Updated COSO internal control framework has implications for entire University
Recently, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) updated its internal control standards, which form the backbone of internal control frameworks in organizations worldwide. North Carolina has adopted the COSO standards across all government agencies and universities, which has implications for all UNC Charlotte employees.
“An effective internal control framework, properly installed and administered, sets in place rules and procedures that ensure our University goals and objectives are met, our policies and standards are followed and inappropriate activity is identified and reported for correction in a timely manner,” said Tom York, director of internal audit. “We all have a role to play in implementing internal controls, and we all are impacted when controls break down. By improving our awareness of the elements that make up the framework, we can take the steps needed to strengthen our operations from top to bottom, while becoming more efficient and effective along the way.”
The University’s annual evaluation of its internal control structure is performed by the Controller’s Office; the results are reported to UNC General Administration, which forwards the system’s assessment to the N.C. General Assembly as part of a yearly report on the state of internal controls within all state agencies.
There are five major components to the COSO internal control standard: control environment, risk assessment, control activities, information and communication and monitoring.
The Internal Audit Department, in a series of short articles for Inside UNC Charlotte, will outline each component of the COSO internal control framework and what the significance of each is for employees.
This week introduces control environment.
The control environment is the set of standards, processes and structures that provide the basis for carrying out internal control across the organization. Key elements of the environment are “soft” or “people-focused” controls, often referred to as “Tone at the Top” or more precisely, “Tone from the Top.”
The University’s board of trustees and senior management establish the “Tone from the Top” regarding the importance of internal controls, including expected standards of conduct. Management reinforces these expectations at the various levels of the organization.
The control environment comprises the integrity and ethical values of the organization; the bylaws that describe how the board of trustees carries out its governance and oversight responsibilities; the organizational structure and assignment of authority and responsibilities throughout the university; the processes for attracting, developing and retaining competent individuals; and the rigor around performance measures, incentives and rewards to drive accountability for performance.
At the department level, the department head establishes the tone through the manner in which policy changes are announced, how financial reporting is handled and communicated, and how university standards are discussed and enforced. The resulting control environment has a pervasive impact on the overall system of internal control.
Future Inside UNC Charlotte articles will expand on the remaining layers of the internal controls framework. Employees who have questions about the article or who want to talk about how the framework applies to their department should call the Internal Audit Department at 704-687-5693 or email Internal_Audit@uncc.edu.