1 A Practical Approach to Implementing the COSO Internal Control Integrated Framework Dr. Sandra B. Richtermeyer, CPA, CMA IMA s COSO Board Member Professor of Accountancy & Associate Dean Xavier University Cincinnati, Ohio USA
2 Key Areas of Focus for Today s Session Determine how internal controls are important to the achievement of organizational mission, vision, values and strategic goals Identify how the COSO Internal Control Integrated Framework (ICIF) benefits for organizations of all types Examine the components and principles that are essential to systems of internal control Understand how components and principles can be applied with key questions Summarize the internal control systems function in an integrated manner
3 Who or what is COSO? COSO stands for the Committee of Sponsoring Organizations of the Treadway Commission It all began in 1985 First framework released in 1992, updated in 2013 Nearly all publicly traded companies in the US use the COSO Internal Control Integrated Framework (ICIF) The ICIF is the most widely used internal control framework in the world
4 Who are the sponsoring organizations that represent COSO? Five nonprofit accounting associations based in the U.S. Each association has a wide global reach Combined membership of over 600,000 professionals Each organization is viewed as a global leader in advancing accounting and finance professionals
5 COSO s Mission COSO s Mission is To provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations. COSO s Fundamental Principle Good risk management and internal control are necessary for long term success of all organizations.
6 What do we mean by internal controls?
7 COSO s Definition of Internal Controls Internal control is a process, effected by an entity s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.
8 What do we mean by risk management?
9 COSO s Definition of Risk Management Risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. 9
10 Who is responsible for internal controls and risk management?
11 Key Roles and Responsibilities for Internal Controls and Risk Management Board of directors, board structure, board committees C-Suite Financial planning & analysis Risk and control personnel Other accounting and finance team members Internal and external audit Outsourced service providers Supply chain Legislators and regulators Analysts, bond rating agencies, news media, etc.
12 The Two COSO Frameworks Internal Control Integrated Framework (ICIF) Enterprise Risk Management Framework (ERM)
13 How do the Frameworks Fit Together? Internal Control Integrated Framework Enterprise Risk Management Framework
14 Linking the COSO Frameworks Internal Control Integrated Framework Strategic added to objectives Enterprise Risk Management Framework Risk Assessment in ICIF is Expanded into Three Components: 1) Event Identification 2) Risk Assessment and 3) Risk Response Currently Under Renovation!
15 Today s Focus is on the Internal Control Integrated Framework (ICIF)
16 The Cube Representation of the ICIF Objectives Top of Cube Entity View Side of Cube Components Front of Cube
17 Three Types of Objectives Operations achievement of an entity s basic mission, vision & strategies Reporting external financial & nonfinancial, internal financial & non-financial Compliance laws, regulations
18 Five Types of Components Control Environment Risk Assessment Control Activities Information and Communication Monitoring Each component is associated with key principles There are 17 total principles
19 Linking Organization Essentials with Main Parts of the COSO ICIF Mission Vision Values Strategy Objectives (3) Components (5) Principles (17) Points of focus ~80)
20 Linking Organization Essentials with Main Parts of the COSO ICIF Mission Vision Values Who is responsible for each of these important elements? Who determines the first four elements? Strategy Objectives (3) Are these part of internal control? Components (5) Principles (17) Points of focus ~80)
21 Governance Setting the Backdrop: Key Organizational Elements Enterprise risk management Internal control Linking organizational essentials with the COSO ICIF Roles and responsibilities for internal control
22 The Big Picture Key Relationships!! Governance Enterprise Risk Management Important to recognize the broader concepts!! Internal Control 22
23 5 Components & 17 Principles of the ICIF Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability Risk Assessment 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change Control Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures Information & Communication 13. Uses relevant information 14. Communicates internally 15. Communicates externally Monitoring Activities 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
24 Component - Control Environment Principle 1 The organization demonstrates a commitment to integrity and ethical values. Key questions How would you describe the tone of organizational leaders? Are formal codes of conduct in place? How would employees describe the culture in the organization? When things go wrong, what actions follow? Are personnel evaluations consistent with expectations and cultural alignment?
25 Component - Control Environment Principle 1 activities and examples Establish a set of core values Define and illustrate lines of communication Use company communications to reinforce commitment to ethics, values, integrity Evaluate key partners in your supply chain in terms of their ethics, values and standard of conduct Evaluate ethical climate throughout the organization Evaluate how you take action when deviations occur
26 Component - Control Environment Principle 2 The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Key questions Is there a governing body in place for oversight? If yes, do they understand and accept their oversight responsibilities? Is the governing body comprised of individuals with the right skills and expertise to provide oversight?
