COSO internal framework and internal auditing
The COSO Internal Control Integrated Framework impacts internal auditing in two important ways. First, it provides a context for the internal auditing activity by including it as part of the “Monitoring” component of the framework.
The integrated framework states that internal auditing is a periodic monitoring technique. Second, the framework provides a foundation on which to plan, execute and report on the results of the internal audit plan. The framework:
• Provides authoritative criteria for documenting, evaluating, testing and improving internal control.
• Supports training of internal auditors, management and process owners as to the components and attributes of internal control.
• Facilitates the articulation of the scope of the internal audit plan.
• Provides a common language for use during presentations at all levels of the organization.
• Provides a stepping-stone for implementing the enterprise risk management framework released in September 2004.
Now that Community of sponsoring organisation is recognized as the framework of choice for purposes of management complying with Section 404 of Sarbanes-Oxley, most internal auditors are likely to adopt it for their use. Many internal audit departments already have adopted this framework and have found it to be an effective internal control model.
Coso framework is closely related to internal audit