COSO Committee of Sponsoring Organizations of the Treadway Commission
Committee of Sponsoring Organizations of the Treadway Commission
Internal control is effected by personnel internal to the organization, including the board of directors or equivalent oversight body and its committees, management and personnel, business-enabling functions, and internal auditors. Collectively, they contribute to providing reasonable assurance that specified objectives are achieved. When outsourced service providers perform controls on behalf of the entity, management retains responsibility for those controls.
An organization may view internal control through three lines of defense:
-
Management and other personnel on the front line provide the first line of defense as they are responsible for maintaining effective internal control day to day; they are compensated based on performance in relation to all applicable objectives.
-
Business-enabling functions such as risk, control, legal, and compliance provide the second line of defense as they clarify internal control requirements and evaluate adherence to defined standards. While they are functionally aligned to the business, their compensation is not directly tied to performance of the area to which they render expert advice.
-
Internal auditors provide the third line of defense as they assess and report on internal control and recommend corrective actions or enhancements for management to consider and implement; their position and compensation are separate and distinct from the business areas they review.
| Generated November 9, 2014 22:46:48 |