Control model

from Wikipedia, the free encyclopedia

Control models serve to describe operational control and monitoring systems and thus play an important role in the definition of corporate governance structures in private, but also in non-profit and public organizations.

Accounting and operations models

COSO Internal Control - Integrated Framework

The first COSO model was published in the USA in 1992 in order to improve the quality of the financial reporting of listed companies. In 1994, in the course of a discussion with the US Government Accountability Office (GAO) about the applicability in the public sector, a marginally changed second edition of the model was introduced.

COSO - in the wording of the official translations - refers to internal control in the broadest sense as a process that is carried out by the management, managers and other employees of a unit in order to achieve sufficient certainty that the objectives specified in the control categories will be achieved.

The four control categories of the COSO framework are:

  • Functionality and profitability of business processes
  • Reliability of operational and financial information
  • Asset protection
  • Comply with relevant laws and regulations

Five control components are also described:

  • Control environment
  • Risk assessment
  • Control activities
  • information and communication
  • monitoring

CICA Criteria of Control (CoCo)

In 1995 the Canadian Institute of Chartered Accountants (CICA) introduced the CICA Guidance on Control, a more management-oriented control model. It contains 20 control criteria in 4 groups:

  • Goal orientation - Purpose
  • Motivation - commitment
  • Skills - Capability
  • Adaptation - Monitoring & Learning

COSO Enterprise Risk Management - Integrated Framework

In 2004, COSO published an expansion of the COSO model to supplement risk management functions.

COSO Internal Control over Financial Reporting - Guidance for Smaller Public Companies

A guide to complement the COSO model published in 2006 to help smaller entities establish Internal Control over Financial Reporting ( ICOFR ).

Other models

  • Turnbull (UK)
  • King (RSA)
  • Vuinnot / Button (FR)

IT control models

The most common IT control model in practice is:

application

Private sector

Control models should be implemented by "companies of public interest" - according to the EU Commission in the draft directive COM (2004) 177 final.

Non-profit sector

Control models are used in large non-profit organizations, at least in the Anglo-Saxon region.

Public organizations

The use of control models is common in some countries; so z. B. Applications reported at the level of the European Court of Auditors (see EUROSAI ) and from Anglo-Saxon countries and Scandinavia. Working groups at INTOSAI , the OECD and the EU (e.g. PIFC, CHU) deal with the implementation.

See also

literature

  • Julia C. Helbeck: Internal Control System in Practice - An implementation guide for managing operational risks in business processes . Saarbrücken 2008, ISBN 978-3836468817 ; A practical example for the implementation of the COSO model.

Web links