Aufbau Work out of an internal control system to a COSO I, corresponding article 728a and b OR or IDW PS 260 (Section 2, paragraph 5)

The putting into action procedure suggested RM Risk Management AG pursued the intention, a bureaucratic effort to avoid if possible, and to achieve an internal control system with the necessary risk judgements and integrated processes in conformity with the law.

You see the film edition quality in high-density by selecting "high-density is on" during the film ist shown.

Internal Control System - COSO I Framework

The COSO I framework model becomes standard internationally more and more for the build up of an internal control system. All leading auditing enterprises worldwide recommend forming the build up of internal control systems on the basis of the COSO I model.

The totality of an internal supervision

Each of the five internal supervision components represented in the framework is required to accomplish the goal of a reliable integrated finance, compliance and operation reporting. The judgement if the internal control system of an enterprise is efficient, requires a discretionary decision. The internal control system has five components closed which acts in combination to avoid or recognize and correct essential counterfeit presentments in the risk judgement and risk controlling or in the finance, compliance and operation reporting. If on the whole the five components are available and able to work that the executives as looked effectively safety regarding the reliable risk identification, judgement, control and as well as the work out of the finance, compliance and operation reporting, internal control system becomes effectively.

The 5 components of the Internal Control System (ICS) according to the internationally recognized COSO I model.

The following combination of the methodology at the introduction of an enterprise-wide internal control system bases at the IDW PS 260 (institute of the accountants, examination standard) or in Switzerland after article 728a and b OR and international in accordance to the COSO (Committee of sponsoring organisation of the Treadway Commission) framework "internal control - general framework".

Methodology of the putting into action of an internal control system

Becoming the principles, method and measures(regulations) understood, introduced by the management in the enterprise under an internal control system, which are judged on the organizational putting into action of the decisions of the management

- to save the effectiveness and economicalness of the business activity
--(the protection of the fortune, the prevention and uncovering of fortune damages is also included),
- to the compliance and reliability of the internal and external accounting as well as
- for the compliance for the enterprise substantial legal regulations.

Project definition
Due to a possible high complexity and duration of the introduction as well as the significance of an internal control system for an enterprise it is required to carry out the establishment of such a system in the context of a project. Over the success of the ICS project not only the used structured procedure (project management) and the project team but also this one decide active participation and support of the management. The project goals and the significance of the ICS project for the enterprise shall with corresponding care and be transparency expressed to all employees.

Organizational structure
The organizational structure describes the organizational units of an enterprise and their a relation or connection. The smallest organizational unity (a basic element) of an enterprise is the job. After that the authorities and departments which are organized predominantly hierarchically into so-called systems follow. The major qualities of the job are the job description and the occupant of a post, certain duties and rights are assigned to. The occupants of a post are an essential factor which can have an immediate influence on the operational risks. The organizational structure is very often represented in the form of organisation charts. The organizational structure forms together with the structuring of operations builds the formal organizational structure of an enterprise. A definition and documentation of the construction and structuring of operations is absolutely imperative in an enterprise at the establishment of an internal control system. She is required at the identification of the operational risks and to the definition of the preventive measures for the minimization or exclusion of the mentioned risks. In the context of the inside operational communication the construction and structuring of operations should be known to all employees.

Structuring of operations
The structuring of operations describes the arrangement of the work processes in the enterprise. To process types belongs service preparation processes to the essential ones, accounting processes, IT processes as well as management and support processes. At the service preparation processes how the purchase, the production and the sale are meant with all facets. The work processes can be represented in various details (method and work instruction, core and threads). A process is assigned to at least an organizational unity. Without detailed knowledge and documentation of the mentioned processes it is not the risks connected with that possibly of identifying and preventing them completely. In the context of the inside operational communication the construction and structuring of operations should be known to all employees.

All negative events which can prevent the creation of value or reduce the existing corporate values have to be understood under the business risks. It is the risks summarizing in the processes which was identified and documented in the structuring of operations. Furthermore even further risks belong e.g. and in the area of right and company strategy. The identification, assignment as well as the assessment and documentation of the business risks are the base for decisions of the management on the measures which are necessary and minimising risk and control activities. Fundamental at every risk ist to be defined the admission probability, the possible consequence and weighting as well as the cause. One or more risks can be assigned to a process.

Definition and assignment of the control activities
The primary task of the control activities is the prevention or minimization of the stated business risks. Furthermore further risks shall be uncovered by the control activities. Controls are ensured by corresponding organizational measures which are integrated into the enterprise processes. The effectiveness of internal controls is regularly checked with the help of control tests. The control test serves the examination whether controls work as defined and the assigned risks are covered. All control activities, organizational measures and the control tests are documented. An essential component of the documentation is the mentioned risk control matrix.

Monitoring and documentation
The internal control system, principles, method and measures (regulations) for the prevention of negative events, introduced as a collection, has to be established as permanent action. As such it becomes weightedly of the auditors, particularly the sensibility for problems and the behaviour of the management and the executives as well as the employees entrusted with the supervision of the enterprise (article 728a and b OR in Switzerland or IDW PS 260, §6.2.1 para. 44 in Germany). The documentation is an imperative component of the internal control system. A complete and proper documentation represents the base of a successful putting into action of the ICS project and serves the proof of the met organizational and technical measures in the enterprise. It serves as a very effective, organisation far communication media at the announcement and distribution of the met compliance-measures for all employees. It is indispensable at every kind of audit which can be run through internal or external auditors and inspectors.