternal !ontrol5

    *nformation &


    =+date art#!%lates +r#n!#+les of effe!t#"e #nternal !ontrol!ont#n%ed

    165 T-e organ#?at#on sele!ts< de"elo+s< and

    +erforms ongo#ng and@or se+arate e"al%at#ons to

    as!erta#n w-et-er t-e !om+onents of #nternal!ontrol are +resent and f%n!t#on#ng5

    175 T-e organ#?at#on e"al%ates and !omm%n#!ates

    #nternal !ontrol def#!#en!#es #n a t#mely manner

    to t-ose +art#es res+ons#ble for tak#ng !orre!t#"e

    a!t#on< #n!l%d#ng sen#or management and t-e

    board of d#re!tors< as a++ro+r#ate5

    +onitorin! Activities

    =+date art#!%lates +r#n!#+les of effe!t#"e #nternal !ontrol!ont#n%ed

    =+date !lar#f#es re;%#rements for effe!t#"e #nternal !ontrol

    • (ffe!t#"e #nternal !ontrol +ro"#des reasonable ass%ran!e regard#ng t-e

    a!-#e"ement of obe!t#"es and re;%#res t-at,

    – (a!- !om+onent and ea!- rele"ant +r#n!#+le #s +resent and f%n!t#on#ng

    – T-e f#"e !om+onents are o+erat#ng toget-er #n an #ntegrated manner 

    • (a!- +r#n!#+le #s s%#table to all ent#t#esA all +r#n!#+les are +res%med rele"ant

    e)!e+t #n rare s#t%at#ons w-ere management determ#nes t-at a +r#n!#+le #s

    not rele"ant to a !om+onent e5g5< go"ernan!e< te!-nology

    • Com+onents o+erate toget-er w-en all !om+onents are +resent andf%n!t#on#ng and #nternal !ontrol def#!#en!#es aggregated a!ross !om+onents

    do not res%lt #n one or more maor def#!#en!#es

    •  ' maor def#!#en!y re+resents an #nternal !ontrol def#!#en!y or !omb#nat#on

    t-ereof t-at se"erely red%!es t-e l#kel#-ood t-at an ent#ty !an a!-#e"e #ts


    =+date des!r#bes #m+ortant !-ara!ter#st#!s of +r#n!#+les< e5g5<

    8 Po#nts of fo!%s may not be s%#table or rele"ant< and ot-ers may be #dent#f#ed

    8 Po#nts of fo!%s may fa!#l#tate des#gn#ng< #m+lement#ng< and !ond%!t#ng #nternal


    8 T-ere #s no re;%#rement to se+arately assess w-et-er +o#nts of fo!%s are #n


    Control #nvironment 15 T-e organ#?at#on demonstrates a !omm#tment to

    #ntegr#ty and et-#!al "al%es5

    Points of Focus:8 Sets t-e Tone at t-e To+8 (stabl#s-es Standards of Cond%!t8 ("al%ates 'd-eren!e to Standards of Cond%!t8  'ddresses e"#at#ons #n a T#mely Manner 

    =+date des!r#bes t-e role of !ontrols to effe!t +r#n!#+les

    • T-e Framework does not +res!r#be !ontrols to be sele!ted< de"elo+ed< and

    de+loyed for effe!t#"e #nternal !ontrol

    •  'n organ#?at#onBs sele!t#on of !ontrols to effe!t rele"ant +r#n!#+les andasso!#ated !om+onents #s a f%n!t#on of management %dgment based on

    fa!tors %n#;%e to t-e ent#ty

    •  ' maor def#!#en!y #n a !om+onent or +r#n!#+le !annot be m#t#gated to an

    a!!e+table le"el by t-e +resen!e and f%n!t#on#ng of ot-er !om+onents and


    • owe"er< %nderstand#ng and !ons#der#ng -ow !ontrols effe!t m%lt#+le

    +r#n!#+les !an +ro"#de +ers%as#"e e"#den!e s%++ort#ng managementBs

    assessment of w-et-er !om+onents and rele"ant +r#n!#+les are +resent and


    S%mmary of +%bl#! e)+os%re of +ro+osed %+date

    • Interest a!ross geogra+-#! reg#ons – a++ro)#mately 0D of res+ondents

    from Eort- 'mer#!a and 0D from #nternat#onal reg#ons

    • Pro+osed %+dates to Framework released for +%bl#! !omments,– e!ember 20< 2011 to Mar!- 31< 2012

