Executive's Guide to COSO Internal Controls: Understanding and Implementing the New Framework by

CHAPTER 2

How We Got Here: Internal Control Background

ALTHOUGH THE CONCEPT OF BUSINESS and accounting systems internal controls is fairly well understood today by enterprise senior managers, this was not true before the late 1980s. In particular, while we often understood the general concept, there had been no consistent agreement among many interested persons of what was meant by “good internal controls” from either a business process or a financial accounting sense. Those early definitions first came from the American Institute of Certified Public Accountants (AICPA) and were then used by the U.S. Securities and Exchange Commission (SEC) for the Securities Exchange Act of 1934 regulations and provide a good starting point. Although there have been changes over the years, the AICPA’s first codified standards, called the Statement on Auditing Standards (SAS No. 1), defined the practice of financial statement external auditing in the United States for many years with the following definition for internal controls:

Comprises the plan of enterprise and all of the coordinate methods and measures adopted within a business to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies.

That original AICPA SAS No. 1 then was later modified to add administrative and accounting controls to the basic internal controls definition. Administrative controls include, but are not limited ...