Internal Control, Fraud, and the New COSO Framework
|
|
- Antony Gray
- 7 years ago
- Views:
Transcription
1 Internal Control, Fraud, and the New COSO Framework Presented By: Zach Chalifour, CPA November 19, 2014 Click HERE to listen to webinar. Internal Control, Fraud, and the New COSO Framework Presented By: Zach Chalifour, CPA November 19,
2 Housekeeping How to ask questions Technology questions CPE Eligibility About Your Presenter Zach Chalifour, CPA Senior Manager James Moore, CPAs 2
3 Internal Control, Fraud, and the New COSO Framework Presented By: Zach Chalifour, CPA November 19, 2014 Agenda Internal Control Overview Internal Control Defined Limitations COSO Internal Control Integrated Framework Principles and Points of Focus Fraud Update The GAO Green Book Transition and Impact of New COSO Framework Questions 3
4 Internal Control Internal Controls Defined Committee of Sponsoring Organizations (COSO) Definition - Internal control is broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: 1. Effectiveness and efficiency of operations. 2. Reliability of financial reporting. 3. Compliance with applicable laws and regulations. 4
5 Internal Control: Daily Application Internal Controls are a process to accomplish a goal/objective not just an additional requirement for the sake of doing more work. Consider controls used on a daily basis in our personal lives: Locking our cars and homes Review personal credit card statement charges Check expiration dates on food Looking both ways when crossing the road Controls Goal: Same second-nature feeling Internal Control Limitations Inherent limitations to Internal Controls They are affected by people and technology Internal controls are only as good as the people performing them Opportunities for Error Collusion Reasonable, not absolute, assurance Importance of understanding benefit of controls Costs vs. Benefits Preventative vs. Detective Controls 5
6 The New COSO Framework - Overview COSO Background COSO (Committee of Sponsoring Organizations) of the Treadway Commission released original guidance, Internal Control Integrated Framework, in The document was recognized as leading framework for designing, implementing and conducting internal control and assessing the effectiveness of internal control. 6
7 Overview of Changes What Has Not Changed Core definition of internal control Three categories of objectives and five components of internal control Each of five components are required for effective internal control Role of judgment in designing, implementing, and conducting internal control, and in assessing effectiveness What Has Changed Changes in business and operating environments considered Operations and reporting objectives expanded Fundamental concepts underlying the 5 component outlined in 17 principles Additional approaches and examples relevant to operations, compliance, and non-financial reporting objectives added Certain key areas of concern are specifically addressed such as fraud and the role of technology. Overview of the Framework New COSO Outlines: Definition of internal control Categories of objectives Components and principles of internal control Requirements for effectiveness 7
8 New COSO Framework Internal Control Definition of Internal Control: Internal Control is a process, affected by an entity s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. New COSO Framework Objectives Categories of Objectives: Operations Reporting Previously Financial Reporting. Now includes other types of reporting such as non-financial and internal reporting. Compliance 8
9 New COSO Framework Components Five Components of Internal Control: 1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information & Communication 5. Monitoring Activities New COSO Framework Principles Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies 9
10 New COSO Framework Requirements for Effectiveness Each principle must be present and functioning for the related component to be considered present and functioning. Present relevant principles exist in the design and implementation of the system of internal control to achieve specified objectives Functioning relevant principles continue to exist in the conduct of the system of internal control to achieve specified objectives Auditor Assessment: Design and Implementation Additional Requirements for Effective Internal Control Each principle is suitable to all entities All principles are presumed relevant except in rare situations Components operate together when all components are present and functioning Internal control deficiencies aggregated across components do not result in one or more major deficiencies A major deficiency represents an internal control deficiency or combination thereof that severely reduces the likelihood that an entity can achieve its objectives 10
11 Role of Internal Controls The Framework does not prescribe controls to be selected, developed, and deployed for effective internal control Not one-size-fits-all Management judgment based on factors unique to the entity A major deficiency in a component or principle cannot be mitigated to an acceptable level by the presence and functioning of other components and principles However, understanding and considering how controls effect multiple principles can provide persuasive evidence supporting management s assessment of whether components and relevant principles are present and functioning Internal Control Integrated Framework 11
12 Internal Control Principles 5 Components 17 Principles 83 Points of Focus Points of Focus are an evaluation tool and may not all be applicable to each principle. Documentation related to internal control must address each of the 17 principles and whether they are present and functioning, but does not have to touch on each Point of Focus. Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 12
