COSO
COSO in its 2004 version called Enterprise Risk Management contains the main guidelines for the implementation, management and control of a control system. Further it transmits the need for effort involving the whole organization.
COSO is divided into five basic components shown below:
1) Control Environment: It is a set of rules, processes and structures that creates the basis for establishing the internal control of the organization. The control environment is the component that makes the basis for the rest of the five components of COSO. It also provides discipline and structure for the organization.
2) Risk Assessment: Based on a dynamic and interactive process to identify and analyze the risks to achieving the objectives of the organization.
3) Control Activities: These are the activities for policies to help mitigate the risks that influence to achieve organizational goals.
4) Information and Communication: The information is necessary for the organization to exercise internal control. Communication is used to provide the necessary information to the organization.
5) Monitoring: Consists of a series of concurrent or separate evaluations to determine if the components of internal control are working. Besides, a communication of the obtained results is performed to senior management when they are sufficiently relevant.