10-03-2009, 11:58 PM
dotkom
COCO and COSO have already been discussed. I quote below a link that provides detailed insight about the different between the two
http//www.gov.ns.ca/nsmfc/documents/EnhancingManagementInvolvementwithInternalControl_000.pdf
There relevant paragraphs copied from above freely available link are as under
QUOTE
Comparison of COCO to COSO
There are three main differences between the American COSO and Canadian COCO framework on internal controls. The differences between the two internal control frameworks can be found in the definition and the scope, the underlying concepts, the judgment of effectiveness.
Definition and Scope
COSO defines internal control as a process, effected by a municipalityâs councilors, managers, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories
⢠Effectiveness and efficiency of operations
⢠Reliability of financial reporting
⢠Compliance with applicable laws and regulations.
COCO defines control as the elements of a municipality (including its resources, systems, processes, culture, structure, and tasks) that, taken together, support people in the achievement of the municipalityâs objectives. It defines three categories of objectives
⢠Effectiveness and efficiency of operations
⢠Reliability of internal and external reporting
⢠Compliance with applicable laws and regulations and internal policies.
Consistent with its definition, COCO includes the scope of control some particular aspects of management that COSO excludes objective setting, strategic planning and risk management, and corrective actions. COCO does exclude decision making from the scope of control.
Underlying Concepts
COCO is explicit about some concepts that are not addressed in COSO. These are
(a) Control includes the identification and mitigation of the risk failure to maintain the municipalityâs capacity to identify and exploit opportunities.
(b) Control includes the identification and mitigation of the risk of failure to maintain the municipalityâs resilience â its capacity to respond and adapt to unexpected risks and opportunities, and to make decisions on the basis of telltale indications in the absence of definitive information.
(c) COCO includes two criteria not explicitly addressed in COSO. They relate to mutual trust between people and the periodic challenge of assumptions. In addition, the concept of monitoring in this COCO guidance includes monitoring of the operating performance of the municipality. COSOâs discussion of monitoring could be interpreted as focused on monitoring of specific control activities.
The Judgment of Effectiveness
COSO addresses this as follows
âInternal control can be judged effective in each of the three categories, respectively, if the board of directors and management have reasonable assurance that
⢠They understand the extent to which the municipalityâs operations objectives are being achieved.
⢠Published financial statements are being prepared reliably.
⢠Compliance with applicable laws and regulations.
Determining whether a particular internal control system is effective is a subjective judgment resulting from an assessment of whether five components (control environment, risk assessment, control activities, information and communication, and monitoring) are present and functioning effectively. Their effective functioning provides the reasonable assurance regarding the achievement of one or more of the stated categories of objectives. Thus, these components are also criteria for effective internal control.
COCO differs in three important respects
(a) The judgment of effectiveness is made in relation to a specific objective, not a category of objectives.
(b) COCO asks that an assessment of the effectiveness of control be made against twenty specific criteria. COSO asks that assessment be made for each of five components, and provides illustrative issues to consider for each component.
All of COSOâs issues to consider are addressed directly or indirectly within the COCO document, except perhaps the following
⢠Receptivity of management to employee suggestions of ways to enhance productivity, quality, or other similar improvements.
⢠Extent to which personnel, in carrying out their regular activities, obtain evidence as to whether the system of internal controls continues to function.
⢠Extent to which outside parties have been made aware of the entityâs ethical standards.
⢠Extent to which training seminars, planning sessions, and other meetings provide feedback to management on whether controls operate effectively.
⢠Appropriateness of the level of documentation (of an evaluation).
(c) COCO includes the following definition of effective control
Control is what makes a municipality reliable in achieving its objectives. Control is effective to the extent that it provides reasonable assurance that the municipality will achieve its objectives.
UNQUOTE
I hope this will also benefit you.
Regards,
KAMRAN.
COCO and COSO have already been discussed. I quote below a link that provides detailed insight about the different between the two
http//www.gov.ns.ca/nsmfc/documents/EnhancingManagementInvolvementwithInternalControl_000.pdf
There relevant paragraphs copied from above freely available link are as under
QUOTE
Comparison of COCO to COSO
There are three main differences between the American COSO and Canadian COCO framework on internal controls. The differences between the two internal control frameworks can be found in the definition and the scope, the underlying concepts, the judgment of effectiveness.
Definition and Scope
COSO defines internal control as a process, effected by a municipalityâs councilors, managers, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories
⢠Effectiveness and efficiency of operations
⢠Reliability of financial reporting
⢠Compliance with applicable laws and regulations.
COCO defines control as the elements of a municipality (including its resources, systems, processes, culture, structure, and tasks) that, taken together, support people in the achievement of the municipalityâs objectives. It defines three categories of objectives
⢠Effectiveness and efficiency of operations
⢠Reliability of internal and external reporting
⢠Compliance with applicable laws and regulations and internal policies.
Consistent with its definition, COCO includes the scope of control some particular aspects of management that COSO excludes objective setting, strategic planning and risk management, and corrective actions. COCO does exclude decision making from the scope of control.
Underlying Concepts
COCO is explicit about some concepts that are not addressed in COSO. These are
(a) Control includes the identification and mitigation of the risk failure to maintain the municipalityâs capacity to identify and exploit opportunities.
(b) Control includes the identification and mitigation of the risk of failure to maintain the municipalityâs resilience â its capacity to respond and adapt to unexpected risks and opportunities, and to make decisions on the basis of telltale indications in the absence of definitive information.
(c) COCO includes two criteria not explicitly addressed in COSO. They relate to mutual trust between people and the periodic challenge of assumptions. In addition, the concept of monitoring in this COCO guidance includes monitoring of the operating performance of the municipality. COSOâs discussion of monitoring could be interpreted as focused on monitoring of specific control activities.
The Judgment of Effectiveness
COSO addresses this as follows
âInternal control can be judged effective in each of the three categories, respectively, if the board of directors and management have reasonable assurance that
⢠They understand the extent to which the municipalityâs operations objectives are being achieved.
⢠Published financial statements are being prepared reliably.
⢠Compliance with applicable laws and regulations.
Determining whether a particular internal control system is effective is a subjective judgment resulting from an assessment of whether five components (control environment, risk assessment, control activities, information and communication, and monitoring) are present and functioning effectively. Their effective functioning provides the reasonable assurance regarding the achievement of one or more of the stated categories of objectives. Thus, these components are also criteria for effective internal control.
COCO differs in three important respects
(a) The judgment of effectiveness is made in relation to a specific objective, not a category of objectives.
(b) COCO asks that an assessment of the effectiveness of control be made against twenty specific criteria. COSO asks that assessment be made for each of five components, and provides illustrative issues to consider for each component.
All of COSOâs issues to consider are addressed directly or indirectly within the COCO document, except perhaps the following
⢠Receptivity of management to employee suggestions of ways to enhance productivity, quality, or other similar improvements.
⢠Extent to which personnel, in carrying out their regular activities, obtain evidence as to whether the system of internal controls continues to function.
⢠Extent to which outside parties have been made aware of the entityâs ethical standards.
⢠Extent to which training seminars, planning sessions, and other meetings provide feedback to management on whether controls operate effectively.
⢠Appropriateness of the level of documentation (of an evaluation).
(c) COCO includes the following definition of effective control
Control is what makes a municipality reliable in achieving its objectives. Control is effective to the extent that it provides reasonable assurance that the municipality will achieve its objectives.
UNQUOTE
I hope this will also benefit you.
Regards,
KAMRAN.