13 Control Environment Principle 1 Control Environment Component (Principle 1) Demonstrates a commitment of integrity and ethical values Points of Focus: Sets the tone at the top Establishes standards of conduct Evaluates adherence to standards of conduct Addresses deviations in timely manner Control Environment Principle 2 Exercises oversight responsibility Establishes oversight responsibilities Retains oversight for the system of internal control Applies relevant expertise Operates independently Provides oversight 13
14 Control Environment Principle 3 Establishes structure, authority and responsibility Considers all structures of the entity Establishes reporting lines Defines, assigns, and limits authorities and responsibilities Control Environment Principle 4 Demonstrates commitment to competence Establishes policies and practices Evaluates competence and addresses shortcomings Attracts, develops and retains individuals Plans and prepares for succession 14
15 Control Environment Principle 5 Enforces accountability Enforces accountability through structures, authorities and responsibilities Establishes performance measures, incentives and rewards Evaluates performance measures, incentives and rewards for ongoing relevance Considers excessive pressures Evaluates performance and rewards or disciplines individuals Risk Assessment 6. Specifies relevant objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 15
16 Risk Assessment *source: Fraud-Related Internal Controls - ACFE Risk Assessment Principle 6 Specifies suitable operations objectives Reflects management s choices Considers tolerances for risk Includes operations and financial performance goals Forms a basis for committing of resources 16
17 Risk Assessment Principle 6 Specifies suitable external financial reporting objectives Complies with applicable accounting standards Considers materiality Reflects entity activities Risk Assessment Principle 6 Specifies suitable external non-financial reporting objectives Complies with externally established standards and frameworks Considers the required level of precision Reflects entity activities 17
18 Risk Assessment Principle 6 Specifies suitable internal reporting objectives Reflects management s choices Considers the required level of precision Reflects entity activities Risk Assessment Principle 6 Specifies suitable compliance objectives Reflects external laws and regulations Considers tolerances for risks 18
19 Risk Assessment Principle 7 Identifies and analyzes risk Includes entity, subsidiary, division, operating unit, and functional levels Analyzes internal and external factors Involves appropriate levels of management Estimates significance of risks identified Determines how to respond to risks Risk Assessment Principle 8 Risk Assessment Component (Principle 8) The organization considers the potential for fraud in assessing risks to the achievement of objectives Point of Focus: Considers various types of fraud Assesses incentives and pressures Assesses opportunities Assesses attitudes and rationalizations 19
20 Risk Assessment Principle 8 Fraud is more than misappropriation of assets or fraudulent financial reporting. Non-financial data can be modified to enhance safety reporting, show milestones needed for pay raises or to allow unauthorized use or disposal of assets. The presence of anti-fraud controls is effective at reducing fraud loss, but the risk cannot be completely eliminated. ACFE Report To The Nations ACFE 2014 Report Organizations lose an estimated 5% of revenues annually Median loss = $145,000 Detection of frauds: Tips 42% External audit 3% 20
21 Fraud Detection (2014 Report to the Nations, ACFE) Anti-Fraud Controls (2014 Report to the Nations, ACFE) 21
22 Primary Internal Control Weaknesses (2014 Report to the Nations, ACFE) Behavioral Red Flags (2014 Report to the Nations, ACFE) 22
23 Risk Assessment Principle 9 Identifies and analyzes significant change Assesses changes in the external environment Assesses changes in the business model Assesses changes in leadership Internal Control Examples: Risk Assessment Changes that may cause new risks: Changes in operating environment; New personnel; New or revamped information systems; Rapid growth; New technology; New business models, products, or activities; Corporate restructurings; Expanded foreign operations; and New accounting pronouncements or other financial reporting requirements. 23
24 Control Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures Control Activities Principle 10 Selects and develops control activities Integrates with risk assessment Considers entity-specific factors Determines relevant business processes Evaluates a mix of control activity types Considers at what level activities are applied Addresses segregation of duties 24
25 Point of Focus Example 11 Control Activities Component (Principle 11) The organization selects and develops general control activities over technology to support the achievement of objectives. Points of Focus: Determines dependency between use of technology and GITC Establishes relevant technology infrastructure Establishes relevant security management process control activities Establishes relevant technology acquisition, development and maintenance process control activities Control Activities Principle 12 Deploys through policies and procedures Establishes policies and procedures to support deployment of management s directives Establishes responsibility and accountability for executing policies and procedures Performs in a timely manner Takes corrective action Performs using competent personnel Reassesses policies and procedures 25
