Está en la página 1de 10

PD

F-Xchange
PD
F-Xchange
!
W
N O
y
bu
to
k
C lic
m
C lic
k
to
bu
y
N O
. C
W
w
!
. D o
w
the
. D o
c u-tra c k
c u-tra c k
. C
COSO
In 1975 it was created in the United States, the National Commission on Fraudule
nt Financial Reporting (National Commission on Fraud in Financial Reports), an i
ndependent initiative to study the causes of the occurrence of fraud in financia
l reports / statements. This committee was composed of representatives of major
trade associations of professionals involved in the financial area. His first ob
ject of study were the internal controls. In 1992 he published the work Internal
Control - Integrated Framework (Internal Controls - An Integrated Model). This
publication has become a world reference for the study and application of intern
al controls. It subsequently peanut in Committee, which became known as COSO - T
he Comitee of Sponsoring Organization (Committee of Sponsoring Organizations). T
he COSO is a nonprofit organization dedicated to improving financial reporting t
hrough ethics, effective internal controls and corporate governance. It is spons
ored by five leading trade associations of professionals connected to the financ
ial district in the United States, namely: AICPA American Institute of Certified
Public Accounts American Accounting Association Financial Executives Internatio
nal The Institute of Internal Auditors Institute of Management Accountants Ameri
can Institute of Certified Public Accountants . American Association of Accounta
nts Financial Executives International Institute of Internal Auditors Institute
of Management Accountants
FEI AAA IIA IMA
The Committee works independently, for their funders. Its members are representa
tives from industry, accountants, investment firms and the Stock Exchange of New
York. Job Purpose The COSO - Internal Control. It is understood by the Internal
Control a process developed to ensure, with reasonable certainty to be achieved
the company objectives in the following categories: efficiency and operational
effectiveness - goals and strategy and performance: This category relates to the
basic objectives of the entity, including the objectives and goals of performan
ce and profitability, as well as the safety and quality of assets;
the
m
w
w
w
w
PD
F-Xchange
PD
F-Xchange
!
W
N O
y
bu
to
k
C lic
m
C lic
k
to
bu
y
N O
. C
W
w
!
. D o
w
the
. D o
c u-tra c k
c u-tra c k
. C
Confidence in the accounting records / financial - goals of information: all tra
nsactions must be recorded, all records must reflect actual transactions as refl
ected by the values and frameworks correct. Compliance - compliance objectives:
the laws and regulations applicable to the entity and its area of operation. By
COSO, Internal Control is a process consisting of five elements, which are inter
related and present throughout the internal controls: • • • • • Control Environm
ent, Risk Assessment and Management, Active Control, Information and communicati
on Monitoring.
Control Environment is the awareness of control of the entity, its culture of co
ntrol. Environment Control is effective when people of authority know what their
responsibilities, the limits of their authority and have the awareness, compete
nce and commitment to do what is right the right way. Control Environment involv
es technical competence and ethical commitment, is an intangible factor, essenti
al to the effectiveness of internal controls. The attitude of top management pla
ys a decisive role in this component. She must make clear to his men what are th
e policies, procedures, the Code of Ethics and Code of Conduct to be adopted. Th
ese settings can be done formally or informally, the important thing is that the
y are clear to officials of the organization. The main functions of the Internal
Control are related to the fulfillment of the objectives of the entity. Therefo
re, the existence of goals and objectives is vital to the existence of internal
controls. If the entity does not have clear objectives and goals, there is no ne
ed for internal controls. Assessment and risk management is the identification a
nd analysis of the risks associated with not meeting the goals and operational o
bjectives, reporting and compliance. This set forms the basis for how risks are
managed. Administrators should define levels of operational risk, information an
d compliance that are willing to take. Risk assessment is a management responsib
ility, but it is for Internal Audit to make a proper evaluation of risks,€compar
ing it with the assessment made by administrators.
the
m
w
w
w
w
PD
F-Xchange
PD
F-Xchange
!
W
N O
y
bu
to
k
C lic
m
C lic
k
to
bu
y
N O
. C
W
w
!
. D o
w
the
. D o
c u-tra c k
c u-tra c k
. C
Identification and management of risks is a proactive action that prevents unple
asant surprises.
Risk is the probability of loss or uncertainty associated with the fulfillment o
f a goal. For each objective proposed to be made a process of identifying risks.
Analysis Once you have identified the risks, we must evaluate them, taking into
account the following aspects: What is the probability (frequency) to occur? In
the event of what would be its impact on operations, considering the quality an
d quantity? Check in your opinion, what actions would be needed to manage the id
entified risks. Control activity are those activities that when implemented on t
ime and properly, allowing the reduction or management of risks. Can be of two k
inds: the prevention and detection. The main activities of control and their nat
ures are listed below: • heave (prevention) are the limits determined to be an o
fficial, as to whether this amounts to approve or take positions on behalf of th
e institution.
the
m
w
w
w
w
PD
F-Xchange
PD
F-Xchange
!
W
N O
y
bu
to
k
C lic
m
C lic
k
to
bu
y
N O
. C
W
w
!
. D o
w
the
. D o
c u-tra c k
c u-tra c k
. C
Examples: Establishing maximum value for a cash payment of a check; Establishmen
t of roofs made by a trader for each investment horizon; Establishment of author
ity for operating the Credit Committee of the agency. • Commitments (prevention)
administration determines the activities and transactions that require approval
from a supervisor to take effect. The approval of a supervisor in a manual or e
lectronic means that he checked and validated the activity or transaction, and e
nsured that it complies with the policies and procedures. Those responsible for
the authorization should check the relevant documentation, to question unusual i
tems and ensure that the information necessary for the transaction were checked,
before giving its authorization. Conciliation (detection) is the confrontation
of the same information with data from different bases, taking corrective action
s when necessary. Performance reviews (detection): monitoring of an activity or
process to evaluate its suitability and / or performance against goals, objectiv
es and benchmarks outlined, as well as continuous monitoring of the financial ma
rket (for banks) in order to anticipate changes that may negatively impact the e
ntity. Examples: monitoring the behavior of credit card users (unusual places, d
ifferent products, etc..) Monitoring and questioning of abrupt fluctuations in t
he results of agencies, products, proprietary trading and third parties; Monitor
ing realized values and budgeted in units with the aim of identifying problems /
issues; monitoring the competition, aiming to launch new products.
• •