    – Se+tember 19< 2012 to e!ember /< 2012

    • COSO so%g-t !omments from t-e general +%bl#! on +ro+osed %+dates<

    #n!l%d#ng w-et-er t-e,

    – *e;%#rements of effe!t#"e #nternal !ontrol are !learly set fort-

    – *oles of !om+onents< +r#n!#+les< and +o#nts of fo!%s are !learly set fort-

    – Framework rema#ns so%nd< log#!al< and %sef%l to management of ent#t#es of

    all ty+es and s#?es

    • P%bl#! !omment letters a"a#lable at www5#!5!oso5org %nt#l e!5 31< 2013

    =+dates are res+ons#"e to +%bl#! !omments

    • Pr#n!#+les

    – Pro"#de !lar#ty regard#ng t-e role of +r#n!#+les #n des#gn#ng< #m+lement#ng< and

    !ond%!t#ng #nternal !ontrol< and assess#ng #ts effe!t#"eness

    – Clar#fy des!r#+t#ons of some +r#n!#+les< b%t no add#t#onal +r#n!#+les

    • (ffe!t#"eness

    – *e!ogn#?e effe!t#"e #nternal !ontrol !an +ro"#de reasonable ass%ran!e of

    a!-#e"#ng effe!t#"e and eff#!#ent o+erat#ons obe!t#"es as noted before

    – Clar#fy re;%#rement t-at ea!- of t-e !om+onents and rele"ant +r#n!#+les m%stbe +resent and f%n!t#on#ng and !om+onents m%st o+erat#ng toget-er 

    – *emo"e +res%m+t#on t-at +o#nts of fo!%s are +resent and f%n!t#on#ng< and

    !lar#fy t-at no se+arate assessment of +o#nts of fo!%s #s re;%#red

    – Standard#?e !lass#f#!at#on of #nternal !ontrol def#!#en!#es< and !lar#fy %se of

    only rele"ant !r#ter#a establ#s-ed #n laws< r%les< reg%lat#ons and standards

    =+dates are res+ons#"e to +%bl#! !omments !ont#n%ed

    • Obe!t#"e Sett#ng

    – *eta#n f#"e !om+onents of #nternal !ontrol

    – *eta#n s+e!#f#!at#on of obe!t#"es as a +r#n!#+le of effe!t#"e #nternal !ontrol<b%t obe!t#"e sett#ng may be dr#"en by laws< r%les< reg%lat#ons