26 Internal Control Examples: Control Activities Control Development Considerations: The type of control (i.e., manual or automated) and the frequency with which it operates; The complexity of the control; The risk of management override; The degree of judgment required to operate the control; The competence of the personnel who perform the control; Any changes in key personnel who perform the control; The nature and materiality of misstatements that the control is intended to prevent or detect; The degree to which the control relies on the effectiveness of other controls (e.g., general technology controls); and The evidence of the operation of the control from prior years. Segregation of Duties* *Source: Fraud-Related Internal Controls - ACFE 26
27 Information & Communication 13. Uses relevant information 14. Communicates internally 15. Communicates externally Information & Communication Principle 13 Uses relevant information Identifies information requirements Captures internal and external sources of data Processes relevant data into information Maintains quality throughout processing Considers costs and benefits 27
28 Information & Communication Principle 14 Communicates internally Communicates internal control information Communicates with the board of directors Provides separate communication lines Selects relevant method of communication Information & Communication Principle 15 Communicates externally Communicates to external parties Enables inbound communications Communicates with the board of directors Provides separate communication lines Selects relevant method of communication 28
29 Monitoring Activities 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies Monitoring Activities Principle 16 Conducts ongoing and/or separate evaluations Considers a mix of ongoing and separate evaluations Considers rate of change Establishes baseline understanding Uses knowledgeable personnel Integrates with business processes Adjusts scope and frequency Objectively evaluates 29
30 Monitoring Activities Principle 17 Evaluates and communicates deficiencies Assesses results Communicates deficiencies to parties responsible for corrective action and to senior management and the board of directors Monitors corrective actions Additional Resource: The GAO Green Book 30
31 The Green Book Standards for Internal Control in the Federal Government Published by the United State Government Accountability Office (GAO) Publisher of GAGAS, or the Yellow Book Last published in 1999 New edition published September 10, 2014 The Green Book Green Book vs. COSO Same 5 Components as COSO Same 17 Principles as COSO 47 Attributes vs. 83 Points of Focus Attributes geared toward application governmental environment 31
32 The Green Book Harmonization with COSO Example COSO (Principle 2) The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Green Book (Principle 2) The oversight body should oversee the entity s internal control system. Transition and Impact of New COSO Model 32
33 Impact of New COSO Model New COSO Framework issued 5/14/13 Effective upon issuance Transition period through 12/15/14 No specific requirements, but standards encourage transition as soon as feasible Process/Plan in place Not necessarily changes to controls Mapping existing controls to model Consideration as part of 9/30/14 and subsequent audits Awareness of New COSO Model Updates/Assessments Performed under New Model Implementation Considerations Most common areas of weakness or lacking in controls: Risk Assessment Monitoring Focus on Key Objectives Then most important/relevant controls Focus on Higher-risk Areas Controls to mitigate higher risks are much more important than low-risk areas Consider Overlapping Risks and Objectives May present opportunity for efficiency 33
34 Internal Controls Start with Education Individuals must understand and believe in internal controls Those Charged with Governance Management/Department Heads Accounting All Other Departments Staff Accounting All Other Departments Education Opportunities Orientation and Training External Speakers (i.e. auditors) Resources COSO Framework (for purchase) Green Book Your Auditors Google 34
35 Questions Zach Chalifour, CPA Senior Manager James Moore, CPAs ext
COSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting
in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 SIGNIFICANT CHANGES AFFECTING INTERNAL CONTROL
More informationCOSO Internal Control Integrated Framework (2013)
COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationEnterprise Risk Management
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
More informationInternal Control Integrated Framework. May 2013
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
More information2015-16 Internal Control Questionnaire and Assessment
Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 9, 2015 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org TABLE
More informationCOSO Framework 2013 & SOX Compliance. Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013
COSO Framework 2013 & SOX Compliance Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013 What s Happened On May 14, 2013, after a little more than 20 years the Committee of Sponsoring
More informationInternal Controls: Documentation and Testing What the Auditor Is Looking For
What the Auditor Is Looking For Presented by: Dennis F. Dycus, CPA, CFE, CGFM, Director Office of the Comptroller of the Treasury Division of Municipal Audit TAUD Administrative Professional s Conference
More informationAn Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements
Examination of an Entity s Internal Control 1403 AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:
More informationGuide to Internal Control Over Financial Reporting
Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationCOSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP
COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP Disclaimer The material appearing in this presentation is for informational purposes only and should not be construed
More information7/22/2014. From Treadway To the Cube (1987 2014) So, Who is COSO? What Does COSO Do?
