• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
Free ACCA & CIMA online courses from OpenTuition

Free ACCA & CIMA online courses from OpenTuition

Free Notes, Lectures, Tests and Forums for ACCA and CIMA exams

  • ACCA
  • CIMA
  • FIA
  • OBU
  • Books
  • Forums
  • Ask AI
  • Search
  • Register
  • Login
  • ACCA Forums
  • Ask ACCA Tutor
  • FIA Forums
  • CIMA Forums
  • OBU Forums
  • Qualified Members forum
  • Buy/Sell Books
  • All Forums
  • Latest Topics

20% off ACCA & CIMA Books

OpenTuition recommends the new interactive BPP books for December 2025 exams.
Get your discount code >>

what the eletment of COSO framework in Internal Control

Forums › ACCA Forums › General ACCA Forums › what the eletment of COSO framework in Internal Control

  • This topic has 12 replies, 4 voices, and was last updated 13 years ago by techno.
Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • May 28, 2012 at 5:46 am #52921
    dragon76
    Member
    • Topics: 50
    • Replies: 77
    • ☆☆

    Pls. anybody can help me on this subject

    June 3, 2012 at 7:27 pm #98462
    richieinspain
    Member
    • Topics: 19
    • Replies: 86
    • ☆☆

    When reviewing an Internal Control System COSO is generally applied. The format is as follows;

    1) Review the internal control environment – discuss with managers, Internal audit department etc… the level of controls needed
    2) Ascertain the level and types of risk the company faces e.g. by reading the risk report, discussions with risk management
    3) Now that you now know the environment you can assess what is in place. Review the application of the Internal controls i.e. review internal audit reports
    4) Review how recommendations and reports are received and acted on. Discussions with the audit committee may be relevant here
    5) Review how internal controls are managed e.g. talk with senior/departmental mangers charges with such a responsibility

    COSO provides a way to review the whole system of internal controls

    June 3, 2012 at 7:27 pm #98463
    richieinspain
    Member
    • Topics: 19
    • Replies: 86
    • ☆☆

    When reviewing an Internal Control System COSO is generally applied. The format is as follows;

    1) Review the internal control environment – discuss with managers, Internal audit department etc… the level of controls needed
    2) Ascertain the level and types of risk the company faces e.g. by reading the risk report, discussions with risk management
    3) Now that you now know the environment you can assess what is in place. Review the application of the Internal controls i.e. review internal audit reports
    4) Review how recommendations and reports are received and acted on. Discussions with the audit committee may be relevant here
    5) Review how internal controls are managed e.g. talk with senior/departmental mangers charges with such a responsibility

    COSO provides a way to review the whole system of internal controls

    June 13, 2012 at 8:10 pm #98464
    techno
    Member
    • Topics: 7
    • Replies: 27
    • ☆

    Thanks richieinspain for your helpful post.

    Sorry to be a dunce about this, but I thought the COSO framework had 8 parts,

    – Internal/Control environment,
    – Objective setting,
    – Event identification,
    – Risk assessment,
    – Risk response,
    – Control activities/procedures,
    – Info & communications,
    – Monitoring.

    Where does your COSO 5-part reveiw of Internal control systems fit into this?
    Is your 5-part review all part of COSO stage 1…the Internal/Control environment?

    Your 5-part Review of IC seems very sensible, but I can’t seem to find any reference to it in my BPP textbook, so I’m completely lost!

    Thanks.

    June 14, 2012 at 11:46 am #98465
    Anonymous
    Inactive
    • Topics: 0
    • Replies: 6
    • ☆

    There’s 8 component of COSO. This i get from COSO website itself.

    1) Internal Environment – The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.

    2) Objective Setting – Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite.

    3) Event Identification – Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management’s strategy or objective-setting processes.

    4) Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis.

    5) Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite.

    6) Control Activities – Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.

    7) Information and Communication – Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity.

    8) Monitoring – The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both.

    June 14, 2012 at 3:20 pm #98466
    techno
    Member
    • Topics: 7
    • Replies: 27
    • ☆

    Thanks crazycujo…I agree with your 8 components of the COSO framework.

    But where does richieinspain’s 5-part COSO review of Internal Controls fit into this 8-part framework?

    Is it one of the 8 elements….or is it something totally separate?

    June 15, 2012 at 7:55 am #98467
    Anonymous
    Inactive
    • Topics: 0
    • Replies: 6
    • ☆

    yes i think it fits into the five component. The 5 components is more on internal control. While the 8 component is enterprise risk management which is an extension to the former just that it adds steps 2,3 and 5. The added components is decided on strategic level by the board. For example if you look at 2,3 and 5.

