Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

COSO III - Internal Control (IC) Integrated Framework (2013) study guide mind map by Mind Map: COSO III - Internal Control (IC) Integrated
Framework (2013) study guide mind
5.0 stars - 26 reviews range from 0 to 5

COSO III - Internal Control (IC) Integrated Framework (2013) study guide mind map

Trademarks are properties of the holders, who are not affiliated with mind map author.

see also COSO ERM-IF mind map

COSO III IC-IF Cube (2013)

A direct relationship exists between objectives, components, and the entity structure which can be depicted in the form of a cube.

The objectives are represented by the columns.

The components are represented by the rows.

The entity structure is represented by the third dimension of the cube

Components (5) (front side)

What is it?

Represent what is required to achieve objectives.

Control Environment

Principles, 1. Demonstrates Commitment to Integrity and Ethical Values, 2. Exercises Oversight Responsibility, 3. Establishes structure, authority and responsibility, 4. Demonstrates Commitment to Competence, 5. Enforces Accountability

Risk Assessment

Principles, 6. Specify Suitable Objectives, 7. Identify and Analyze Risks, 8. Assess Fraud Risk, 9. Identify and Analyze Significant Change

Control Activities

Principles, 10. Selects and Develops Control Activities, 11. Selects and Develops General Controls over Technology, 12. Deploys through Policies and Procedures

Information and Communication

Principles, 13. Uses Relevant, Quality Information, 14. Communicates Internally, 15. Communicates Externally

Monitoring Activities

Principles, 16. Selects, develops and performs evaluations to determine if components of IC are present and functioning, 17. Evaluates and communicates IC deficiencies

Objectives categories (3) (top side)

What is it?

Are what an entity desires to achieve.


“Internal control is a process effected by an entities board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.”




Entity Structure: / Entity and units (4) (right side)

What is it?

Represent the operating units, legal entities and other structures

Interactive Glossary

Interactive COSO IS-IF Glossary

download COSO IS-IF Glossary

Basic Definitions (according to COSO)

Enterprise Risk Management (ERM)

Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

Is a process, Enterprise risk management is not one event or circumstance, but a series of actions that permeate an entity's activities.

Is effected by people, Enterprise risk management is effected by a board of directors, management and other personnel. It is accomplished by the people of an organization, by what they do and say.

Is applied in strategy setting, An entity sets out its mission or vision and establishes strategic objectives, which are the high-level goals that align with and support its vision or mission.

Is applied across the enterprise, To successfully apply enterprise risk management, an entity must consider its entire scope of activities. Enterprise risk management considers activities at all levels of the organization, from enterprise-level activities such as strategic planning and resource allocation, to business unit activities such as marketing and human resources, to business processes such as production and new customer credit review.

Is designed to identify events potentially affecting the entity and manage risk within its risk appetite, Risk appetite is directly related to an entity’s strategy. It is considered in strategy setting, where the desired return from a strategy should be aligned with the entity’s risk appetite. Different strategies will expose the entity to different risks. Enterprise risk management, applied in strategy setting, helps management select a strategy consistent with the entity’s risk appetite.

Provides reasonable assurance, Well-designed and operated enterprise risk management can provide management and the board of directors reasonable assurance regarding achievement of an entity's objectives., They understand the extent to which the entity’s strategic objectives are being achieved., They understand the extent to which the entity's operations objectives are being achieved., The entity’s reporting is reliable., Applicable laws and regulations are being complied with.

Is geared to the achievement of objectives, Effective enterprise risk management can be expected to provide reasonable assurance of achieving objectives relating to the reliability of reporting and to compliance with laws and regulations. Achievement of those categories of objectives is within the entity’s control and depends on how well the entity’s related activities are performed.

Risk Appetite

Risk appetite is the amount of risk an entity is willing to accept in pursuit of value. Entities often consider risk appetite qualitatively, with such categories as high, moderate or low, or they may take a quantitative approach, reflecting and balancing goals for growth, return and risk.

Risk appetite is directly related to an entity’s strategy. It is considered in strategy setting, where the desired return from a strategy should be aligned with the entity’s risk appetite.

Risk Culture

Risk culture is the set of shared attitudes, values and practices that characterize how an entity considers risk in its day-to-day activities. For many companies, the risk culture flows from the entity’s risk philosophy and risk appetite. For those entities that do not explicitly define their risk philosophy, the risk culture may form haphazardly, resulting in significantly different risk cultures within an enterprise or even within a particular business unit, function or department.

Risk Subcultures

Individual business units, functions and departments will have slightly different risk cultures. Managers of some are prepared to take more risk, while others are more conservative, and these different cultures sometimes work at cross-purposes.

This freeware, non-commercial mind map (aligned with the newest version of COSO IC IF) was carefully hand crafted with passion and love for learning and constant improvement as well for promotion the standard and framework COSO IC IF and as a learning tool for candidates wanting to gain COSO IC IF knowledge. (please share, like and give feedback - your feedback and comments are my main motivation for further elaboration. THX!)

Questions / issues / errors? What do you think about my work? Your comments are highly appreciated. Please don't hesitate to contact me for :-) Mirosław Dąbrowski, Poland/Warsaw.