From Treadway To the Cube (1987 2014) National Society of Accountants for Cooperatives (NSAC) CLAconnect.com Instructor: Ron Durkin, CPA/CFF, CFE, CIRA National Principal in Charge Fraud & Misconduct Investigations
More informationUnderstanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
Understanding the Entity and Its Environment 1667 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55.) Source: SAS No. 109.
More informationAN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF VIEWS AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN
More informationINTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS
INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS Paragraphs Introduction... 1-3 Characteristics of Fraud...
More informationTable of Contents: Chapter 2 Internal Control
Table of Contents: Chapter 2 Chapter 2... 2 2.1 Establishing an Effective System... 2 2.1.1 Sample Plan Elements... 5 2.1.2 Limitations of... 7 2.2 Approvals... 7 2.3 PCard... 7 2.4 Payroll... 7 2.5 Reconciliation
More informationFraud Prevention and Deterrence
Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining
More informationINTERNATIONAL STANDARD ON AUDITING 240 THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS
INTERNATIONAL STANDARD ON 240 THE AUDITOR S RESPONSIBILITIES RELATING TO (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction
More informationThe Updated COSO Internal Control Framework. Frequently Asked Questions
The Updated COSO Internal Control Framework Frequently Asked Questions Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing thought leadership
More informationFebruary 2015. Sample audit committee charter
February 2015 Sample audit committee charter Sample audit committee charter This sample audit committee charter is based on observations of selected companies and the requirements of the SEC, the NYSE,
More informationINTERNATIONAL STANDARD ON REVIEW ENGAGEMENTS 2410 REVIEW OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY CONTENTS
INTERNATIONAL STANDARD ON ENGAGEMENTS 2410 OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY (Effective for reviews of interim financial information for periods beginning
More informationWHITE PAPER INTERNAL CONTROL WITH ADRA
WHITE PAPER INTERNAL CONTROL WITH ADRA About this document The purpose of this document is to discuss Internal Control and how Adra products supports ERM (Enterprise Risk Management), Internal Control
More informationCommunicating Internal Control Related Matters Identified in an Audit
Communicating Internal Control 1843 AU Section 325 Communicating Internal Control Related Matters Identified in an Audit (Supersedes SAS No. 112.) Source: SAS No. 115. Effective for audits of financial
More informationAudit Quality Thematic Review
Thematic Review Professional discipline Financial Reporting Council January 2014 Audit Quality Thematic Review Fraud risks and laws and regulations The FRC is responsible for promoting high quality corporate
More informationGAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.
GAO United States General Accounting Office Internal Control November 1999 Standards for Internal Control in the Federal Government GAO/AIMD-00-21.3.1 Foreword Federal policymakers and program managers
More informationInternal Controls and Fraud Detection & Prevention. Harold Monk and Jennifer Christensen
Internal Controls and Fraud Detection & Prevention Harold Monk and Jennifer Christensen 1 Common Fraud Statements Everyone in government has an honest and charitable heart. It may happen other places,
More informationEnterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM
Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied
More informationCOSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE
COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,
More informationGAO. Government Auditing Standards. 2003 Revision. By the Comptroller General of the United States. United States General Accounting Office.