    =+dates are res+ons#"e to +%bl#! !omments !ont#n%ed

    • (nter+r#se *#sk Management (*M

    – *eta#n d#st#n!t#on between (*M and #nternal !ontrol< and a!knowledge t-ese

    frameworks are !om+lementary

    – *eta#n "#ew t-at strategy$sett#ng< strateg#! obe!t#"es< and r#sk a++et#te are

    as+e!ts of (*M< not Internal Control$Integrated Framework

    – *eta#n d#s!%ss#on of r#sk a++et#te and a++l#!at#on of r#sk toleran!e

    • Smaller (nt#t#es and >o"ernments – Pro"#de add#t#onal g%#dan!e s+e!#f#! to

    smaller ent#t#es and go"ernments '++end#) C

    • Te!-nology

    – ()+and d#s!%ss#on #n t-e +o#nts of fo!%s and #n se"eral !-a+ters

    – e!l#ne s%ggest#on to address r#sk asso!#ated w#t- s+e!#f#! te!-nolog#es

    be!a%se of t-e ra+#d +a!e of !-ange

    =+dates are res+ons#"e to +%bl#! !omments !ont#n%ed

    • Str%!t%re and ayo%t – *eta#n "#ew t-at all !-a+ters 1$10 !om+r#se t-e


    • %e Pro!ess – COSO bel#e"es t-ere -as been a s%bstant#"e d%e +ro!ess

    effort to !a+t%re "#ews on +ro+osed %+date

    – S%r"eyed stake-olders to as!erta#n +referen!es !on!ern#ng nat%re and

    e)tent of needed %+datesA 700 res+onses e!ember 2010 to Se+tember


    – Cond%!ted ele"en meet#ngs w#t- COSO 'd"#sory Co%n!#l

    – Pro"#ded e)+os%re drafts of +ro+osed %+dates for +%bl#! !omments

    e!ember 2011 to Mar!- 2012< and Se+tember to e!ember 2012

    – Part#!#+ated #n many !onferen!es< web#nars< and sem#nars w#t- members-#+

    of COSO to seek "#ews of stake-olders Gan%ary 2011 to Gan%ary 2013

    *llustrative ocuments8

    - *llustrative 9ools for Assessin! #ffectiveness of a S$stem of *nternal


    - *nternal Control over #xternal (inancial Reportin!8 A Compendium of

    Approaces and #xamples

    Ill%strat#"e Tools for 'ssess#ng (ffe!t#"eness of a System ofInternal Control

    •  'ss#st %sers w-en assess#ng effe!t#"eness of #nternal !ontrol based on t-e

    re;%#rements set fort- #n t-e Framework

    – Tem+lates #ll%strate a +oss#ble s%mmary of assessment res%lts

    – S!enar#os #ll%strate +ra!t#!al e)am+les of -ow t-e tem+lates !an be %sed to

    s%++ort an assessment and #m+ortant !ons#derat#ons #n +erform#ng an


    • Fo!%s on e"al%at#ng !om+onents and rele"ant +r#n!#+les< not t-e %nderly#ng

    !ontrols t-at affe!t rele"ant +r#n!#+les• Cannot sat#sfy !r#ter#a establ#s-ed t-ro%g- laws< r%les< reg%lat#ons< or

    e)ternal standards for e"al%at#ng t-e se"er#ty of #nternal !ontrol def#!#en!#es

    • Can !%stom#?e le"el and amo%nt of deta#l #n!l%ded #n t-e tem+lates as

    management may deem ne!essary

    S%mmary of +%bl#! e)+os%re of t-e Ill%strat#"e o!%ments

    • Pro+osed nternal Control over E$ternal Financial Reporting: Compendium

    of #pproaches and E$amples was released for +%bl#! !omment from

    Se+tember 19< 2012 to e!ember /< 2012

    • In !on%n!t#on w#t- t-e +%bl#! e)+os%re of IC(F* Com+end#%m% COSO

    made a"a#lable re"#sed "ers#ons of t-e +re"#o%sly e)+osed Framework and

     #ppendices and E$ecutive &ummar' 

    • COSO made a"a#lable t-e +ro+osed llustrative (ools for #ssessing

    Effectiveness of a &'stem of nternal Control 

    • COSO so%g-t !omments from t-e general +%bl#! on rele"ant to+#!s

    • P%bl#! !omment letters a"a#lable at www5#!5!oso5org %nt#l e!5 31< 2013

    Ill%strat#"e do!%ments are res+ons#"e to +%bl#! !omments

    • IC(F*, ' Com+end#%m of '++roa!-es and ()am+les

    –  'dd or !lar#fy s+e!#f#! e)am+les< #n!l%d#ng,

    8 (stabl#s-#ng res+ons#b#l#t#es for re"#ew#ng f#nan!#al statements8 Mon#tor#ng #n"est#gat#on and re+ort#ng of w-#stleblower allegat#ons

    8 Mon#tor#ng #dent#f#!at#on and +rote!t#on of sens#t#"e f#nan!#al #nformat#on

    8 Mon#tor#ng #dent#f#!at#on and analys#s of r#sk of mater#al m#sstatement d%e to


    –  'ddress a r#sk$based a++roa!- for a!-#e"#ng e)ternal f#nan!#al re+ort#ngobe!t#"es

    8 S+e!#fy s%#table obe!t#"es for e)ternal f#nan!#al re+ort#ng

    8 *#sks to a!-#e"#ng s%#table obe!t#"es

    8 *es+onses to r#sks

    Trans#t#on & Im+a!t

    • =sers are en!o%raged to trans#t#on a++l#!at#ons and related do!%mentat#on

    to t-e %+dated Framework as soon as feas#ble

    • =+dated Framework w#ll s%+ersede or#g#nal Framework at t-e end of t-e

    trans#t#on +er#od #5e5< e!ember 1< 201/

    • %r#ng t-e trans#t#on +er#od< e)ternal re+ort#ng s-o%ld d#s!lose w-et-er t-e

    or#g#nal or %+dated "ers#on of t-e Framework was %sed

    • Im+a!t of ado+t#ng t-e %+dated Framework w#ll "ary by organ#?at#on

    − oes yo%r system of #nternal !ontrol need to address !-anges #n b%s#nessH

    − oes yo%r system of #nternal !ontrol need to be %+dated to address all +r#n!#+lesH

