Beruflich Dokumente
Kultur Dokumente
COSOFramework
fraudriskassessments
Fraud Investigation & Dispute Services
Updated 2013 COSO Framework
fraud risk assessments
In May 2013, the Committee of Sponsoring Organizations of the
Treadway Commission (COSO) issued its updated framework for the What is not changing What is changing
design, implementation and conduct of systems of internal controls
and the assessment of their effectiveness. The new framework takes Core definition of internal Changes in business and
much of the structure of the original framework issued in 1992 control operating environments
and highlights new areas of focus and concern. COSO has updated Three categories of considered
the framework to address the numerous changes in business and objectives and five Operations and reporting
operating environments, including: components of internal objectives expanded
control Fundamental concepts
Expectations for governance oversight
Each of the five underlying five
Globalization of markets and operations
components of internal components articulated
Changes and greater complexities of business
control is required as principles
Demands and complexities in laws, rules, regulations and standards
Important role of Additional approaches
Expectations for competencies and accountabilities judgment in designing, and examples relevant
Use of, and reliance on, evolving technologies implementing and tooperations, compliance
Expectations relating to preventing and detecting fraud conducting internal and non financial
control and assessing its reporting objectives
The 2013 Framework, effective December 15, 2014, places emphasis effectiveness added
on fraud risks and compliance and will be the new standard for
assessing the effectiveness of internal controls as part ofFY14 audits.
Control environment
1. Demonstrates commitment to integrity
andethicalvalues
Principle 8 The organization considers the
2. Exercises oversight responsibility potential for fraud in assessing risks to the
3. Establishes structure, authority and achievement of objectives.
responsibility
4. Demonstrates commitment to competence Fraud risks are considered in the context that individuals
5. Enforces accountability
or entitiesmay act outside of the organizations expected
standards ofethical conduct.
6. Specifies suitable objectives
Risk assessment General risks under Principle 7 are considered in the context
7. Identifies and analyzes risk
of management, employees and third parties adhering to the
8. Assesses fraud risk
entitys expected standards of ethical conduct.
9. Identifies and analyzes significant change
Fraud risk assessments are now considered distinct from
10. Selects and develops control activities general risk assessments. Because fraud risk is a separate
Control activities
11. Selects and develops general controls principle, an otherwise robust and well-functioning enterprise
overtechnology risk assessment process that does not adequately consider
12. Deploys through policies and procedures fraud will likely not allow the organization to fully comply with
the updated 2013 COSO Framework.
Information and 13. Uses relevant information
communication 14. Communicates internally
15. Communicates externally
The assessment incorporates a multilevel approach to fully assess the companys risk of fraud.
Ernst & Young LLP is a client-serving member firm of Ernst & Young Global
Limited operating in the US.
This material has been prepared for general informational purposes only and is not intended to be relied
upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.
ey.com