COSO Committee of Sponsoring Organizations of the Treadway Commission
Committee of Sponsoring Organizations of the Treadway Commission
A precondition to risk assessment is the establishment of objectives, linked at various levels of the entity. These objectives align with and support the entity in the pursuit of its strategic direction. While setting strategies and objectives is not part of the internal control process, objectives form the basis on which risk assessment approaches are implemented and performed and subsequent control activities are established. As part of internal control, management specifies objectives and groups them within broad categories at all levels of the entity, relating to operations, reporting, and compliance. The grouping of objectives within these categories allows for the risks to the achievement of those objectives to be identified and assessed.
In affirming the suitability of objectives, management may consider such matters as:
-
Alignment of established objectives with strategic priorities
-
Articulation of risk tolerances for objectives
-
Alignment between established objectives and established laws, rules, regulations, and standards applicable to the entity
-
Articulation of objectives using terms that are specific, measurable or observable, attainable, relevant, and time-bound
-
Cascading of objectives across the entity and its subunits
-
Alignment of objectives to other circumstances that require specific focus by the entity
-
Affirmation of suitable objectives within the objective-setting process before those objectives are used as the basis for risk assessments
Where objectives within these categories are unclear, where it is unclear how these objectives support the strategic direction, where there are concerns that the objectives are not suitable based on the facts, circumstances, and established laws, rules, regulations, and standards applicable to the entity, or where the organization would be basing its risk assessment on understood but unapproved objectives, management communicates this concern for input to the strategy-setting and objective-setting process.
Operations objectives reflect management choices within the particular business, industry, and economic environments in which the entity functions. For instance, a municipal government sets out several operations objectives, each supported by initiatives and criteria. Among its objectives are to, for example:
-
Implement five public engagement activities for greenhouse gas reductions within the next twelve months
-
Increase seatbelt use by 30%, reduce speeding by 10% in general and 20% in school zones, and reduce intersection encroachment by 25%
-
Implement water rates relative to industrial and residential consumption patterns within five years
A for-profit entity may set operations objectives that focus on the efficient uses of resources. For instance, a larger retailer has among its objectives to:
-
Provide customers with a broad range of merchandise at prices consistently lower than its competitors
-
Increase inventory turnover ratio to twelve times per year within the next two quarters
-
Lower its CO2 emissions by 5% and reduce and recycle packaging material by 10% over the next year
As part of operations objectives, management also specifies risk tolerance set during the objective-setting process. For operations objectives, risk tolerance may be expressed in relation to the acceptable level of variation relative to the objective.
A clear set of operations objectives provides a clear focus on which the entity will commit substantial resources needed to attain desired performance goals. These include goals relating to financial performance, which pertain to all types of entities. A for-profit entity may focus on revenue, profitability, liquidity, or some other measure, while a not-for-profit or governmental agency may have less financial emphasis overall, but still pursue goals relating to revenue, liquidity, and spending. If an entity's operations objectives are not clear or well conceived, its resources may be misdirected.
Reporting objectives pertain to the preparation of reports that encompass reliability, timeliness, transparency, or other terms as set forth by regulators, standard-setting bodies, or by the entity's policies. This category includes external financial reporting, external non-financial reporting, internal financial reporting, and internal non-financial reporting. External reporting objectives are driven primarily by laws, rules, regulations, and standards established by governments, regulators, standard-setting bodies, and accounting bodies. Internal reporting objectives are driven by the entity's strategic directions, and by reporting requirements and expectations established by management and the board of directors.
Entities need to achieve financial reporting objectives to meet external obligations. Published financial statements and financial information are necessary for accessing capital markets and may be critical to the awarding of contracts or to dealing with suppliers. Investors, analysts, and creditors may use financial statements and other financial information to assess the entity's performance and to compare it with peers and alternative investments.
Financial reporting objectives are consistent with accounting principles suitable and available for that entity and appropriate in the circumstances. External financial reporting objectives address the preparation of financial statements for external purposes, including published financial statements, other financial statements and reports, and other forms of external financial reporting derived from an entity's financial or management accounting books and records.
-
Financial statements for external purposes are prepared in accordance with applicable accounting standards, rules, and regulations. These financial statements may include annual and interim financial statements, condensed financial statements, and selected financial information derived from such statements. These statements may, for instance, be publicly filed with a regulator, distributed through annual meetings, posted to an entity's website, or distributed through other electronic media.
-
Other financial statements and reports may be prepared in accordance with other basis of accounting and are typically driven by taxing authorities, governmental agencies, or by requirements established through contracts and agreements. Financial statements and reports may be distributed to specified external users (e.g., reporting to a bank on financial covenants established in a loan agreement, to a taxing authority in connection with filing tax returns, to a funding agency by a not-for-profit entity where such statements are not made public).
-
Other external financial reporting derived from an entity's financial and management accounting books and records rather than from financial statements for external purposes may include earnings releases, selected financial information posted to an entity's website, and selected amounts reported in regulatory filings. External financial reporting objectives relating to such other financial information may not be driven directly by standard setters and regulators, but are typically expected by stakeholders to align with such standards and regulations.
External financial reporting reflects transactions and events to show the qualitative characteristics and assertions that underlie financial statements established by the respective accounting standard setters. There are many sources of such characteristics and assertions relating to financial reporting.