    2) objective setting – objective should align with the shareholders’ interest and risk appetite e.g financial industries (risk seeking) or airline (risk averse)

    3)relate to internal and external environment
    – internal (look at the financial and physical resources and capability of the company to handle the risk
    – external (look at chages in laws and regulations, sector-specific industry etc)
    Assessing all these help the company to identify business opportunities and risk – how well the company capitalize on the opportunities and minimize the risks involve with any business objectives and strategies

    5) The line manager can only review and report to the board but the decision is for board to decide whether to transfer, avoid, reduce and accept the risk.

    So if you ask me on reviewing the internal control, the 5 component would be sufficient as the internal control is to manage risk at operational level.

    But if on board level the 8 components is more appropriate.

    Hope this help.

    June 15, 2012 at 2:02 pm #98468
    techno
    Member
    • Topics: 7
    • Replies: 27
    • ☆

    Thanks crazycujo, your explanation is very helpful.

    So is this correct:

    COSO has an 8 stage Enterprise Risk Managment framework which is appliaed across an org. from the Board down to operations, to manage risks.

    But…

    COSO has also published a 5-stage Reveiw of Internal Controls.
    This 5-stage reveiw looks at just the implementation/effectiveness of Internal Controls.
    This is separate to the 8-stage Risk Mgt Framework, although there is some overlap between them because Internal Controls play a big role in Risk Mgt…hence the overlap.

    So they are 2 separate COSO frameworks, but there is overlap between their functions.

    Have I got that right…please correct me if my understanding is wrong?

    Many thanks.

    June 15, 2012 at 2:16 pm #98469
    Anonymous
    Inactive
    • Topics: 0
    • Replies: 6
    • ☆

    Yes they overlap. But the 5 component iinternal control is widely used in SOX as a standard to evaluate the adequacy of the internal controls.

    June 15, 2012 at 3:37 pm #98470
    techno
    Member
    • Topics: 7
    • Replies: 27
    • ☆

    Thanks crazycujo, that’s very helpful.
    The problem I’ve been having with this 5-stage COSO review of Internal Controls, is that it’s not actually in my textbook (BPP).
    When it comes to reveiw of internal controls, my book advocates the 4-part Turnbull approach:
    1) Risk assessment,
    2) Control environment & control activities,
    3) Information & communication,
    4) Monitoring.

    …obviously similar to the COSO review, but a bit different.

    The only thing I can find in my textbook that is anything like the 5-stage COSO review, is a tiny reference to COSO’s “Internal Control Over Financial Reporting – Guidance for Smaller Public Companies”….
    ….this does have 5-stages, and it is from COSO, but it deals with how these 5-stages should be applied to financial reporting…ie. the objectives of fin reporting, the reliability of fin statements, controls over fin reporting information etc.

    As you can see this is not really focusing on Internal Controls and risk mgt, the focus is on fin statements and reporting.

    Hence my confusion when I saw a 5-stage COSO review being applied to Internal Controls in general….all my textbook says is that is an aid to reviewing Fin Reporting risks, not an approach to reviewing the orgs entire Internal Control system.

    Your reference to SOX was very interesting…because I know SOX requires additional Internal Control disclosure/reports, and my BPP textbook says this should be an “Internal Control report” which states:

    – “managements responsibility for establishing & maintaining adequate internal control over fin reporting”
    plus
    – “an assessment of the effectiveness of the internal control over fin reporting”
    plus
    – “a statement identifying the framework used by management to evaluate the effectiveness of the company’s internal control over fin reporting.”

    My book then goes on to refer to just 4 things that might be done to review control systems:
    1- Identify controls at an entity and operational level.
    2- Reviewing the completeness of documentation.
    3- Testing Controls.
    4- Advising on contents of the “Internal Control report” contents, and identifying any weaknesses.

    As you can see, this is not the same as the 4-part Turnbull reveiw of Internal Controls, nor the 5-part COSO review of Internal Controls.

    So I couldn’t see how the COSO 5-part reveiw would be used/fit in to an exam answer. If they ask for a review of Internal Control systems, then the book advocates the 4-part Turnbull approach…if I use the COSO 5-part review instead, the marker might regard that as not quite right.

