COSO III - Internal Control (IC) Integrated Framework (2013) study guide mind map

Get Started. It's Free
or sign up with your email address
COSO III - Internal Control (IC) Integrated Framework (2013) study guide mind map by Mind Map: COSO III - Internal Control (IC) Integrated Framework (2013) study guide mind map

1. see also COSO ERM-IF mind map

2. COSO III IC-IF Cube (2013)

2.1. A direct relationship exists between objectives, components, and the entity structure which can be depicted in the form of a cube.

2.1.1. The objectives are represented by the columns.

2.1.2. The components are represented by the rows.

2.1.3. The entity structure is represented by the third dimension of the cube

3. Components (5) (front side)

3.1. What is it?

3.1.1. Represent what is required to achieve objectives.

3.2. Control Environment

3.2.1. Principles 1. Demonstrates Commitment to Integrity and Ethical Values 2. Exercises Oversight Responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates Commitment to Competence 5. Enforces Accountability

3.3. Risk Assessment

3.3.1. Principles 6. Specify Suitable Objectives 7. Identify and Analyze Risks 8. Assess Fraud Risk 9. Identify and Analyze Significant Change

3.4. Control Activities

3.4.1. Principles 10. Selects and Develops Control Activities 11. Selects and Develops General Controls over Technology 12. Deploys through Policies and Procedures

3.5. Information and Communication

3.5.1. Principles 13. Uses Relevant, Quality Information 14. Communicates Internally 15. Communicates Externally

3.6. Monitoring Activities

3.6.1. Principles 16. Selects, develops and performs evaluations to determine if components of IC are present and functioning 17. Evaluates and communicates IC deficiencies

4. Objectives categories (3) (top side)

4.1. What is it?

4.1.1. Are what an entity desires to achieve.

4.2. Objectives

4.2.1. “Internal control is a process effected by an entities board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.”

4.3. Operations

4.4. Reporting

4.5. Compliance

5. Entity Structure: / Entity and units (4) (right side)

5.1. What is it?

5.1.1. Represent the operating units, legal entities and other structures

6. Interactive Glossary

6.1. Interactive COSO IS-IF Glossary

6.2. download COSO IS-IF Glossary

7. Basic Definitions (according to COSO)

7.1. Enterprise Risk Management (ERM)

7.1.1. Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

7.1.2. Is a process Enterprise risk management is not one event or circumstance, but a series of actions that permeate an entity's activities.

7.1.3. Is effected by people Enterprise risk management is effected by a board of directors, management and other personnel. It is accomplished by the people of an organization, by what they do and say.

7.1.4. Is applied in strategy setting An entity sets out its mission or vision and establishes strategic objectives, which are the high-level goals that align with and support its vision or mission.

7.1.5. Is applied across the enterprise To successfully apply enterprise risk management, an entity must consider its entire scope of activities. Enterprise risk management considers activities at all levels of the organization, from enterprise-level activities such as strategic planning and resource allocation, to business unit activities such as marketing and human resources, to business processes such as production and new customer credit review.

7.1.6. Is designed to identify events potentially affecting the entity and manage risk within its risk appetite Risk appetite is directly related to an entity’s strategy. It is considered in strategy setting, where the desired return from a strategy should be aligned with the entity’s risk appetite. Different strategies will expose the entity to different risks. Enterprise risk management, applied in strategy setting, helps management select a strategy consistent with the entity’s risk appetite.

7.1.7. Provides reasonable assurance Well-designed and operated enterprise risk management can provide management and the board of directors reasonable assurance regarding achievement of an entity's objectives. They understand the extent to which the entity’s strategic objectives are being achieved. They understand the extent to which the entity's operations objectives are being achieved. The entity’s reporting is reliable. Applicable laws and regulations are being complied with.

7.1.8. Is geared to the achievement of objectives Effective enterprise risk management can be expected to provide reasonable assurance of achieving objectives relating to the reliability of reporting and to compliance with laws and regulations. Achievement of those categories of objectives is within the entity’s control and depends on how well the entity’s related activities are performed.

7.2. Risk Appetite

7.2.1. Risk appetite is the amount of risk an entity is willing to accept in pursuit of value. Entities often consider risk appetite qualitatively, with such categories as high, moderate or low, or they may take a quantitative approach, reflecting and balancing goals for growth, return and risk.

7.2.2. Risk appetite is directly related to an entity’s strategy. It is considered in strategy setting, where the desired return from a strategy should be aligned with the entity’s risk appetite.

7.3. Risk Culture

7.3.1. Risk culture is the set of shared attitudes, values and practices that characterize how an entity considers risk in its day-to-day activities. For many companies, the risk culture flows from the entity’s risk philosophy and risk appetite. For those entities that do not explicitly define their risk philosophy, the risk culture may form haphazardly, resulting in significantly different risk cultures within an enterprise or even within a particular business unit, function or department.

7.4. Risk Subcultures

7.4.1. Individual business units, functions and departments will have slightly different risk cultures. Managers of some are prepared to take more risk, while others are more conservative, and these different cultures sometimes work at cross-purposes.

8. This freeware, non-commercial mind map (aligned with the newest version of COSO IC IF) was carefully hand crafted with passion and love for learning and constant improvement as well for promotion the standard and framework COSO IC IF and as a learning tool for candidates wanting to gain COSO IC IF knowledge. (please share, like and give feedback - your feedback and comments are my main motivation for further elaboration. THX!)

8.1. Questions / issues / errors? What do you think about my work? Your comments are highly appreciated. Feel free to visit my website:






8.1.6. miroslaw_dabrowski