The COSO Framework is used to design effective Internal Controls. The COSO Framework defines five components of Internal Controls.
Five Components of Internal Controls
Play a video:
Was this helpful?
Alright. So let's dive a little deeper into the topic of internal controls and discuss the five components. All right, So, we've talked about internal controls a little bit right. Internal controls, they help us safeguard assets, right? They keep people from stealing our stuff. They make financial information more reliable. Right? So our accounting records are better and ensure compliance with laws here as well. So remember internal controls. This is basically the company responding to fraud. Right? Let's write that here, responding to fraud. That's why we have internal controls is so that fraud can't happen. Okay? So when we design our internal controls, we use what's called the CO So framework here, the CO So framework, this is basically a system that's set up to help us design effective internal controls. Okay, So the coastal framework breaks up internal controls into five components. Let's see what they are. Let's start with control environment. Okay, so the control environment, this is kind of the tone in the company. Like basically setting an environment that looks down on fraud, right? We want honest people in our company. So it's just showing basically management is kind of setting an example right there. They're making the environment an example of like honest working. Right? So when we talk about control environment, there's a key phrase that we kind of always use when we discuss control environment and it's the tone at the top. Okay? So basically when we think about it, it's like, okay, management is very ethical and, management is honest. So the people below them are gonna also be honest because they see their role models or the, you know, the executives of the company are good people compare that to if they see management, that's always trying to be sneaky and always trying to be dishonest. Well, the employees as well might say, hey, I see management do it all the time. Maybe I could cut a corner here. Right? So tone at the top. The control environment is saying the executives should be setting a good example for the rest of the company. Okay. So other things involved in in the control environment? Well, the organizational structure, right? How the organization is structured like management of groups of people, How that structure is all part of the control environment and especially that tone at the top. Okay, here, we also have the code of conduct, right? There should be some kind of employee handbook. Whenever you have a new employee, they get this code of conduct, code of conduct of what's expected of them, right, What kind of conduct is expected of them. Okay. So that's the control environment. Next is risk assessment. So the company has to have some sort of a process in place that they're going to continually identify risks, right? They're gonna be continually identifying risk to the company. Those can be internal or external risks. When we think about risk, Those can come from competition, right? Changes in regulation. But specifically to us, we're thinking about here, the weaknesses in internal controls, right? Maybe there's some point in a process where a document should be signed by, you know, the accounting department to make sure that hey, everything's going okay And that process isn't in place, right? That could be a weakness. Internal internal controls. Okay. So this risk assessment process. It's an ongoing process. Next we have control activities. Alright. Control activities. This is the main part about internal controls. This is where we're actually doing things that are internal controls. So these are the procedures that are in place that address specific risks. Okay, internal control. These control activities could be as simple as a physical control where you lock the door. Right? That is a control where we lock the door to the warehouse so nobody can walk out with stuff at night. If you didn't have a lock on the door to the warehouse, that would be a weakness. Right? That there would be a weakness and internal controls, Someone could just leave with your inventory. Okay. Same thing with cash register saves, right? All those are physical controls, but there's other controls as well, documentation procedures. So a documentation procedure could be like using number checks. Right? So every time the company writes a check, there's a number and their consecutive in the in the corner. So they can see that hey, what you know, if they see all the checks, check 100 check 101102103 and then 104 is missing from the records. Well they should be able to go back and check what happened to 104. Right? Maybe it was a voided check. They made a mistake and voided it. There should be some sort of record of this. Right? So this pre numbered document makes sure that there's no gaps in the in the accounting records. Okay. And another very important control activity, separation of duties. This is another one that they love to talk about in these classes, separation of duties. And this is basically that it takes more than one person to complete a task. Okay? So if one person has full responsibility for everything related to a task well they have the power to commit some fraud. Okay So this basically comes down to the record keeping. So the person basically an accounting that's keeping track of everything should be separate from the person who physically has custody of the asset. Okay So if you think about the person in charge of the inventory in the warehouse should be separate from the person keeping track of all the inventory in the warehouse. That way there's two people that need to um that they can match records against. Right? So they know who where the error might have been or where the fraud might have occurred because everyone has a specific task. Okay so this also makes it so the record keeping is also keeping track and making sure that the inventory the person in charge right? The physical custody is doing their job. So separation of duties that's a big part of internal controls. The same person who counts the cash shouldn't be the same person who keeps track of cash, Right and records it in the journal. Okay. So um monitoring the next uh component here, monitoring. Well this one's pretty simple, right? That they should constantly be checking that internal controls are working, right? So we've got risk assessments where we're checking um you know what risks there might be, what weaknesses in the internal controls we're monitoring is making sure that the controls we have in place are working. And the last one is information and communication. And this just makes sure that information is captured correctly and timely. Right? So any any of these processes they shouldn't take forever. Right. You know if we're gonna have some process where this person has to sign a document, well we have to make sure that there's an actual benefit we're going to get from from this procedure we're putting in place and it's not gonna slow down information. Right? So that's about it for the five components we have the environment. Risk assessment, control activities monitoring and information and communication. This might be a little tough to remember all of these things all at once but this is the way I remember it and this is the way I was taught. So what we have is we're gonna have this c for control activities this are for risk assessment, this eye for information and communication, M. For monitoring and E. For environment. Okay. So notice we've got control activities and control environment. Well you know you're just gonna have to remember it like this so we've got control activities. See risk assessment, our information and communication, i monitoring M. And control environment. E. Crime. This is perfectly really good Pneumonic for a topic about fraud and internal controls. So you can remember the five components of internal controls. We have the crime demonic here. Alright, let's go ahead and move on to the next video.