Your Ask Joey ™ Answer

What are the objectives of COSO?

COSO can be divided into three key objectives: Operations, reporting, and compliance. These objectives fully support the goal of the internal control framework.

Reporting objectives – Objectives pertaining to internal and external financial and non-financial reporting which may encompass reliability, timeliness, transparency, or other terms set by regulators, standards, or entity’s policies.

Operating objectives – Objectives pertaining to effectiveness and efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding assets against loss.

Compliance objectives – Objectives pertaining to adherence to laws and regulations applicable to the entity.


Back To All Questions

You might also be interested in...

  • What are the components of the COSO ERM framework?

    The COSO Enterprise Risk Management (ERM) framework applies a risk-based approach as opposed to a control-based approach. The overall objective of the ERM framework is to attain reasonable assurance that the company objectives and goals are achieved, and that the company meets performance expectations. The main components of ERM include governance and culture, review and revision, information and communication, strategy and objective-setting, and performance:

  • What are the key components of the COSO internal control framework?

    Just remember it would be a CRIME to forget the 5 components. The 5 components of the COSO internal control framework include control environment, risk assessment, information & communication, monitoring, and existing control activities.

  • What is the information, communication, and reporting principal of the COSO ERM framework?

    Information, communication, and reporting is one of the key components of the COSO ERM framework. Enterprise risk management requires a continual process of obtaining and sharing necessary information, from both internal and external sources, which flows up, down, and across the organization. The organization is in search of capturing, processing, managing, and communicating both timely and relevant information to identify risks that could affect strategy and business objectives.  The 3 principles relate to information, communication, and reporting: Leverages Information Systems—The organization leverages the entity’s information and technology systems to support enterprise risk management. Communicates Risk Information—The organization uses communication channels to support enterprise risk management. Reports on Risk, Culture, and Performance—The organization reports on risk, culture, and performance at multiple levels and across the entity.