GAO United States General Accounting Office By the Comptroller General of the United States June 2003 Government Auditing Standards 2003 Revision GAO-03-673G GAO United States General Accounting Office
More informationInternal Controls Best Practices By Jennifer Downs, CPA Benefit Audit Group, LLC
Internal Controls Best Practices By Jennifer Downs, CPA Benefit Audit Group, LLC Internal control consists of: Entity level controls these controls relate to the overall control environment and can potentially
More informationSummary of Internal Control-Integrated Framework by COSO:
Summary of Internal Control-Integrated Framework by COSO: COSO stands for Commission of Sponsoring Organizations a private commission chartered to research and report on improving quality of financial
More informationORDINANCE 16-22 AN ORDINANCE ESTABLISHING INTERNAL CONTROL STANDARDS AND ESTABLISHING A MATERIALITY THRESHOLD
ORDINANCE 16-22 ] AN ORDINANCE ESTABLISHING INTERNAL CONTROL STANDARDS AND ESTABLISHING A MATERIALITY THRESHOLD WHEREAS, The City ofwestfield, ("City") is a duly formed municipal corporation within the
More informationINTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS
INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 Introduction THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS (Effective for audits of financial statements for
More informationInternal Controls and Risk Management Report
42 Internal Controls and Risk Management Report Responsibility Our Board of Directors has the overall responsibility to ensure that sound and effective internal controls are maintained, while management
More informationAdministrative Guidelines on the Internal Control Framework and Internal Audit Standards
Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page
More informationCOSO 2013 Internal Control Framework
COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1 Who/What
More informationThe Advanced Certificate in Performance Audit for International and Public Affairs Management. Workshop Overview
The Advanced Certificate in Performance Audit for International and Public Affairs Management Workshop Overview Performance Audit What is it? We will discuss the principles of performance audit. The session
More informationCITY OF BURLINGTON COSO FRAMEWORK & COMPLIANCE
CITY OF BURLINGTON COSO FRAMEWORK & COMPLIANCE Points of Focus Principle 1. The organization demonstrates a commitment to integrity and ethical values. Supporting Points of Focus:* Sets the tone at the
More informationInternal Financial Controls
Internal Financial Controls Who All Are Responsible? 3 What is Internal Financial Control (IFC)? 5 What is Internal financial controls over financial reporting (ICFR)? Internal Controls Global Perspective
More information[300] Accounting and internal control systems and audit risk assessments
[300] Accounting and internal control systems and audit risk assessments (Issued March 1995) Contents Paragraphs Introduction 1 12 Inherent risk 13 15 Accounting system and control environment 16 23 Internal
More informationFinancial Services Group
Fraud Detection and Prevention Presented by: Carrie Kennedy, CPA, Partner Anthony Porter, CPA, Manager 1 The material appearing in this presentation is for informational purposes only and should not be
More informationFraud Control Theory
13 Fraud Control Theory Using a variation of a saying from the 1960s, fraud happens. Like all costs of doing business, fraud must be managed. Management must recognize that people commit fraudulent acts
More informationThe auditors responsibility to consider fraud in an audit of financial statements
The auditors responsibility to consider fraud in an audit of financial statements Audit in a nutshell Reality Picture (= financial statements) Balance sheet Assets Liabilities Equity Process Detection
More informationThe Updated COSO Internal Control Framework
The Updated COSO Internal Control Framework Frequently Asked Questions Second Edition Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing
More informationA LAYPERSON S GUIDE INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR)
A LAYPERSON S GUIDE TO INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR) Prepared by Kayla J. Gillan, Member of the Public Company Accounting Oversight Board For The Council of Institutional Investors Annual
More informationTransmittal Letter... 1. Objectives and Scope... 2. Approach... 3-7. Financial System... 8. Permitting Application... 9
Internal Audit Committee of Information Technology Risk Assessment Public Report Prepared By: Internal Auditors of Brevard County September 30, 2009 Table of Contents Transmittal Letter... 1 Objectives
More informationTransAlta Corporation Energy Trading Compliance Program Assessment
www.pwc.com/ca Energy Trading Compliance Program Assessment Disclaimer We prepared this report based on information available at the time of its preparation. Our observations and conclusions are based
More information[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06]
SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting
More informationFraud Issues in Local Government
Fraud Issues in Local Government CMTA Annual Conference April 24, 2009 Justin Williams, CPA, CVA Fraud Triangle In normal circumstances, all three factors must be present Pressures Opportunity Rationalization
More informationPerforming Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained
Performing Audit Procedures in Response to Assessed Risks 1781 AU Section 318 Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Supersedes SAS No. 55.)