27 Component - Control Environment Principle 2 activities and examples Review the descriptions of board committees Review roles and responsibilities for board members Prepare formal criteria for evaluation of board candidates (identifying new, assessing existing directors) Document activities of audit committee Establish policies and practices for communication between board and management Establish policies and practices for communication between levels of management Create a meetings calendar (and a meeting budget) Operates independently Provides oversight for the system of internal control
28 Component - Control Environment Principle 3 Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. Key questions Is the entire organization considered in terms of the scope? Are the lines of authority clear throughout the organization from the governing body or board down to each level of management? Are the roles of outsourced providers clear in terms of lines of authority and the scope of their services?
29 Component - Control Environment Principle 3 activities and examples Evaluate lines of authority Consider how representative your org chart is in terms of reality Look at organizational hierarchy in terms of relevance and appropriate segregation of duties Create (or review) an authority and approval matrix Link roles and responsibilities with key strategic goals and objectives Evaluate agreements with your supply chain partners and/or outside service providers
30 Component - Control Environment Principle 4 The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. Key questions Do adequate policies and procedures exist? Can the policies and procedures be linked to show support of objectives and strategic goals of the organization? How are any gaps in skill sets and competencies addressed? Are the right people working in the organization? How are personnel developed and retained? Are succession plans in place for members of the governing body and key personnel?
31 Component - Control Environment Principle 4 activities and examples Determine a calendar for policy review Link competency standards to hiring, training and retention activities Look for gaps in knowledge, skills and expertise Define performance expectations Create a training plan Evaluate your ability to implement complex regulations, accounting standards, tax matters Review (or create) succession plan
32 Component - Control Environment Principle 5 The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. Key questions How are personnel held accountable for internal control responsibilities? Are performance indicators or metrics linked to incentives and rewards?
33 Component - Control Environment Principle 5 The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. Key questions Are any excessive pressures that may threaten the ability of management to accomplish organizational objectives considered? Are those responsible for the system of internal control evaluated?
34 Component - Control Environment Principle 5 activities and examples Obtain sign-offs on goals mutually agreed upon with management and the board Develop incentives that are properly linked to performance Evaluate the appropriateness of awards Establish clear ways to communicate the basis for rewards Board and management periodic review of the appropriateness of incentives and rewards Evaluate link between incentives and organizational values
35 5 Components & 17 Principles of the ICIF Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability Risk Assessment 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change Control Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures Information & Communication 13. Uses relevant information 14. Communicates internally 15. Communicates externally Monitoring Activities 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
36 Component Risk Assessment Principle 6 The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. Key questions How are the objectives related to: Operations External financial and nonfinancial reporting Internal financial and nonfinancial reporting Compliance
37 Component Risk Assessment Principle 6 activities and examples Assess materiality for financial statements Review financial accounting policies against standards (GAAP or IFRS) Review internal accounting reporting policies Benchmark policies with peer groups or supply chain partners, strategic partners Review all aspects or ranges of business and consider how they are represented in reports
38 Component Risk Assessment Principle 7 The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. Key questions Are all aspects of the entity included? Subsidiary, division, operating unit, and functional levels? Are both internal and external factors considered? Are all appropriate levels of management involved? Have you evaluated how to estimate the significance of risks? Have you determined how to respond to risks?
39 Component Risk Assessment Principle 7 activities and examples Assess and link risk to significant financial statement accounts Impact on financial statements Character of accounts Link accounts to business processes Examine fraud risk Evaluate account across entity Analyze risk across functions Create a risk identification and analysis matrix Rate processes or accounts by risk categories (high medium, low) Establish meeting schedule between accounting and finance personnel and leaders in other functional areas Create plan of analysis of technology risk Create benchmarks to address significance and response to risk
40 Component Risk Assessment Principle 8 The organization considers the potential for fraud in assessing risks to the achievement of objectives. Key questions What are the types of fraud that can occur? What incentives and pressures exist that can impact fraudulent activity? How might you assess opportunity for fraud? Have you considered how inappropriate behaviors may be invoked by certain attitudes and rationalizations?
