In 1992, the Committee of Sponsoring Organizations
(COSO) published a report defining internal controls and the criteria for determining the effectiveness of an internal controls system. The committee included members of the
American Institute of Certified Public Accountants, the
Institute of Internal Auditors, the Financial Executives Institute, the American Accounting Association; and the Institute of Management Accountants. Like the
IIA, COSO established a broad definition of internal controls as:
A process, effected by an entity’s board of directors, management
and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives in the
effectiveness and efficiency of operations;
reliability of financial reporting;
compliance with applicable laws and regulations.
The COSO report also states that management is primarily responsible for internal control, but everyone in the organization shares responsibility. The internal auditor’s role is to help higher management monitor the system, making it aware of the strengths and weaknesses of internal control.