Internal Control — Integrated Framework

1 Committee of Sponsoring Organizations of the Treadway CommissionInternal Control Integrated FrameworkCommittee of Sponsoring Organizations of the Treadway CommissionTo submit comments on this Public Exposure Draft, please visit the website. Responses are due by November 16, will be asked to respond to a series of questions. Those questions may be found on-line at and in a separate document provided at the time of download. Respondents may upload letters through this site. Please do not send responses by fax. Written comments on this exposure draft will become part of the public record and will be available on-line March 31, 2012 Internal Control over External Financial Reporting: A Compendium of Approaches and ExamplesDraft for DiscussionDraft for Discussion 2012 All Rights Reserved. No part of this publication may be reproduced, redistributed, transmitted or displayed in any form or by any means without written permission.

2 For information regarding licensing and reprint permissions please contact the American Institute of Certified Public Accountants, licensing and permissions agent for COSO copyrighted materials. Direct all inquiries to or to AICPA, Attn: Manager, Rights and Permissions, 220 Leigh Farm Rd., Durham, NC 27707. Telephone inquiries may be directed to Control Integrated FrameworkTo submit comments on this Public Exposure Draft, please visit the website. Responses are due by November 16, will be asked to respond to a series of questions. Those questions may be found on-line at and in a separate document provided at the time of download. Respondents may upload letters through this site. Please do not send responses by fax. Written comments on this exposure draft will become part of the public record and will be available on-line March 31, 2012 Internal Control over External Financial Reporting: A Compendium of Approaches and ExamplesCommittee of Sponsoring Organizations of the Treadway CommissionDraft for DiscussionDraft for DiscussionCommittee of Sponsoring Organizations of the Treadway Commission Board Members Representative COSO Chair David L.

3 LandsittelAmerican Accounting Association Mark S. Beasley Douglas F. PrawittThe Institute of Internal Auditors Richard F. ChambersAmerican Institute of Certified Public Accountants Charles E. LandesFinancial Executives International Marie N. HolleinInstitute of Management Accountants Sandra Rictermeyer Jeffrey C. Thomson PwCAuthorPrincipal Contributors Miles Everson Engagement Leader New York, USA Stephen E. Soske Project Lead Partner Boston, USA J. Aaron Garcia Project Lead Director San Diego, USA Cara M. Beston Partner San Jose, USA Charles E. Harris Partner Florham Park, USA Eric M. Bloesch Managing Director Philadelphia, USAJ ames M. Downs Director San Francisco, USA (Through January 2012)Frank J. Martens Director Vancouver, Canada Jay A. Posklensky Director Florham Park, USAC harles J.

4 Finn Senior Manager Detroit, USAN atalie Protze Senior Manager Washington , USA (July 2011 to March 2012)Draft for DiscussionAdvisory CouncilSponsoring Organizations RepresentativesAudrey A. Gramling Bellarmine University Fr. Raymond J. Treece Endowed ChairSteven E. Jameson Community Trust Bank Executive Vice President and Chief Internal Audit & Risk OfficerJ. Stephen McNallyCampbell Soup Company Finance Director/ControllerRay Purcell Pfizer Director of Financial ControlsBill Schneider AT&T Director of AccountingMembers at LargeJennifer BurnsDeloittePartnerJim DeLoach Protiviti Managing DirectorTrent Gazzaway Grant Thornton PartnerCees Klumper The Global Fund to Fight AIDS, Tuberculosis and Malaria Chief Risk OfficerThomas Montminy PwC PartnerAl Paulus E&Y PartnerThomas Ray KPMG PartnerDr. Larry E.

5 RittenbergUniversity of WisconsinEmeritus Professor of Accounting Chair Emeritus COSOKen Vander Wal ISACA PresidentRegulatory Observers and Other ObserversJames Dalkin Government Accountability Office Director in the Financial Management and Assurance TeamHarrison E. Greene, Jr. Federal Deposit Insurance Corporation Assistant Chief AccuntantChristian Peo Securities and Exchange Commission Professional Accounting Fellow (Through June 2012)Amy SteeleSecurities and Exchange CommissionAssociate Chief Accountant (Commencing July 2012)Vincent Tophoff International Federation of AccountantsSenior Technical ManagerKeith Wilson Public Company Accounting Oversight Board Deputy Chief AuditorDraft for DiscussionAdditional PwC ContributorsMark CohenPartner San Francisco, USAA ndrew DahlePartner Chicago, USAJ unya HakodaPartner (Retired)Tokyo, JapanBrian KinmanPartner St.