    So, would it be fair to say that for exam questions requiring general reveiws of Internal Control systems (eg for the board’s annual review of IC)….then we should use the 4-part Turnbull approach,
    but,
    – if the exam question requires a review of just the Fin Reports, say for the purposes of SOX, then we should use the COSO 5-part fin reporting review?

    Would this be correct?

    (Sorry for the long length of this question).

    June 16, 2012 at 11:06 pm #98471
    richieinspain
    Member
    • Topics: 19
    • Replies: 86
    • ☆☆

    Hi Techno,

    Sorry for the late response. The 5 step COSO came from the Kaplan Exam Kit. They stated that when faced with a question that asks you too “assess the Internal Control System” always use the 5 step approach.

    The difference between this and your 8 steps is that the 8 steps is about risk management (i.e. whats the risk, is it big, this is our reponse, implement it etc… and the 5 steps is more like an audit of the whole control system. Apologies as I thought you meant COSO and internal control systems rather then management.

    They are 2 different techniques for 2 different types of question.

    June 16, 2012 at 11:12 pm #98472
    richieinspain
    Member
    • Topics: 19
    • Replies: 86
    • ☆☆

    Page 180 in the Kaplan complete text book if you can somehow find access to it

    June 17, 2012 at 3:11 am #98473
    techno
    Member
    • Topics: 7
    • Replies: 27
    • ☆

    Thanks richieinspain…

    Thanks to crazycujo’s earlier posts, I managed to understand the difference between the COSO 8-stage Risk Mgt Framework….and the COSO 5-stage “Review of Internal Controls”…

    ….the problem I’m actually having is that there is no such thing as a COSO 5-stage “Review of Internal Controls” in my textbook…my BPP book says that for reviewing the internal controls (for instance, when the board does it’s regular and annual reviews of IC) then you should use the Turnbull 4-stage approach to review IC:

    1) Risk assessment,
    2) Control environment & control activities,
    3) Information & communication,
    4) Monitoring.

    The only ref to anything resembling a COSO 5-stage review is this COSO’s “Internal Control Over Financial Reporting – Guidance for Smaller Public Companies”…which has the correct 5-stages, but says they are actuallly intended for controls over fin. reporting/statements, rather than all Internal Controls across all the org.

    So it looks like the confusion has come out of the fact that BPP say IC should be reviewed by the Turnbull 4-stages, but Kaplan says you can use the COSO 5-stages.

    Crazycujo sowed an idea in my head when they said that the COSO 5-stage is used in SOX…this would make sense, as SOX requires the identification of a framework used to review the IC over the fin reporting….so I figured maybe you use the coso 5-stage for the IC over fin. statements, but for reviews of the ICS across the whole org, you would use the Turnbull 4-stage.

    That was the only way I could make sense of it…but obviously I’m just trying do do a bit of detective work on why something so important would be so different in my BPP textbook to the Kaplan.

    I’m 100% confident that the use of the COSO 5-stage review would be correct if the exam question asks for a framework to meet the SOX requirements of review of controls over fin statements.

    But what I am unsure of is what to do if the exam asks for a framework for the board’s review of IC’s in general…the BPP textbook really pushes the Turnbull 4-stage…..

    And unfortunately I’ve no Kaplan text, so I’m stuck with the BPP Turnbull recommnedation.

    It would be easier if there was just one framework for IC…like the Kaplan says…

    Tricksy….

  • Author
    Posts
Viewing 13 posts - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.
Log In

Primary Sidebar

Donate
If you have benefited from our materials, please donate

ACCA News:

ACCA My Exam Performance for non-variant

Applied Skills exams is available NOW

ACCA Options:  “Read the Mind of the Marker” articles

Subscribe to ACCA’s Student Accountant Direct

ACCA CBE 2025 Exams

How was your exam, and what was the exam result?

BT CBE exam was.. | MA CBE exam was..
FA CBE exam was.. | LW CBE exam was..

Donate

If you have benefited from OpenTuition please donate.

PQ Magazine

Latest Comments

  • John Moffat on Cost Classification and Behaviour part 1 – ACCA Management Accounting (MA)/you
  • John Moffat on FM Chapter 8 Questions – Relevant cash flows for DCF
  • Sid24012003 on Cost Classification and Behaviour part 1 – ACCA Management Accounting (MA)/you
  • babysnow88 on Equity settled share based payments – service – ACCA (SBR) lectures
  • smuuo on FM Chapter 8 Questions – Relevant cash flows for DCF

Copyright © 2025 · Support · Contact · Advertising · OpenLicense · About · Sitemap · Comments · Log in