Internal Control Policy - Risk Control Frameworks
COSO Framework:
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a private sector initiative that provides insights into the internal control frameworks of organizations.
The COSO Framework reduces a business’s operational risk with control and monitoring measures. Above all else, this process is iterative and requires regular review to ensure initial control measures are working as intended. To this end, the COSO committee produces guidance documents designed to help organizations. These documents are continually updated as better practices come to light.
The COSO framework of internal control consists of five components: control environment, risk assessment, control activities, information and communication, and monitoring.
Control Environment – The Board of Directors shall maintain an environment conducive to maintaining adequate internal control. The Board of Directors recognizes that the control environment provides the discipline and structure to help Company achieve its objectives.
Responsibility – The Board of Directors is responsible for ensuring that an adequate and effective internal control system exists in their organization and that the senior management is maintaining and monitoring the performance of that system. The Board of Directors should establish and define responsible parties' accountability for overseeing and maintaining internal control. These lines of accountability should be reviewed annually to ensure that performance measures are being met. Corrective measures or changes in responsibility should be implemented as needed.
Annual Review – Internal audit procedures should be reviewed by the Board of Directors annually. Any outdated or non-operating procedures should be updated or removed. New controls should be implemented where appropriate.
Identified Deficiencies – Identified control failures or deficiencies and proposed corrective action plans for newly identified issues will be communicated to Management quarterly, and the Board of Directors annually.