6 Louis, USAPat McNameePartner Florham Park, USAJ onathan MullinsPartner (Retired)Dallas, USAA lexander YoungPartner Toronto, CanadaAntoine ElachkarManaging DirectorWashington , USAGary MossManaging DirectorMilwaukee, USAC atherine JourdanDirectorParis, FranceFrank MaggioDirectorChicago, USAC hristopher MichaelsonDirectorMinneapolis, USAS allie Jo PerragliaManagerNew York, USAT racy WalkerDirectorBangkok, ThailandQiao PanSenior AssociateNew York, USAD raft for DiscussionPrefaceThis project was commissioned by COSO, which is dedicated to providing thought lead-ership through the development of comprehensive frameworks and guidance on Internal Control , enterprise risk management, and fraud deterrence designed to improve organi-zational performance and oversight and to reduce the extent of fraud in organizations.

7 COSO is a private sector initiative, jointly sponsored and funded by: American Accounting Association (AAA) American Institute of Certified Public Accountants (AICPA) Financial Executives International (FEI) Institute of Management Accountants (IMA) The Institute of Internal Auditors (IIA)Draft for DiscussionTable of ContentsForeword ..i1. Introduction ..12. Control Environment ..113. Risk Assessment ..454. Control Activities ..735. Information and Communication ..1036. Monitoring Activities ..131 AppendixExamples by Topic ..148 Internal Control Integrated Framework September 2012 Draft for DiscussionDraft for DiscussionForewordIn 2013, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released an update to its Internal Control Integrated Framework ( Framework ).

8 The original Framework , which was released in 1992, has gained broad acceptance and is widely used around the world. It is recognized as a leading Framework for designing, implementing, and conducting Internal Control and for establishing requirements for an effective system of Internal Control . To help users apply the Framework to Internal Control over external financial reporting, COSO has released this companion publica-tion, Internal Control over External Financial Reporting: A Compendium of Approaches and Examples (Compendium). The Framework retains the core definition of Internal Control and the five components of Internal Control . At the same time, the Framework includes enhancements and clari-fications that are intended to ease use and application. One of the more significant enhancements is the formalization of fundamental concepts introduced in the original Framework as principles.

9 These principles associated with the five components provide clarity for users in designing and implementing systems of Internal Control . In turn, this Compendium provides approaches and examples to illustrate how entities may apply the principles set out in the Framework to a system of Internal Control over external financial the twenty years since the release of the original Framework , business and operating environments have changed dramatically, becoming increasingly complex, technologi-cally driven, and global. At the same time, stakeholders have become more engaged, seeking greater transparency and accountability for the integrity of systems of inter-nal Control that support business decisions and governance of the organization. The Framework and the Compendium incorporate many of these changes including: Expectations for Governance Oversight Higher regulatory and stakeholder expectations require the board of directors to oversee Internal Control over exter-nal financial reporting.

10 Some jurisdictions require specific regulatory requirements for expertise and independence of board members of certain types of entities. Globalization of Markets and Operations Organizations expand beyond domes-tic markets in the pursuit of value, often entering into international markets and executing cross-border mergers and acquisitions. Changes and Greater Complexity in the Business Organizations change busi-ness models and enter into complex transactions in pursuit of growth, greater quality, and productivity, and in response to changes in market and regulatory environments. These changes may include entering into strategic alliances, joint ventures, and other complex contractual arrangements with external parties, implementing shared services, and engaging outsourced service 2 3 Internal Control Integrated Framework September 2012iDraft for DiscussionInternal Control over External Financial Reporting: A Compendium of Approaches and ExamplesControl Environment Risk Assessment Control Activities Information and Communication Monitoring Activities Demands and Complexities in Laws, Rules, Regulations, and Standards Regula-tors and policy makers promote greater investor protection and confidence in the financial reporting systems through changes in rules, regulations, and standards.