External financial statements may be considered in terms of fundamental characteristics and enhancing characteristics. fn 11 fn 12
Fundamental characteristics refer to relevance and faithful representation, as follows:
-
Relevance—information that is capable of making a difference in user decisions
-
Faithful Representation—information that is complete, neutral, and free from error
Enhancing characteristics refer to comparability, verifiability, timeliness, and understandability, as follows:
-
Comparability—information that can be compared with similar information about other entities and with similar information about the same entity for another period or another date
-
Verifiability—different knowledgeable and independent observers reaching consensus, although not necessarily complete agreement, that a particular depiction is a faithful representation
-
Timeliness—having information available to decision-makers in time to be of use
-
Understandability—information that is classified, characterized, and presented clearly and concisely
Inherent in relevance is the concept of "financial statement materiality." Materiality sets the threshold for determining whether a financial amount is relevant. Information is material if its omission or misstatement could influence the decisions of users taken on the basis of the financial reporting. Materiality depends on the size of the item or error judged in the particular circumstances of its omission or misstatement. With external financial reporting, materiality reflects the required level of precision and accuracy suitable for external users’ needs and presents the underlying entity activities, transactions, and events within the range of acceptable limits. fn 13
Reliability is another frequently used qualitative characteristic associated with external financial reporting objectives. Reliability involves preparing external financial statements that are free of material error and bias. Reliability is also necessary for the information to faithfully represent the transactions or other events it purports to represent. External reporting also reflects the required level of precision and accuracy suitable for internal needs and the underlying entity activities, presenting transactions, and events within a range of acceptable limits.
The qualitative characteristics noted above are applied along with suitable accounting standards and financial statement assertions. These assertions typically fall into the categories relating to:
-
Classes of transactions and events for the period
-
Account balances at the period end
-
Presentation and disclosure
Management may report information externally consistent with laws, rules, regulations, non-financial standards or frameworks. For example, where management seeks to manage its impact on sustainable development, it may prepare and publish a sustainability report that provides information about economic, environmental, and social performance. Another entity may apply chain-of-custody standards through which its products are distributed from their origin in the forest to their end use. The entity attains an annual certification that demonstrates its responsible production and consumption of forest products and publicly reports this information.
Non-financial reporting, as with financial reporting:
-
Classifies and summarizes information in a reasonable manner and at the appropriate level of detail so that it is neither too detailed nor too condensed
-
Reflects the underlying entity activities
-
Presents transactions and events within the required level of precision and accuracy suitable for user needs
-
Uses criteria established by the third parties and as set out in external standards or frameworks, as appropriate
Reliable internal reporting, including balanced scorecards and performance dashboards, provides management with accurate and complete information needed to manage the organization. It supports management's decision making and monitoring of the entity's activities and performance. Examples of internal reports include results of marketing programs, daily sales flash reports, production quality, and employee and customer satisfaction results. Internal reporting objectives are based on preferences, judgment, and management style.
Internal reporting objectives vary among entities because different organizations have different goals, strategic directions, and levels of risk tolerance. As with external reporting, internal reporting reflects the required level of precision and accuracy suitable for internal needs and the underlying entity activities, presenting transactions and events within a range of acceptable limits.
Many organizations will apply external standards to assist in managing their operations. Such standards may relate to the control over technology, human resource management, or records management. However, as standards that apply to external reporting may not apply to internal reporting, management may choose to set different levels of acceptable variation for external and internal reporting.
As with other types of reporting, internal reporting:
-
Uses criteria established by the third parties and as set out in external standards or frameworks, as appropriate
-
Classifies and summarizes information in a reasonable manner and at the appropriate level of detail so that it is neither too detailed nor too condensed
-
Reflects the underlying entity activities
-
Presents transactions and events within the required level of precision and accuracy suitable for user needs
Laws and regulations establish minimum standards of conduct that the entity integrates into its compliance objectives. For example, occupational safety and health regulations might cause an entity to define its objective as "package and label all chemicals in accordance with regulations." Policies and procedures would then deal with communications programs, site inspections, and training relating to the entity's compliance objectives. And, similar to external reporting objectives, management considers the acceptable levels of variation in performance within the context of complying with laws and regulations. Such laws and regulations may cause management to set lower levels of acceptable variation to remain in compliance with those laws and regulations.
Entities must conduct their activities, and often take specific actions, in accordance with applicable laws and regulations. As part of specifying compliance objectives, the organization needs to understand which laws and regulations apply across the entity. Many laws and regulations are generally well known, such as those relating to reporting on anti-bribery, fair labor practices, and environmental compliance, but others may not be as well known to the organization, such as those that apply to operations in a foreign territory.
Many laws and regulations depend on external factors and tend to be similar across all entities in some cases and across an industry in others. These requirements may relate, for example, to markets, pricing, taxes, the environment, employee welfare, or international trade. Many entities will establish objectives such as:
-
Preventing and detecting criminal conduct and other wrongdoing
-
Preparing and filing tax returns prior to the filing deadlines and in accordance with regulatory requirements
-
Labeling nutritional information on food packaging in accordance with applicable guidelines
-
Operating a vehicle fleet within maximum emission control requirements
fn 11 Derived from International Financial Reporting Standards.
fn 12 Some jurisdictions may describe financial statement assertions using terms such as "existence or occurrence," "completeness, valuation or allocation," "rights and obligations," and "presentation and disclosure."
fn 13 Derived from International Financial Reporting Standards. Some jurisdictions may use different descriptions of financial statement materiality.
| Generated November 9, 2014 22:46:48 |