Abstract
Purpose: The aim of this chapter is to provide an account of the key components of internal control. This will be done by introducing a leading practical framework on internal control.
Synopsis: The COSO is a voluntary private sector organization in the United States dedicated to improving the financial reporting quality, internal control and corporate governance. In 1992, COSO issued a report entitled Internal Control – Integrated Framework. It provided in-depth guidance on internal control for directors, managers, auditors, regulators, investors and other concerned stakeholders. Since its release, the COSO has become a blue-print for firms that are struggling with the governance and management of internal controls. Furthermore the framework has been extensively applied by companies subject to the Sarbanes-Oxley Act in the United States and also underlies some of the professional standards on internal control. The COSO 1992 defines internal control as a process consisting of five interrelated components designed to provide reasonable assurance that organizational objectives will be met. These internal control components consist of the control environment, risk assessment, control activities, information and communication and monitoring. In 2004, the COSO released the integrated framework on Enterprise Risk Management which highlighted the importance of effective risk management practices. The COSO 2004 explicitly tied internal control even closer to risk, regarding internal control as a risk treatment for risk exposures. Through responses such as reducing, accepting, sharing and avoiding, risk exposures may be addressed through the application of controls for example. Those events which potentially have a negative impact are dealt with through a disciplined risk management process. Those events which potentially could have a positive outcome are regarded as opportunities and fed back into the strategy and objective setting process. Later, in 2007, the COSO released a draft document on Monitoring and the final guidance was released in 2009. This guidance emphasizes the importance of monitoring controls. Through an effective internal control change management process, weaknesses in the design and operating effectiveness of controls may be identified and adjusted so that internal controls remain effective over time.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahrne, G., & Brunsson, N. (eds.). (2004). Regelexplosionen. Ekonomiska Forskningsinstitutet, Handelshögskolan i Stockholm. Elanders Gotab
Anderson, S. W., Christ, M. H., & Sedatole, K. L. (2006). Risky business. Internal Auditor, 63, 47–52.
Bowling, D. M., & Rieger, L. A. (2005, February–March). Making sense out of COSO’s new framework for enterprise risk management. Bank Accounting and Finance, 29–34.
Cheney, G. (2007, October 31). Assurance: COSO queries concepts in monitoring internal control. Accounting Today, 14.
Chenhall, R. (2003). Management control systems design within its organizational context: Findings from contingency-based research and directions for the future. Accounting, Organizations and Society, 28, 127–168.
COCO (Canadian Institute of Chartered Accountants). (1995). Guidance on control. Canada
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (1992). Internal control – Integrated framework. New York: AICPA.
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2004). Enterprise risk management – Integrated framework, executive summary. New York: AICPA.
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2006). Internal control over financial reporting – Guidance for smaller public companies, volume 1: executive summary. New York: AICPA.
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2007). Internal control – integrated framework, guidance on monitoring internal control systems, Discussion document, 2007–09
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2009a). Internal control – integrated framework. Guidance on monitoring internal control systems – introduction. New York: AICPA. Available at www.coso.org
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2009b). Effective enterprise risk oversight – the role of the board of director. New York: AICPA. Available at www.coso.org
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2010a, December). Board risk oversight – a progress report. Where boards and directors currently stand in executing their risk oversight responsibilities. Research commissioned by COSO. Available at www.coso.org
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2010b). Developing key indicators to strengthen enterprise risk management. How key risk indicators can sharpen focus on emerging risks. Research commissioned by COSO. Available at www.coso.org
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2011). Embracing enterprise risk management. Practical approaches to getting started. Research commissioned by COSO. Available at www.coso.org
Far, S. R. S. (2009). Samlingsvolymen 2009 Revision [Swedish Audit Standards 2009]. Stockholm/Sverige: FAR SRS Förlag.
FFE (The Federation of European Accountants). (2007). Selected issues in relation to financial statement audits. Inherent limitations, reasonable assurance, professional judgement and its documentation, and enforceability of auditing standards. Available at www.ffe.be
Fraser, I., & Henry, W. (2007). Embedding risk management: Structures and approaches. Managerial Auditing Journal, 22(4), 392–409.
FRC (Financial Reporting Council). (2005). Internal control. Revised guidance for directors on the combined code. London. Available at www.frc.org.uk
Gupta, P. P., & Thomson, J. C. (2006). Use of COSO 1992 in management reporting on internal control. Strategic Finance, 27–33.
Hammer, M., & Champy, J. (1993). Reengineering the corporation. A manifesto for business revolution. London: Nicholas Brealey.