    − oes yo%r organ#?at#on a++ly and #nter+ret t-e or#g#nal framework #n t-e same

    manner as COSOH

    – Is yo%r organ#?at#on !ons#der#ng new o++ort%n#t#es to a++ly #nternal !ontrol to !o"er

    add#t#onal obe!t#"esH

    Trans#t#on & Im+a!t !ont#n%ed

    • T-e +r#n!#+les$based a++roa!- +ro"#des fle)#b#l#ty #n a++ly#ng t-e

    Framework to m%lt#+le< o"erla++#ng obe!t#"es a!ross t-e ent#ty

    – (as#er to see w-at #s !o"ered and w-at #s m#ss#ng

    – Fo!%s on +r#n!#+les may red%!e l#kel#-ood of !ons#der#ng somet-#ng t-atBs


    • =nderstand#ng t-e #m+ortan!e of s+e!#fy#ng s%#table obe!t#"es fo!%ses on

    t-ose r#sks and !ontrols most #m+ortant to a!-#e"#ng t-ese obe!t#"es5

    • Fo!%s#ng on areas of r#sk t-at e)!eed a!!e+tan!e le"els or need to bemanaged a!ross t-e ent#ty may red%!e efforts s+ent m#t#gat#ng r#sks #n

    areas of lesser s#gn#f#!an!e5

    • Coord#nat#ng efforts for #dent#fy#ng and assess#ng r#sks a!ross m%lt#+le<

    o"erla++#ng obe!t#"es may red%!e t-e n%mber of d#s!rete r#sks assessed

    and m#t#gated5

    Trans#t#on & Im+a!t !ont#n%ed

    • Sele!t#ng< de"elo+#ng< and de+loy#ng !ontrols to effe!t m%lt#+le +r#n!#+les

    may also red%!e t-e n%mber of d#s!rete< layered$on !ontrols5

    •  '++ly#ng an #ntegrated a++roa!- to #nternal !ontrol $ en!om+ass#ngo+erat#ons< re+ort#ng< and !om+l#an!e – may lessen !om+le)#ty5

    • In assess#ng se"er#ty of #nternal !ontrol def#!#en!#es< %se only t-e rele"ant

    !lass#f#!at#on !r#ter#a as set o%t #n t-e Framework or  by reg%lators< standard$

    sett#ng bod#es< and ot-er rele"ant t-#rd +art#es< as a++ro+r#ate5

    *e!ommended '!t#ons

    • *ead COSOBs %+dated Framework and #ll%strat#"e do!%ments

    • (d%!ate t-e a%d#t !omm#ttee< C$s%#te< o+erat#ng %n#t and f%n!t#onal


    • (stabl#s- a +ro!ess for #dent#fy#ng< assess#ng< and #m+lement#ng ne!essary

    !-anges #n !ontrols and related do!%mentat#on

    • e"elo+ and #m+lement a trans#t#on +lan t#mely to meet key obe!t#"es –

    e5g5< a++ly %+dated Framework by e!ember 31< 201/ for e)ternal re+ort#ng

    >ett#ng COSOBs P%bl#!at#ons

    T-e %+dated Framework and related Ill%strat#"e do!%ments are a"a#lable #n 3


    15 ($book – T-#s layo%t #s #deally s%#ted for t-ose want#ng a!!ess #n ele!tron#!format for tablet %se5 'n e$book reader from t-e 'ICP' #s re;%#red to "#ew t-#s

    layo%t5 Pr#nt#ng #s restr#!ted #n t-#s layo%t5

    8 P%r!-ase t-ro%g- www5!+a2b#?5!om 

    25 Pa+er$bo%nd – T-#s layo%t #s #deally s%#ted for t-ose want#ng a -ard !o+y5

    8 P%r!-ase t-ro%g- www5!+a2b#?5!om 

    35 PF – T-#s layo%t #s #deally s%#ted for organ#?at#ons #nterested #n l#!ens#ng

    m%lt#+le !o+#es5

    8 Conta!t t-e 'ICP' at !o+yr#g-ta#!+a5org[email protected]:[email protected]://

    .%est#ons & Comments
