How do you safeguard against risks like fraud in your nonprofit organization? A smart standard is to follow the Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control framework.
COSO first developed the internal control framework in 1992. In 2013, COSO revised the original 1992 internal control framework. It updated the descriptions of the core principles, making the internal control framework more relevant in the modern global business world.
Although COSO is a single entity, it has input from multiple sources. In fact, COSO comprises five private-sector organizations. These organizations aim to provide thought leadership by offering guidance on internal controls and risk management:
- American Accounting Association
- American Institute of Certified Public Accountants
- Financial Executives International
- The Institute of Internal Auditors
- The Institute of Management Accountants
[Related: Internal Control Spot Checks]
In sum, COSO created the framework to be a flexible method for developing, evaluating and implementing internal controls.
What exactly is internal control? COSO defines internal control as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”
Benefits of Internal Controls for Organizations
Internal control is a process designed to ensure the accuracy of an organization’s financial statements. Accountants design these controls to address the risks of deliberate or accidental misstatements on financial statements, and organizations consider them best practice.
The internal control framework gives organizations peace of mind — they know this streamlined process can mitigate financial risks.
This kind of framework can also help your organization anticipate and react properly to complex changes and risks, therefore decreasing disruption and increasing your business’s resilience.
[Related: Speed Reading Nonprofit Financial Statements]
Components of the Internal Control Framework
Five components of internal control represent the specific objectives of an acceptable internal control system. We’ll address each component below.
To minimize risk and make sure the entire organization follows best practices, you should establish enterprise-wide controls.
Who has final responsibility for internal controls? Ultimately, management should implement and enforce the COSO framework. This objective can help determine whether a company has a culture of compliance or of lax policies concerning internal controls.
Organizations encounter various factors — internal and external — that can become obstacles preventing them from reaching their goals. Risk assessments can help ensure they only take acceptable risks after identifying each risk as low or high.
The COSO framework makes sure all organizations carry out activities that benefit the company’s goals and comply with the internal control framework. These steps help remit risk across the organization.
Information and Communication
Communication is crucial and occurs daily in any organization. This framework provides guidelines to ensure everyone follows communications best practices.
These controls also prevent employees from sharing information outside the network. They also regulate what type of information employees share (and for what purpose).
You must monitor all activities regularly to make sure these controls work properly. Actions such as internal audits, financial reports and other regular evaluations help reduce the risk of fraud.
For reference, you can find a public copy of the 2013 COSO Internal Control Framework online.
Partner With Jacobson Jarvis for Financial Peace of Mind
Are you looking for more information on how to boost your nonprofit’s financial health? Jacobson Jarvis has over 30 years of experience in providing accounting expertise to nonprofits and charity organizations just like yours.