Heier, J. R., Dugan, M. T., & Sayers, D. L. (2005). A century of debate for internal controls and their assessment: A study of reactive evolution. Accounting History, 10(3), 39–70.
IAASB (International Auditing and Assurance Standards Board). (2006, December). Redrafted International Standards on Auditing 240, 300, 315, 330. New York
IIA (Institute of Internal Auditors). (2004). The professional practices framework. Florida: The IIA Research Foundation. Global Practices Center.
IIA (Institute of Internal Auditors). (2009). International professional practices framework (IPPF). Florida: The IIA Research Foundation.
Johnson, T. H., & Kaplan, R. S. (1987). Relevance lost. The rise and fall of management accounting. Boston: Harvard Business School Press.
Kodgruppen [The Code group]. (2004). Svensk kod för bolagsstyrning [Swedish code of Corporate Governance], Stockholm.
Kollegiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2008b). Svensk kod för bolagsstyrning. Gällande från 1 juli 2008 [The Swedish code of Corporate Governance: Applicable from July 1 2008], Stockholm. Available at www.corporategovernanceboard.se
Langfield-Smith, K. (1997). Management control systems and strategy: A critical review. Accounting, Organizations and Society, 22(2), 207–232.
Mikes, A. (2009). Risk management and calculative cultures. Management Accounting Research, 20, 18–40.
Otley, D. T. (1980). The contingency theory of management accounting: Achievement and prognosis. Accounting, Organizations and Society, 5(4), 413–428.
Otley, D. T. (1994). Management control in contemporary organizations: Towards a wider framework. Management Accounting Research, 5, 289–299.
Otley, D. T. (1999). Performance management: A framework for management control systems research. Management Accounting Research, 10, 363–382.
Otley, D. T. (2003). Management control and performance management: Whence or whither? The British Accounting Review, 35, 309–326.
Otley, D. T. (2008). Did Kaplan get it right? Accounting, Auditing and Accountability Journal, 21(2), 229–229.
PCAOB (Public Company Accounting Oversight Board). (2007). Auditing Standard No.5 – An audit of internal control over financial reporting that is integrated with an audit of financial statements. Available at www.pcaob.org
Pfister, J. A. (2009). Managing organizational culture for effective internal control, from practice to theory. Heidelberg: Physica-Verlag.
Power, M. (2007). Organized uncertainty: Designing a world of risk management. New York: Oxford University Press.
Quinn, L. R. (2006, July). COSO at a crossroad. Strategic Finance, 42–49.
Senior Supervisors Group. (2009, October 21). Risk management lessons from the global banking crisis of 2008. Available at www.sec.gov
Shaw, H. (2006, March). The trouble with COSO. CFO, 75–77.
Simons, R. (1987). Accounting control systems and business strategy: An empirical analysis. Accounting, Organizations and Society, 12(4), 357–374.
Simons, R. (1990). The role of management control systems in creating competitive advantage: New perspectives. Accounting, Organizations and Society, 15(1/2), 127–143.
Simons, R. (1991). Strategic orientation and top management attention to control systems. Strategic Management Journal, 12(1), 49–62.
Simons, R. (1995). Levers of control: How managers use innovative controls systems to drive strategic renewal. Boston: Harvard Business School Press.
Spira, L. F., & Page, M. (2003). Risk management: The reinvention of internal control and the changing role of internal audit. Accounting, Auditing and Accountability Journal, 16(4), 640–661.
Trenerry, A. (1999). Principles of internal control. Sydney: University of New South Wales Press.
Turley, S., & Zaman, M. (2007). Audit committee effectiveness: Informal processes and behavioural effects. Accounting, Auditing and Accountability Journal, 20(5), 765–788.
Vinten, G. (2001). Corporate governance and the sons of Cadbury. Corporate Governance, 1(4), 4–8.
Walker, P. L., Shenkir, W. G., & Barton, T. L. (2003, August). ERM in practice. Internal Auditor, 51–55.
Whitley, J. (2006, December). COSO to develop further internal control guidance. Internal Auditor, 18.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Arwinge, O. (2013). Key Components of Internal Control. In: Internal Control. Contributions to Management Science. Physica, Heidelberg. https://doi.org/10.1007/978-3-7908-2882-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-7908-2882-5_3
Published:
Publisher Name: Physica, Heidelberg
Print ISBN: 978-3-7908-2881-8
Online ISBN: 978-3-7908-2882-5
eBook Packages: Business and EconomicsBusiness and Management (R0)