More informationRISK ASSESSMENT CHECKLIST
RISK ASSESSMENT CHECKLIST Provided By The Office of the Georgia State Inspector General Produced In Cooperation With The Governor s Office of Texas Fraud Risk Assessment Checklist Performing an agency
More informationInternal Control Guide for Managers
Internal Control Guide for Managers Office of the Comptroller Commonwealth of Massachusetts Table of Contents Section I Internal Control Overview 2 Chapter One: Introduction 3 A. Purpose of the Internal
More informationThe Auditor s Responsibilities Relating to Fraud in an Audit of Financial Statements
ISA 240 February 2008 International Standard on Auditing The Auditor s Responsibilities Relating to Fraud in an Audit of Financial Statements INTERNATIONAL STANDARD ON AUDITING 240 The Auditor s Responsibilities
More informationFebruary 2015. Audit committee performance evaluation
February 2015 Audit committee performance evaluation Audit committee performance evaluation The following questionnaire is based on emerging and leading practices to assist in the self-assessment of an
More informationUniversity Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment
Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need
More informationMajor IT Projects: Continue Expanding Oversight and Strengthen Accountability
Secretary of State Audit Report Jeanne P. Atkins, Secretary of State Gary Blackmer, Director, Audits Division Major IT Projects: Continue Expanding Oversight and Strengthen Accountability Summary Information
More informationFundamental Principles of Financial Auditing
ISSAI 200 ISSAI The 200 International Fundamental Standards Principles of Supreme of Financial Audit Institutions, Auditing or ISSAIs, are issued by INTOSAI, the International Organisation of Supreme Audit
More informationThe Role of Internal Audit in Risk Governance
The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any
More informationAUDITOR INDEPENDENCE, AUDIT COMMITTEE QUALITY AND INTERNAL CONTROL
Finances - Accounting AUDITOR INDEPENDENCE, AUDIT COMMITTEE QUALITY AND INTERNAL CONTROL WEAKNESSES Prof. Sorinel Domni oru Ph.D Assist. Sorin-Sandu Vîn toru, PhD Student University of Craiova Faculty
More informationGuidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationConsideration of Fraud in a Financial Statement Audit
Consideration of Fraud in a Financial Statement Audit 1719 AU Section 316 Consideration of Fraud in a Financial Statement Audit (Supersedes SAS No. 82.) Source: SAS No. 99; SAS No. 113. Effective for audits
More informationJapanese Guidelines for Internal Control Reporting Finalized Differences in Requirements Between the U.S. Sarbanes-Oxley Act and J-SOX
FLASH REPORT Japanese Guidelines for Internal Control Reporting Finalized Differences in Requirements Between the U.S. Sarbanes-Oxley Act and On February 15, 2007, the Business Accounting Council of the
More informationSharon Kurek, CPA, CFE Director of Internal Audit
Sharon Kurek, CPA, CFE Director of Internal Audit What You Will Take Aware With You Definition of Internal Auditing Scope of Audit Activities Risk and Control Process Common Audit Topics Fraud Awareness
More informationPRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES
PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES A. THE ROLE OF THE BOARD OF DIRECTORS 1. Direct the Affairs of the Corporation for the Benefit of Shareholders The Prudential board
More information2016 Audit service S plan North Simcoe Muskoka Local Health Integration Network
2016 Audit service S plan North Simcoe Muskoka Local Health Integration Network For the year ending March 31, 2016 To be presented to the Audit Committee January 12, 2016 Deloitte LLP 5140 Yonge Street
More informationINTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS
INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING (Effective for audits of financial statements for periods beginning on or after December 15, 2005. The Appendix contains
More informationEURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS
D2725D-2013 EURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS Version: 1 October 2013 1. Objectives The European Money Markets Institute EMMI previously known as Euribor-EBF, as Administrator for the Euribor
More informationGUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES
20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal
More informationACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document.
