FRAMEWORKS

A frame works is body of guiding prnciples that form a template against which organizations can
evaluate a multitude of business practise. These principles are comprised of various concepts,
values, assumptions and practices intended to provide a benchmark against which an organization
can assess or evaluate a particular structure, process, or environment, or a group of practices or
procedures. Specific to the practice of internal auditing, various frameworks are used to assess the
design adequacy and operating effectiveness of controls.
The II A provide the following guidance relative to the use frameworks : In general, a framework
provides a structural blueprint of how a body knowledge and guidance fit together. As a coherent
system, it facilitates, consistnt development, interpretation and application of concepts,
methodologies and techniques useful to discipline or profession.
It is important to begin by making a few distinctions so that there is no confusion regarding the
different frameworks discussed in this chapter specifically, enterprise risk management (ERM)
frameworks and frameworks more specifically designed to address internal control. Both deal with
risk mitigation and aspect of internal control, however, those frameworks that focus on internal
control alone are more narrowly defined and tend to be less strategic in nature. While this chapter
deals specifically with the subject of internal control and focuses on internal control frameworks , it
would be incomplete without identifying ERM frameworks and other globally recognized
frameworks dealing with governance, risk management and internal control that also have been
developed or have evolved over time. Chapter 3, Governance, addresses the governance, risk
management, and internal control hierarchy, while Chapter 4, Risk Management, specifically
discusses the Committee of Sponsoring Organizations of the Treadway Comission (COSO) ERM
framework in more detail. Exhibit 6-2 presents these frameworks.
Internal Control Risk Management
Althought the frameworks discussed in Exhibit 6-2 contain elements of internal control, there are
currently only three internal control frameworks recognized globally by management, independent
outside accountants/auditors, and internal audit professionals : Internal Control Integrated
Framework, issued by COSO in 1992; Guidance on Control (often reffered to as the CoCo framework),
published in 1995 by the Canadian Institute of Chartered Accountants (CICA), and Internal Conrol:
Revised Guide for Directores on the Combined Code (reffered to as the Turnbull Report), published by
the Financial Reporting Council, which first came out in.