Physical Security (prevention and detection): the values of an entity should be
protected from use, purchase or sale is not authorized. One of the best controls
to protect assets is physical security, which includes access control, control
of entry and exit of staff and materials, passwords to electronic files, call-ba
ck for remote access, encryption, and others. Included in this control, the proc
esses of inventory of the items most valuable to the entity (eg, conference cash
).
the
m
w
w
w
w
PD
F-Xchange
PD
F-Xchange
!
W
N O
y
bu
to
k
C lic
m
C lic
k
to
bu
y
N O
. C
W
w
!
. D o
w
the
. D o
c u-tra c k
c u-tra c k
. C

Segregation of duties (prevention): segregation is essential for the effectivene
ss of internal controls. It reduces both the risk of human error as the risk of
unwanted actions. Accounting and reconciliation, reporting and authorization, cu
stody and inventory, procurement and payment, management of own resources and ot
hers, normalization (risk management) and monitoring (audit) should be segregate
d among employees. Computer systems (detection and prevention): controls made th
rough computerized systems are divided into two types: General Controls: Control
s require the centers of data processing and controls the acquisition, developme
nt and maintenance of programs and systems. Examples: Organization and maintenan
ce of back-up files, log file system, contingency planning;€Controls the applica
tions: are the controls that exist in enterprise applications, which are intende
d to ensure the integrity and veracity of data and transactions. Examples: valid
ation of information (check the information with records stored in databases).


Internal standardization (prevention) is the definition of a formal, internal ru
les for the operation of the entity. Standards should be easily accessible to em
ployees and the organization should define responsibilities, corporate policies,
operational flows, functions and procedures. Control activities should be imple
mented on a weighted, conscious and consistent. Pointless to implement a control
procedure if it is executed in a mechanical way, without focusing on the condit
ions and problems that motivated its deployment.
Information and Communication Communication is the flow of information within an
organization, understanding that this flow occurs in all directions - the hiera
rchical levels above the lower hierarchical levels, the lower and upper levels a
nd horizontal communication between hierarchical levels equivalent. Monitoring i
s the evaluation of internal controls over time. He is the best indicator of whe
ther internal controls are being effective or not. It is done both through the o
ngoing monitoring of activities as for occasional assessments such as self-asses
sment, review and any internal audit. The function of monitoring is to ensure th
at internal controls are adequate and effective. Adequate controls are those in
which the five elements of control (environmental assessment
the
m
w
w
w
w
PD
F-Xchange
PD
F-Xchange
!
W
N O
y
bu
to
k
C lic
m
C lic
k
to
bu
y
N O
. C
W
w
!
. D o
w
the
. D o
c u-tra c k
c u-tra c k
. C
risks, control activities, information & communication and monitoring) are prese
nt and functioning as planned. Controls are effective when senior management has
a reasonable certainty: • • • The degree of achievement of operational objectiv
es proposed, a statement that the information provided by the reports and corpor
ate systems are reliable, and What laws, regulations and standards are being met
.
the
m
w
w
w
w

Intereses relacionados