Control model
Control models serve to describe operational control and monitoring systems and thus play an important role in the definition of corporate governance structures in private, but also in non-profit and public organizations.
Accounting and operations models
COSO Internal Control - Integrated Framework
The first COSO model was published in the USA in 1992 in order to improve the quality of the financial reporting of listed companies. In 1994, in the course of a discussion with the US Government Accountability Office (GAO) about the applicability in the public sector, a marginally changed second edition of the model was introduced.
COSO - in the wording of the official translations - refers to internal control in the broadest sense as a process that is carried out by the management, managers and other employees of a unit in order to achieve sufficient certainty that the objectives specified in the control categories will be achieved.
The four control categories of the COSO framework are:
- Functionality and profitability of business processes
- Reliability of operational and financial information
- Asset protection
- Comply with relevant laws and regulations
Five control components are also described:
- Control environment
- Risk assessment
- Control activities
- information and communication
- monitoring
CICA Criteria of Control (CoCo)
In 1995 the Canadian Institute of Chartered Accountants (CICA) introduced the CICA Guidance on Control, a more management-oriented control model. It contains 20 control criteria in 4 groups:
- Goal orientation - Purpose
- Motivation - commitment
- Skills - Capability
- Adaptation - Monitoring & Learning
COSO Enterprise Risk Management - Integrated Framework
In 2004, COSO published an expansion of the COSO model to supplement risk management functions.
COSO Internal Control over Financial Reporting - Guidance for Smaller Public Companies
A guide to complement the COSO model published in 2006 to help smaller entities establish Internal Control over Financial Reporting ( ICOFR ).
Other models
- Turnbull (UK)
- King (RSA)
- Vuinnot / Button (FR)
IT control models
The most common IT control model in practice is:
application
Private sector
Control models should be implemented by "companies of public interest" - according to the EU Commission in the draft directive COM (2004) 177 final.
Non-profit sector
Control models are used in large non-profit organizations, at least in the Anglo-Saxon region.
Public organizations
The use of control models is common in some countries; so z. B. Applications reported at the level of the European Court of Auditors (see EUROSAI ) and from Anglo-Saxon countries and Scandinavia. Working groups at INTOSAI , the OECD and the EU (e.g. PIFC, CHU) deal with the implementation.
See also
literature
- Julia C. Helbeck: Internal Control System in Practice - An implementation guide for managing operational risks in business processes . Saarbrücken 2008, ISBN 978-3836468817 ; A practical example for the implementation of the COSO model.