41 Component Risk Assessment Principle 8 activities and examples Look at historical fraud activities: Inventory theft Inventory shrinkage Whistle-blower reports Number of override entries Late reports Adjustment of estimates Benchmark whistleblower program with supply chain and/or industry Document how fraud risks are being managed
42 Component Risk Assessment Principle 9 The organization identifies and assesses changes that could significantly impact the system of internal control. Key questions What changes in the external environment may impact risk assessment? How may modifications to the business model assess change? How can changes in leadership affect our approach to risk?
43 Component Risk Assessment Principle 9 examples and activities Assess changes in external environment Websites/disclosures Social media Newspaper clipping services Search engines/alerts Conferences Professional organizations Evaluate changes in international conditions Preparing for leadership changes Evaluate impact on culture after acquisitions Evaluate impact on culture when strategic alliances are formed
44 5 Components & 17 Principles of the ICIF Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability Risk Assessment 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change Control Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures Information & Communication 13. Uses relevant information 14. Communicates internally 15. Communicates externally Monitoring Activities 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
45 Component Control Activities Principle 10 The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. Key questions How do control activities integrate with risk assessment? Have entity-specific factors been appropriately considered? Has management determined how internal control activities affect relevant business processes? Have a mix of control activity types been considered? How have you considered how control activities affect various levels of the organization? How may segregation of duties be important?
46 Component Control Activities Principle 10 activities and examples Use a workshop to link risks to control activities Create and/or maintain a risk and controls matrix Evaluate controls in outsourced Evaluate preventive vs. detective controls Control and evaluate the use of estimates Develop plans when adequate segregation of duties is not possible
47 Component Control Activities Principle 11 The organization selects and develops general control activities over technology to support the achievement of objectives. Key questions How can you evaluate the dependency between the use of technology in business processes and technology general controls?
48 Component Control Activities Principle 11- activities and examples Use walkthroughs to gain understanding of technology dependencies Evaluate use of spreadsheets Compare enterprise system capability with off-system activities Examine technology access controls Manage changes or customizations to purchased software Manage changes or customizations to internally developed software Create a plan for software upgrades
49 Component Control Activities Principle 12 The organization deploys control activities through policies that establish what is expected and procedures that put policies into action. Key questions Have policies and procedures to support deployment of management s directives been established? Is authority for executing policies and procedures clear? Are control activities performed in a timely manner? Do those responsible takes corrective action when necessary? Are control activities overseen performed by competent personnel? Are policies and procedures reassessed as appropriate?
50 Component Control Activities Principle 12 - activities and examples Develop documentation policies and procedures Use templates to or standards for documentation Establish responsibilities for reviewing internal financial statements Create a deployment plan with business unit leaders for internal control activities and policy review Regularly assess policies and procedures Evaluate corrective actions
51 5 Components & 17 Principles of the ICIF Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability Risk Assessment 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change Control Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures Information & Communication 13. Uses relevant information 14. Communicates internally 15. Communicates externally Monitoring Activities 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
52 Component Information & Communication Principle 13 The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. Key questions Have you identified key information requirements? Have internal and external sources of data been captured? Has relevant data been processed into information? Has quality been maintained throughout processing? What are the costs vs. benefits?
53 Component Information & Communication Principle 14 The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. Key questions Is a process in place to communicates internal control information? How is this communicated to the governing body or board of directors? Are separate lines of communication available? How have relevant methods of communication been determined?
54 Component Information & Communication Principle 14 activities and examples Developing guidelines for communications to board of directors Evaluate technology used to supply information to board of directors Communicating activities of whistleblower and ethics hotlines to employees Evaluate the need for crossfunctional teams Establish a cross-functional internal control committee Create a mentoring program
55 Component Information & Communication Principle 15 The organization communicates with external parties regarding matters affecting the functioning of internal control. Key questions How does the organization Communicate to external parties? Enable inbound communications? Communicate with the board of directors? Provide separate communication lines? Select relevant methods of communication?
56 5 Components & 17 Principles of the ICIF Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability Risk Assessment 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change Control Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures Information & Communication 13. Uses relevant information 14. Communicates internally 15. Communicates externally Monitoring Activities 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
57 Component Monitoring Activities Principle 16 The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. Key questions How does the organization Consider a mix of ongoing and separate evaluations? Consider a rate of change? Establish a baseline understanding? Use knowledgeable personnel? Integrate with business processes? Adjust scope and frequency? Objectively evaluate?
58 Component Monitoring Activities Component Monitoring Activities Principle 17 The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. Key questions How are results of deficiencies assessed? Ho are deficiencies communicated? How does management and relevant personnel monitor corrective actions?