Internal Control ACCA P1 Internal Control Turnbull Report 1999 provided guidance for creating strong internal control system and later incorporated into Combined code, it was last revised in 2005 and still
More informationControl Environment Questionnaire
Control Environment Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks INTEGRITY AND ETHICAL VALUES Management must convey the message that integrity and ethical values cannot be
More informationLauren Sundararajan, CFE, Internal Audit Manager
Interdepartmental Correspondence Sheet Date: June 17, 2016 To: From: Copies to: Subject: Harry Black, City Manager Lauren Sundararajan, CFE, Internal Audit Manager Internal Audit Committee Reginald Zeno,
More informationINTERNATIONAL FRAMEWORK FOR ASSURANCE ENGAGEMENTS CONTENTS
INTERNATIONAL FOR ASSURANCE ENGAGEMENTS (Effective for assurance reports issued on or after January 1, 2005) CONTENTS Paragraph Introduction... 1 6 Definition and Objective of an Assurance Engagement...
More informationHow To Understand The Role Of An Internal Audit
Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1
More informationService Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard
Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,
More informationCompliance Audits 2463. Effective for compliance audits for fiscal periods ending on or after June 15, 2010. Earlier application is permitted.
Compliance Audits 2463 AU Section 801 Compliance Audits (Supersedes SAS No. 74.) Source: SAS No. 117. Effective for compliance audits for fiscal periods ending on or after June 15, 2010. Earlier application
More information) ) ) ) ) ) ) ) ) ) ) ) OBSERVATIONS ON AUDITORS' IMPLEMENTATION OF PCAOB STANDARDS RELATING TO AUDITORS' RESPONSIBILITIES WITH RESPECT TO FRAUD
1666 K Street, NW Washington, D.C. 20006 Telephone: (202 207-9100 Facsimile: (202862-8430 www.pcaobus.org OBSERVATIONS ON AUDITORS' IMPLEMENTATION OF PCAOB STANDARDS RELATING TO AUDITORS' RESPONSIBILITIES
More informationHow To Comply With The Law Of The Firm
A Firm s System of Quality Control 2523 QC Section 10 A Firm s System of Quality Control (Supersedes SQCS No. 7.) Source: SQCS No. 8. Effective date: Applicable to a CPA firm s system of quality control
More informationAudit Quality Assurance Policies. Auditor-Controller/Treasurer-Tax Collector. Financial Reporting and Audits Division. Audit Unit
Auditor-Controller/Treasurer-Tax Collector Financial Reporting and Audits Division Audit Unit Table of Contents Introduction... 1 Ethical principles... 1 Independence... 2 Competency... 3 Acceptance and
More informationSUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT
SUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT Bank of Guyana July 1, 2009 TABLE OF CONTENTS 1.0 Introduction 2.0 Management
More informationFRAUD RISK & INTERNAL AUDIT
FRAUD RISK & INTERNAL AUDIT ACFE & November 12, 2014 Mark P. Ruppert, CPA, CIA, CISA, CHFP, CHC, ACS, Director, Internal Audit Fraud Defined Fraud Risk Why Care / Why Assess Fraud Risk? What is Fraud Risk?
More informationJosephine Mathias. Kenneth J. Horowitz Phone: 609-586-4800 Ext. 3468 e-mail: horowitk@mccc.edu
ACC204 Auditing Administrative Outline Course Information Organization Mercer County Community College Course Number ACC204 Credits 3 Lecture/Lab 3/1 Catalog Description Investigation into and application
More informationGAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports
GAO United States Government Accountability Office Report to the Committee on Armed Services, U.S. Senate December 2011 DEFENSE CONTRACT AUDITS Actions Needed to Improve DCAA's Access to and Use of Defense
More informationAUDIT REPORT PERFORMANCE AUDIT OF COMMUNITY HEALTH AUTOMATED MEDICAID PROCESSING SYSTEM (CHAMPS) CLAIMS EDITS
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT PERFORMANCE AUDIT OF COMMUNITY HEALTH AUTOMATED MEDICAID PROCESSING SYSTEM (CHAMPS) CLAIMS EDITS DEPARTMENT OF COMMUNITY HEALTH AND DEPARTMENT OF TECHNOLOGY,
More informationLGMA Qld Governance and Corporate Planning Village Forum
www.pwc.com.au Fraud Risk Management Fraud Risk Assessments LGMA Qld Governance and Corporate Planning Village Forum March 2015 Agenda Introductions Fraud Risk Management Fraud Statistics s Global Economic
More informationFraud and Role of Information Technology. September 2008
Fraud and Role of Information Technology September 2008 Agenda IT Value Proposition Slide 2 Prior Interpretations of Internal Control Structure Have Addressed Three Separate Parts Which Were Audited Somewhat
More informationSTANDING ADVISORY GROUP MEETING
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org REASONABLE ASSURANCE OCTOBER 5-6, 2005 Introduction The Board's interim auditing standards 1/
More informationConsideration of Fraud in a Financial Statement Audit
Consideration of Fraud in a Financial Statement Audit 151 AU-C Section 240 Consideration of Fraud in a Financial Statement Audit Source: SAS No. 122; SAS No. 128. Effective for audits of financial statements
More informationAudit Committee Oversight of Foreign Operations. November 2014
Audit Committee Oversight of Foreign Operations November 2014 The Issue External auditor oversight can be a challenge for audit committees of reporting issuers with operations in foreign jurisdictions.
