1.

Perbandingan antara COSO 1992 dan COSO 2013

What is not changing

1. Core definition of internal control

2. Three categories of objectives and five components of internal
control
3. Effective internal control requires each of the five components
4. Use of judgment remain important on designing, implementing
and conducting internal control and in assessing effectives

COSO 1992

What is changing
1. Expansion of the scope of reporting objectives beyond financial
information
2. Changes in business and operating environment are considered
3. Formalization of fundamental concept introduced in the
original framework into seventeen principles
4. Points of focus that highlight important characteristics of the
principles included
5. Additional approaches and examples added
6. Explicit consideration of outsourcedservice providers and other
third parties affecting internal control
7. Explicit consideration of the potential for fraud in risk
assessment
8. Specific principle related to IT
COSO 2013

Persamaan
Struktur pengendalian intern meliputi organisasi serta semua metode dan ketentuan yang terkordinasikan yang dianut dalam
Definisi

suatu perusahaan untuk melindungi harta miliknya, mengecek kecermatan dan keandalan data akuntansi, meningkatkan
efisiensi usaha dan mendorong ditaatinya kebijakan manajemen yang telah digariskan - menurut Ikatan Akuntan Indonesia-

a) Efektifitas dan efisiensi operasional

Tujuan
b) Reliabilitas pelaporan keuangan
c) Kepatuhan atas hukum dan peraturan yang berlaku
Komponen
a) Monitor
b) Information and Communication
c) Control Activities
d) Risk Assessment

e) Control Environment

Perbedaan
Latar Belakang
Ruang Lingkup
Komponen

Semakin maraknya fraud dan korupsi di Amerika pada

tahun 1970-an
Monitor
1. On-going Monitoring
2. Separate Evaluations
3. Reporting Deficiencies
Information and Communication
4. Quality of Information
5. Effectiveness of Communication
Control Activities
6. Policies and Procedures
7. Business Continuity / Backups
8. Security (Application and Network)
9. Application Change Management
10. Outsourcing
Risk Assessment
11. Company-wide Objectives
12. Process-level Objectives
13. Risk Identification and Analysis
14. Managing Change
Control Environment
15. Integrity and Ethical Values
16. Commitment to Competence
17. Board of Directors and Audit Committee

Penyesuaian terhadap perubahan lingkungan dan operasi

bisnis yang terjadi selama dua puluh tahun terakhir
Monitor
1. Conducts ongoing and/or separate evaluations
2. Evaluates and communicates deficiencies
Information and Communication
3. Uses relevant information
4. Communicates internally
5. Communicates externally
Control Activities
6. Selects and develops control activies
7. Selects and develops general controls over technology
8. Deploys through policies and procedures
Risk Assessment
9. 9. Specifies suitable objectives
10. Identifies and analyzes risk
11. Assesses fraud risk
12. Identifies and analyzes significant change
Control Environment
13. Demonstrates commitment to integrity and ethical values
14. Exercises oversight responsibility
15. establishes structure, autority, and responsibility
16. Demonstrates commitment to competence
17. Enforces accountability

18. Managements Philosophy and Operating Style

19. Assignment of Authority and Responsibility
20. Organizational Structure
2. Carilah contoh aplikasi pengendalian internal atas laporan keuangan untuk setiap Sistem Pengendalian Internal.
Monitor
a.
Keseluruhan proses harus diawasi, sehingga sistem pengendalian internal dapat berjalan sesuai dengan apa yang direncanakan.
b.
Pemantauan terhadap pelaksanaan operasional
c.
Melakukan review terhadap keandalan dari kegiatan operasional perusahaan
Information and Communication
a.
Dokumentasi transaksi dengan menggunakan peralatan sistem .
b.
Penyediakan dan menyajikan laporan keuangan.
c.
Melaporkan dan mengkomunikasikan laporon keuangan kepada pemangku kepentingan.
Control Activities
1. Ketepatan otorisasi transaksi. Klasifikasi otorisasi:
a. Otorisasi khusus
b. Otorisasi umum
2. Pemisahan fungsi, mencakup fungsi:
a.
Otorisasi
b.
Pencatatan (recording)
c.
Penyimpanan (custody)
3. Penggunaan teknologi untuk mengintegrasikan dan mengendalikan beberapa fungsi penting
Risk Assessment
a. Memprakirakan risiko dan kerugian (estimate risk and exposure).
b. Mengidentifikasi alternatif sistem pengendalian.
c. Mempertimbangkan hubungan biaya dan manfaat.
Control Environment
a. Struktur ogranisasi, untuk mempertegas garis otoritas dan tanggungjawab, memberikan pedoman untuk perencanaan, pengarahan,
dan pengendalian operasi
b. Metode penetapan otoritas dan tanggungjawab
c. Kebijakan dalam bidang sumber daya manusia (SDM)

Referensi :
http://www.sox-online.com/coso_cobit_coso_framework.html
http://www.iasplus.com/en/publications/us/heads-up/2013/coso/file
http://wps.pearsoned.co.uk/ema_ge_romney_ais_12/194/49669/12715301.cw/index.html