59 We ve reviewed the basic elements of the Framework Questions? Concerns? Now what? What should you do next? Roles and responsibilities to enable a healthy system of internal control Conclusion and wrap-up
60 Suggested Next Steps Read, understand, and train others Meet with your audit team Take 17 Principles inventory Map your controls to Principles, consider Points of Focus Evaluate results and plan change Meet with your audit firm again Execute the transition plan, monitor change
62 Thank you! My contact information:
63 The following slides are meant to be helpful after you get back to the office and dig deeper into internal controls and risk management.
64 Important Items to Emphasize Regarding Definition of Internal Control Geared to accomplishing objectives in one or more separate but overlapping categories operations, reporting and compliance A process that includes ongoing tasks and activities it is a means to an end, not an end to itself Effected by people (not affected) internal control isn t just about policy and procedure manuals culture is key! Able to provide reasonable assurance keep in mind the word reasonable not absolute! Adaptable to the entity structure it is important that it is able to apply across the entire organization, not just certain departments, divisions or locations.
65 What are the limitations of internal control systems? Are the objectives that drive the system of internal control appropriate? Humans are involved and we are inherently prone to error Breakdowns can occur due to failure and error Management can override internal control Management, other personnel or external parties can break down the system individually or in a collusive manner External events that are beyond the organization s control may occur at any time
66 What is Effective Internal Control? An effective system of internal control reduces, to an acceptable level, the risk of not achieving an objective relating to one, two or all three categories (operations, reporting, compliance). It requires that: Each of the five components on internal control and relevant principles is present and functioning The five components are operating together in an integrated manner
67 What is present and functioning? Present the components and relevant principles exist in the system of internal control Functioning the components and relevant principles continue to work in the system of internal control to achieve the organization s objectives
68 What do we mean by operating together? The concept of integration in the application of the COSO ICIF is important! The components must work together in an integrated manner. All five components, working together, have an important role to play in terms of reducing the risk of not achieving an objective. The components are interdependent If components are not present and functioning, then they can t be working together in an integrative manner!
69 What are deficiencies in a system of internal control? A deficiency in general a component(s) and relevant principle(s) has shortcomings that reduce the likelihood of an organization achieving its objectives. A major deficiency the likelihood that an organization will achieve its objectives is severely reduced. If a major deficiency exists, the organization cannot conclude that it has an effective system of internal control. If management determines that a component and one or more relevant principles are not present and functioning and working together major deficiency.
70 Please check out the many free resources provided by COSO including an executive summary of the COSO Framework Also
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
An overview of COSO s 2013 Internal Control-Integrated Framework Prepared by: Sara Lord, Partner, National Professional Standards Group, McGladrey LLP email@example.com May 2013 Introduction In 1992,
COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)
Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 9, 2015 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org TABLE
COSO 2013 P r e s e n t e d b y : Tim Lietz A p r i l 8, 2 0 1 4 1 Our Time with You COSO Background Why COSO 2013? What Has Changed? Principles Overview Implementation Tasks and Challenges 2 COSO Background
Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied
Updates to the COSO Internal Controls Framework How to Apply it to Your Control Framework Presenters Jack Kristan, CPA. CIA, MBA Senior Consulting Manager, Plante Moran Enterprise Risk Services Jack has
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 SIGNIFICANT CHANGES AFFECTING INTERNAL CONTROL
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
The Updated COSO Internal Control Framework Frequently Asked Questions Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing thought leadership
T The Revised COSO ERM Framework Robert Hirth Chairman, COSO COSO: Thought Leadership to Improve Your Organization What the Heck is COSO?... Originally formed in 1985, COSO is a joint initiative of five
COSO Framework 2013 & SOX Compliance Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013 What s Happened On May 14, 2013, after a little more than 20 years the Committee of Sponsoring
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,
A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 3 INTERNAL CONTROL OVER FINANCIAL REPORTING: MANAGEMENT
Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal
Index Accounts Payable Process Review Procedures Assessments, 191 Actions to Resolve Risks COSO ERM Control Activities, 97 Activity Management COSO ERM Control Activities, 81 AICPA SAS No. 1 Internal Controls
Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need
Standards for Internal Control in New York State Government OFFICE OF THE NEW YORK STATE COMPTROLLER Thomas P. DiNapoli, State Comptroller March 2016 A Message from State Comptroller Thomas P. DiNapoli
Corporate Governance, Internal Control and Enterprise Risk Chapter One Black CPA Review www.blackcpareview.com Chapter 1 Objectives: Objective 1: Understand the elements of corporate governance Objective
Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining
Committee of Sponsoring Organizations of the Treadway Commission Governance and Internal Control LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE By The Institute of Internal Auditors Douglas J. Anderson
Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF
Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:
February 2015 Sample audit committee charter Sample audit committee charter This sample audit committee charter is based on observations of selected companies and the requirements of the SEC, the NYSE,
The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why
Internal Financial Controls Over Financial Reporting CAA 09-01-2016 INDEX 1. INTRODUCTION 2. ROLE OF VARIOUS AUTHORITIES 3. FRAMEWORK AND SPECIFIED DATE OF REPORTING 4. PROCESS VS CONTROL 5. CONTROLS AND
Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked Questions Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked
COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP Disclaimer The material appearing in this presentation is for informational purposes only and should not be construed
INTERNAL CONTROLS EVALUATION Planning an Internal Controls Evaluation Project Internal Control Documentation Internal Control Testing Evaluation of Internal Control Deficiency Reporting Internal Control
Introduction to IT Audit January 23, 2008 Who We Are Randy Roehm Technology Risk Director Jason Brucker Technology Risk Manager Zeb Buckner Internal Audit Consultant Zeb.firstname.lastname@example.org Darcie Allen
UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL Evaluation and Inspection Services Memorandum May 5, 2009 TO: FROM: SUBJECT: James Manning Acting Chief Operating Officer Federal Student
A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 1 AUDITING: INTEGRAL TO THE ECONOMY LEARNING OBJECTIVES
Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page
From Treadway To the Cube (1987 2014) National Society of Accountants for Cooperatives (NSAC) CLAconnect.com Instructor: Ron Durkin, CPA/CFF, CFE, CIRA National Principal in Charge Fraud & Misconduct Investigations
FRAMEWORK FOR AN ETHICAL MATURITY INDEX Authors: Elena Demidenko and Patrick McNutt Across key Enterprise risk management frameworks, COSO ERM (http://www.coso.org) and ASNZ4360 (ASNZ 4360: 2004 (http://www.standards.com.au)
Fraud and Role of Information Technology September 2008 Agenda IT Value Proposition Slide 2 Prior Interpretations of Internal Control Structure Have Addressed Three Separate Parts Which Were Audited Somewhat
The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
Internal Control - Integrated Framework Executive Summary Senior executives have long sought ways to better control the enterprises they run. Internal controls are put in place to keep the company on course
GAO United States General Accounting Office Internal Control November 1999 Standards for Internal Control in the Federal Government GAO/AIMD-00-21.3.1 Foreword Federal policymakers and program managers
Quality management input comprises the standard requirements from ISO 9001:2015 which are deployed by our organization to achieve customer satisfaction through process control. Quality Manual ISO 9001:2015
ANNUAL CONFERENCE T O P I C Risk Management WORKING Hand IN Hand: Balanced Scorecards AND Enterprise Risk Management B Y M ARK B EASLEY, CPA; A L C HEN; K AREN N UNEZ, CMA; AND L ORRAINE W RIGHT Recent
Auditing Standard No. 5 An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements June 12, 2007 AUDITING AND RELATED PROFESSIONAL PRACTICE STANDARDS
Competency Requirements for Executive Director Candidates There are nine (9) domains of competency for association executives, based on research conducted by the American Society for Association Executives
What the Auditor Is Looking For Presented by: Dennis F. Dycus, CPA, CFE, CGFM, Director Office of the Comptroller of the Treasury Division of Municipal Audit TAUD Administrative Professional s Conference
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS Paragraphs Introduction... 1-3 Characteristics of Fraud...
INTERNAL CONTROL I. SOME GENERAL COMMENTS ON INTERNAL CONTROL Companies establish internal control (IC) to aid the company in more effectively meeting its goals. It is management s responsibility to maintain
SARBANES-OXLEY SECTION 404 A TOOLKIT FOR MANAGEMENT AND AUDITORS VOLUME 1 This volume addresses PwC risk management policies and audit methodology and is for internal distribution only. This toolkit volume
The 2013 COSO Framework & SOX Compliance ONE APPROACH TO AN EFFECTIVE TRANSITION By J. Stephen McNally, CPA The 2013 COSO Framework & SOX Compliance ONE APPROACH TO AN EFFECTIVE TRANSITION By J. Stephen
Internal Financial Controls Who All Are Responsible? 3 What is Internal Financial Control (IFC)? 5 What is Internal financial controls over financial reporting (ICFR)? Internal Controls Global Perspective
Committee of Sponsoring Organizations of the Treadway Commission Enterprise Risk Management Aligning Risk with Strategy and Frequently Asked Questions November 2016 edition Table of Contents Project Background...
