COSO stands for Committee of Sponsoring Organisations of the Treadway Commission. Principal 11 refers to the maintenance of proper internal controls over information technology. This principal is the updated internal control framework and provides guidelines for assessing the effectiveness of controls over IT.
Internal controls are defined as “a process, effected by an entity’s Board of Directors, Management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance”. Collectively, policies, processes, procedures, and controls make up a company’s system of internal control.
In East Africa, we are now noting many organisations, both large and small, implementing new and improved IT systems to drive both efficiency and growth. Various recent reports including the Rapoport 2012 report suggest that accountants may lack sufficient training and guidance in respect to internal controls. They thus need to apply critical-thinking skills to:
(1) Classify a listing of controls as being aligned to the COSO 2013 framework.
(2) Identify any deficiencies in design due to missing or inadequate internal controls.
Principle 11 states that the organisation should select and develop general control activities over information technology to support the achievement of objectives. Points of focus supporting the principle state that the organisation:
(1) Determines dependency between the use of technology in business processes and technology general controls.
(2) Establishes relevant technology infrastructure control activities.
(3) Establishes relevant security management process control activities.
(4) Establishes relevant technology acquisition, development and maintenance process control activities.
From our past experience, an organisations external auditor does somewhat consider internal controls as they plan an audit of the organisations financial statements. They basically identify areas that have the greatest risk so as to plan their audit procedures accordingly. But the bulk of the work on the actual implementation of internal controls must be done internally by either qualified CFO’s and Controllers who have the necessary skills, experience and educational backgrounds or by suitably qualified Consultants.
Are the internal controls over your organisations IT Systems so strong such that you are producing reliable financial statements free from any misstatement or fraud?
As members of The Chartered Institute of Management Accountants (CIMA) and The Chartered Global Managements Accountants body, The CFOO Centre’s team members are also professionally associated with the American Institute of CPA’s (AICPA). We have available resources, programs and checklists to carry out internal control assessments, reviews and internal control implementations.
The CFOO Centre team will guide you in:
(1) Classifying (mapping) a listing of controls as being aligned with one (or more) of the COSO 2013 Framework’s 5 components and 17 principles that comprise a well-designed system of internal control,
(2) Identify any deficiencies or gaps in design due to missing or inadequate internal controls.
(3) Implement controls thereon.
www.cfoocentre.com