More informationInternal Audit Framework
Internal Audit Framework Internal Audit Framework National Treasury Republic of South Africa March 2009 (2 nd Edition) The Internal Audit Framework is being provided as a service to the Public Service.
More informationCommunicating Internal Control Related Matters Identified in an Audit
Communicating Internal Control Related Matters 227 AU-C Section 265 Communicating Internal Control Related Matters Identified in an Audit Source: SAS No. 122; SAS No. 125; SAS No. 128. See section 9265
More informationReport on. 2015 Inspection of Deloitte AS (Headquartered in Oslo, Kingdom of Norway) Public Company Accounting Oversight Board
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2015 (Headquartered in Oslo, Kingdom of Norway) Issued by the Public Company Accounting
More informationOn the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal
(Provisional translation) On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) Released on
More informationEnterprise Risk Management Best Practices. From Assessment to Ongoing Compliance. Wiley Corporate F&A
Brochure More information from http://www.researchandmarkets.com/reports/2243175/ Enterprise Risk Management Best Practices. From Assessment to Ongoing Compliance. Wiley Corporate F&A Description: High-level
More informationOklahoma Workers Compensation Commission
OPERATIONAL AUDIT Oklahoma Workers Compensation Commission For the period February 1, 2014 through June 30, 2015 Oklahoma State Auditor & Inspector Gary A. Jones, CPA, CFE Audit Report of the Oklahoma
More informationGAO. Government Auditing Standards. 2011 Revision. By the Comptroller General of the United States. United States Government Accountability Office
GAO United States Government Accountability Office By the Comptroller General of the United States December 2011 Government Auditing Standards 2011 Revision GAO-12-331G GAO United States Government Accountability
More informationEnterprise Risk Management Program at HCA. ERM Roundtable. February 25, 2005 HCA. David Hughes, CPA, CIA AVP, ERM Office
Enterprise Risk Management Program at ERM Roundtable February 25, 2005 David Hughes, CPA, CIA AVP, ERM Office Agenda 1. 1. Overview of of 2. 2. Evolution of of our ERM Program 3. 3. Risk Identification
More informationBuilding an Audit Trail in an Oracle EBS Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA
Building an Audit Trail in an Oracle EBS Environment Presented by: Jeffrey T. Hare, CPA CISA CIA Webinar Logistics Hide and unhide the Webinar control panel by clicking on the arrow icon on the top right
More informationIs There Anyway to Prevent Fraud? Bill Gady, CGA CPA Partner
Is There Anyway to Prevent Fraud? Bill Gady, CGA CPA Partner Learning Objectives: Understand how fraud can occur Learn procedures you can implement to prevent fraud Learn how to detect fraud Common Situations
More informationSTATE OF WEST VIRGINIA HIGHER EDUCATION POLICY COMMISSION
STATE OF WEST VIRGINIA HIGHER EDUCATION POLICY COMMISSION REVENUE REFUNDING BONDS (HIGHER EDUCATION FACILITIES), COMBINED SPECIAL-PURPOSE FINANCIAL STATEMENTS - MODIFIED CASH Years Ended CliftonLarsonAllen
More information