Developing Effective Internal Controls Using the COSO Model Office of State Controller Internal Controls in a COSO Environment Seminar Raleigh, North Carolina March 2007 Mark S. Beasley Director, ERM Initiative
www.pwc.com Ethics and Compliance Training Keep Up Your Dukes - Benchmarking and Maintaining Your System April 1, 2014 Ethics and Compliance Keep Up Your Dukes - Benchmarking and Maintaining Your System
INTERNATIONAL STANDARD ON AUDITING 315 IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (Effective for audits of financial statements for
INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 Introduction THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS (Effective for audits of financial statements for
February 2015 Audit committee performance evaluation Audit committee performance evaluation The following questionnaire is based on emerging and leading practices to assist in the self-assessment of an
COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1 Who/What
Federal Sentencing Guidelines Presented by: Paulette Wunsch, VP and Chief Integrity and Compliance Officer In the pursuit of health 1 Overview Our Company Mission, Vision and Values Innovation Overview
SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing
Mississippi s Nonprofit Management Certification Program A History of Excellence in Action Excellence in Action (EIA) is based on the Mississippi Center for Nonprofits Principles and Practices for Nonprofit
Inclusive of, framework, procedures and methodology Contents 1 Introduction 1 1.1 Legislative Framework and best practice 1 1.2 Purpose of Enterprise Risk Management 2 1.3 Scope and Applicability 3 1.4
Article from: The Financial Reporter December 2004 Issue 59 Actuarial Aspects of SOX 404 Laura J. Hay and Richard H. Browne Laura J. Hay is principal at KPMG LLP in New York, N.Y. She can be reached at
Examination of an Entity s Internal Control 1403 AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:
Introduction to Financial Management Best Practices P R E S E N T E D B Y G L E N D A Y. H I C K S, C P A F O R P A R E N T T O P A R E N T O F G E O R G I A, I N C. R E G I O N 3 P T A C F E B R U A R
Clarifying the Confusion between COSO and ISO Clarifying the Confusion between COSO and ISO 2 Introduction According to the Association of Certified Fraud Examiners, a typical organisation loses an estimated
A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
ORDINANCE 16-22 ] AN ORDINANCE ESTABLISHING INTERNAL CONTROL STANDARDS AND ESTABLISHING A MATERIALITY THRESHOLD WHEREAS, The City ofwestfield, ("City") is a duly formed municipal corporation within the
INTERNATIONAL STANDARD ON 240 THE AUDITOR S RESPONSIBILITIES RELATING TO (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction
The Consideration Of Fraud In A Financial Statement Audit: Some Study Questions Eddie Metrejean, Georgia Southern University Lou X. Orchard, (Email: Lou.Orchard@wichita.edu), Wichita State University L.
Advisory Services Antifraud program and * Fraud risks & controls February 2008 *connectedthinking 2008 PricewaterhouseCoopers LLP. All rights reserved. PricewaterhouseCoopers refers to PricewaterhouseCoopers
Enterprise Risk Management Process Improvement 2 Contact Information Contact Information Chad Knutson Senior Information Security Consultant CISSP, CISA, CRISC Phone: 605-480-3366 email@example.com
4711 Yonge Street Suite 700 Toronto ON M2N 6K8 Telephone: 416-325-9444 Toll Free 1-800-268-6653 Fax: 416-325-9722 4711, rue Yonge Bureau 700 Toronto (Ontario) M2N 6K8 Téléphone : 416 325-9444 Sans frais
Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za firstname.lastname@example.org 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms
QA Roles and Responsibilities There are various roles on projects, some people may play more than one role. You should always check with your organizations testing methodology on what your role(s) are.
INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 315 IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (Effective for audits of financial
Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role
Developing an Effective Enterprise Risk Management Program Jay Brietz, CPA and CIA Senior Manager This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
Understanding the Entity and Its Environment 1667 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55.) Source: SAS No. 109.
APPROVED by Resolution of the Board of Directors of Rosneft Minutes No. 16 dated May 07, 2013 In effect from July 22, 2013 by Order dated July 22, 2013 No. 311 COMPANY POLICY INTERNAL CONTROL AND ENTERPRISE
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations