| | | |
| ECAR model |
COSO model |
| 1. Objectives of internal control |
|
Focus: a process.
Achievement of basic objectives and respect of rules in a process and information
for determining to what extent the aforementioned objectives have been attained.
Financial reporting is a process with basic objects just as any other process.
Control objectives are applied only to a process.
|
Focus: operations, financial reporting, compliance.
“Effectiveness and efficiency of operations, reliability of financial reporting,
compliance with applicable laws and regulations…
[Internal control] can help an entity get to where it wants to go,
and avoid pitfalls and surprises along the way” [26].
Control objectives are applied to all operations of an entity.
|
| 2. Control environment |
|
Focus: organizational culture.
The behavioural circumstances [within an organization] - actually in the minds of employees -
affecting achievement of internal control objectives,
including [e.g.] employees’ state, quality, and abilities of mind,
including personal integrity; and commitment to values and objectives of the organization.
|
Focus: management’s actions.
“Sets the tone of an organization,
influencing the control consciousness of its people.
Integrity, ethical values, and competence of its people;
the way management assigns authority and responsibility, and organizes and develops people
and the attention and direction provided by the board of directors” [26].
|
| 3. Controls |
|
Focus: deviation from objectives.
A procedure or a condition designed to keep performance or a state of affairs
within what is expected, allowed or accepted.
Controls protect process from deviating from the course towards objectives.
|
Focus: contribution to achievement of objectives.
[Control activities:] “Policies and procedures that help ensure management directives are carried out. They help ensure management actions are taken
to address risks to achievement of the entity’s objectives” [26].
|
| 4. Information and communication / Accounting systems |
|
Focus: comparative information.
Not an element of internal control but a means in building, developing and maintaining
elements of internal control.
Limited to providing information about "what is" or " "what happened" compared to
what "what should be" or "what should have happened".
Accounting systems can provide users with criteria; facts; and results of comparisons between criteria and facts.
|
Focus: Contribution to achievement of objectives.
[Control activities:] “Policies and procedures that help ensure management directives are carried out. They help ensure management actions are taken to address
risks to achievement of the entity’s objectives” [26].
|
| 5. Monitoring |
|
Focus: N/A (inherently in work).
Not an element of internal control.
Monitoring activities of COSO model are regarded as controls, overall management control and determination of risks.
|
Focus: a management job.
“Internal control need to be monitored - a process that assesses
the quality of the system’s performance over time.”
Monitoring takes place through management and supervisory activities and separate evaluations [26].
|
| 6. Determination of risks / Risk assessment |
|
Focus: a process’s risks of Internal control.
[Determination of risks:] identification, analysis and evaluation of risks
the same way as in case of systematic risk management,
but limited only to the risks and inefficiencies of the internal control itself.
|
Focus: all risks of an entity.
[Risk assessment:] “Every entity faces a variety of risks
from external and internal sources that must assessed…
Risk assessment is the identification of and analysis of relevant risks
to achievement of the objectives, forming a basis for determining
how the risks should be managed” [26].
|