2013 COSO Framework Overview September 17, 2014
|
|
- Collin Marshall
- 7 years ago
- Views:
Transcription
1 2013 COSO Framework Overview September 17, 2014
2 With You Today Roger A. Martinez, CPA Assurance Partner Vasquez & Company LLP Los Angeles, CA Vasquez at a Glance Vasquez serving government agencies in California for over 40 years. Vasquez audit team partners and managers are former Big Four audit professionals. Consistently ranked among the top accounting firms in Los Angeles County as reported by the Los Angeles Business Journal. We provide the guidance and support for companies undertaking their first SOX compliance effort, helping them avoid a process that s long, tedious and costly. We can help with selecting an appropriate compliance framework, internal controls documentation, a readiness assessment, or a fully outsourced compliance solution. 2
3 COSO Overview The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five sponsoring organizations formed in 1985 Provides thought leadership through the development of frameworks and guidance on: - Internal control - Enterprise risk management - Fraud Designed to improve organizational performance and governance, and to reduce the extent of fraud in organizations Released original Internal Control-Integrated Framework in 1992 which has become the most widely used control framework used in management s SOX assertion. 3
4 Why the COSO Framework was updated Framework updates driven by changes in business and operating environments Environment changes Expectations for governance oversight Globalization of markets and operations Changes and greater complexity in business Demands and complexities in laws, rules, regulations, and standards Expectations for competencies and accountabilities Use of, and reliance on, evolving technologies Expectations relating to preventing and detecting fraud 4
5 Enhancements to the COSO Framework Heightened focus on entity-level controls, technology and fraud prevention / detection Original Framework COSO s Internal Control Integrated Framework (1992 Edition) Refresh Objectives Reflects changes in business & operating environments Expand operations and reporting objectives Articulates principles to facilitate effective internal control Enhancements Updated Context Broadens Application Clarifies Requirements Updated Framework COSO s Internal Control Integrated Framework (2013 Edition) 5
6 Overview of what is and is not changing Update expected to increase ease of use and broaden application What is not changing What is changing Core definition of internal control Three categories of objectives and five components of internal control Each of the five components of internal control are required for effective internal control Important role judgment in designing, implementing and conducting internal control, and in assessing its effectiveness Changes in business and operating environments considered Operations and reporting objectives expanded Fundamental concepts underlying five components articulated as principles with points of focus as additional guidance Additional approaches and examples relevant to operations, compliance, and non-financial reporting objectives added 6
7 Introduction of principles The 17 principles are necessary for effective internal control Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability Risk Assessment 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant changes Control Activities Information & Communication Monitoring Activities 10.Selects and develops control activities 11.Selects and develops general controls over technology 12.Deploys through policies and procedures 13.Uses relevant information 14.Communicates internally 15.Communicates externally 16.Conducts ongoing and/or separate evaluations 17.Evaluates and communicates deficiencies 7
8 Impact of adopting the updated Framework In addition to the 17 principles, the updated Framework contains more guidance on how technology relates to an entity s internal control structure. The 1992 Framework included many concepts directly relevant for technologies of the time. Since then the technology has rapidly evolved from not only something embraced by the largest and most advanced companies to a foundation block of nearly all companies. The 2013 Framework includes more focus on technology throughout the components of internal control as well as broader focus on the impact of technology on the internal control structure rather than on the specific types of technology. Because more companies are outsourcing key portions of their business activities or control systems to third parties, the updated Framework also includes expanded guidance and considerations related to outside resources, such as third-party processors. The updated Framework also expands the reporting aspect of internal control to consider more than just financial reporting of non-financial information and internal reporting. 8
9 Impact of adopting the updated Framework Finally, the advances in technology and communications have increased the reach of many companies both from a supply and development side and in sales or service delivery. For many entities, local or national boarders no longer serve as significant barriers. Rather, businesses are increasingly conducted on a multi-location or global basis. The 2013 Framework includes additional guidance and consideration for businesses operating in these environments: Illustrative Tools for Assessing Effectiveness of a System of Internal Control Internal Control over External Financial Reporting: A Compendium of Approaches and Examples 9
10 Impact of adopting the updated Framework Monitoring has ben changed to Monitoring Activities. This change is intended to broaden the perception of monitoring as a service of activities undertaken individually and as part of each of the other four components, rather than as one unique process. Financial Reporting has been changed to Reporting. This change is intended to broaden the application of the Framework not only to external financial reporting as it has often been applied, but also to include internal reporting as well as external reporting of non-financial measures. 10
11 Impact of adopting the updated Framework Along the right side of the cube, the organization structure has been changed to align with COSO s Enterprise Risk Management Integrated Framework (ERM Framework) and also better illustrate that an effective internal control structure permeates an entire organization at all functional levels both independently and interdependently. It is also important to note that while there was consideration of combining the Internal Control Integrated Framework with the ERM Framework, the two remain separate, but interrelated. Internal control is an integral part of enterprise risk management, however, risk management encompasses a broader role than internal control in supporting the entity s governance structure. 11
12 Example principle and related points of focus Control Environment 1. Demonstrates commitment to integrity and ethical values Point of Focus: Sets the tone at the top Establishes standards of conduct Evaluates adherence to standards of conduct Addresses deviations in a timely manner Points of focus are typically important characteristics of principles that can be used to facilitate designing, implementing, and conducting internal control There is no requirement to separately assess whether points of focus are in place Points of focus may not be suitable or relevant, and others may be identified Points of focus may facilitate designing, implementing, and conducting internal control 12
13 Example of controls embedded in other internal control components Component Principle Control Environment 1. Demonstrates commitment to integrity and ethical values Controls embedded in other components may effect this principle Human Resources review employees confirmations to assess whether standards of conduct are understood and adhered to by staff across the entity Management obtains and reviews data and information underlying potential deviations captured in whistleblower hot-line to assess quality of information Internal Audit separately evaluates Control Environment, considering employees behaviors and whistleblower hotline results and reports thereon Control Environment Information & Communication Monitoring Activities 13
14 Impact of adopting the updated Framework Initiate level of effort will vary by organization depending on their existing level of documentation, stakeholder involvement and locations Provides flexibility in applying the Framework to multiple, overlapping objectives across the entity Easier to see what is covered and what is missing May reduce likelihood of considering controls that are irrelevant May reduce the number of discrete risks assessed and mitigated Potential for initial deficiencies if the system of internal control does not address each of the principles Heightened focus on entity-wide controls provides a platform for addressing increased entity-level scrutiny from authoritative bodies (e.g. SEC, PCAOB, AICPA) 14
15 Impact of adopting the updated Framework Understand the Framework Identify key stakeholders Awareness / education / training Map existing controls to principles Gap analysis / remediation Update documentation Timing considerations Updated Framework will supersede original Framework on December 15, 2014 Earlier implementation encourage During the transition external reporting should disclose which version of the Framework was used 15
16 Impact of adopting the updated Framework Implementing the 2013 Framework Entity-level control initiatives Provide COSO overview or training Governance, risk and compliance Identify stakeholders impacted by transition Map existing controls to the principles Update project tools, templates, documentation Prepare gap analysis Assist with developing remediation plan Enterprise risk management Information technology IT security and privacy Fraud prevention and detection Regulatory issues (e.g. FCPA) Addressing increased entity-level focus by authoritative bodies (e.g. SEC, PCAOB, AICPA) 16
17 Checklist for implementing the 2013 COSO Framework The Committee of Sponsoring Organizations of the Treadway Commission (COSO) recently issued its updated Internal Control- Integrated Framework (Framework) and related illustrative documents. This update contains a number of changes that may significantly impact public companies and other organizations utilizing the COSO Framework, changing the way they approach internal controls, including implementation, monitoring and reporting. The updated 2013 Framework will supersede the original guidelines on Dec. 15, 2014, with earlier implementation strongly encouraged. The checklist below is a useful tool to guide you through the implementation process. 17
18 Checklist Understanding the 2013 COSO Framework Task: Notes and action items: Timing: Read and become familiar with the 2013 COSO Framework, including the following changes: The linking of 17 Principles and 81 Points of Focus to the five components of internal control Enhanced consideration of governance, information technology and anti-fraud Updated reporting objectives Introduction of major deficiencies Leverage McGladrey resources: Contact us for a personalized overview or implementation assistance View our COSO Framework update webcast View our white paper, An overview of COSO s 2013 Internal Control-Integrated Framework Leverage COSO website resources: Framework guidance Books and other publications Sample templates News Leverage Institute of Internal Auditors (IIA) website resources: COSO resources Articles, books and reports Training and events News Develop initial project implementation plan and timeline for implementing the 2013 Framework 18
19 Checklist Identifying key stakeholders Task: Notes and action items: Timing: Internal audit Sarbanes-Oxley (SOX) team Audit committee members External auditor SOX steering committee Senior leadership Departmental or functional leadership and management team IT Process owners Third parties and outsourced service providers Personnel involved with anti-fraud programs International locations in scope, if not included above Update project implementation plan and timeline 19
20 Checklist Awareness, education and training Task: Notes and action items: Timing: Develop communication plan to bring awareness of the 2013 Framework changes to key stakeholders Prepare and distribute relevant communications to key stakeholders at key milestones throughout the implementation to keep them informed and engaged Provide training to the internal audit team Provide education and training to key stakeholders Maintain archive of key communications and trainings for future reference by key stakeholders 20
21 Checklist Map existing controls to 2013 Framework principles Task: Notes and action items: Timing: Map existing controls to applicable principles Identify gaps and prepare remediation plans Collaborate with the external auditor throughout the process Continue to update project implementation plan and timeline Gap analysis and remediation plan Task: Notes and action items: Timing: Assign to applicable stakeholders Monitor and update Report status to relevant stakeholders 21
22 Checklist Update methodology, tools, templates and relative documentation Task: Notes and action items: Timing: Methodology and approach guide Repository Templates library Documentation: Risk and control matrices Narratives and flow charts Test scripts Gap analysis and remediation plans Reporting packages: Internal audit Audit committee External audit Leadership and management External Update external reporting (e.g., 10Q, 10K) to reflect usage of the 2013 Framework 22
23 Checklist Additional items Task: Notes and action items: Timing: 23
24 Control Environment Five principles related to the control environment are introduced in the 2013 Framework 1. The organization demonstrates a commitment to integrity and ethical values. 2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. 3. Management establishes, with broad oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. 24
25 Point of Focus control environment Principle 1. Demonstrates commitment to integrity and ethical values Sets the tone at the top Establishes standards of conduct Evaluates adherence to standards of conduct Addresses deviations in a timely manner Principle 2. Exercises oversight responsibility Establishes oversight responsibilities Applies relevant expertise Operates independently Provides oversight for the system of internal control Principle 3. Establishes structure, authority and responsibility Considers all structures of the entity Establishes reporting lines Defines, assigns, and limits authorities and responsibilities Principle 4. Demonstrates commitment to competence Establishes policies and practices Evaluates competence and addresses shortcomings Attracts, develops, and retains individuals Plans and prepares for succession Principle 5. Enforces accountability Enforces accountability through structures, authorities, and responsibilities Establishes performance measures, incentives, and rewards Evaluates performance measures, incentives, and rewards for ongoing relevance Considers excessive pressures Evaluates performance and rewards or disciplines individuals 25
26 Risk Assessment Four principles are introduced related to risk assessment: 6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risk relating to objectives. 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risk as a basis for determining how the risks should be managed. 8. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 9. The organization identifies and assess changes that could significantly impact the system of internal control 26
27 Point of focus risk assessment Principle 6. Specifies suitable objectives Operations objectives Reflects management s choices Considers tolerances for risk Includes operations and financial performance goals Forms a basis for committing resources External financial reporting objectives Complies with applicable accounting standards Considers materiality Reflects entity activities External non-financial reporting objectives Complies with externally established standards and frameworks Considers the required level of precision Reflects entity activities Internal reporting objectives Reflects management s choices Considers the required level of precision Reflects entity activities Compliance objectives Reflects external laws and regulations Considers tolerances for risk Principle 7. Identifies and analyzes risk Includes entity, subsidiary, division, operating unit, and functional levels Analyzes internal and external factors Involves appropriate levels of management Estimates significance of risks identified Determines how to respond to risks Principle 8. Assesses fraud risk Considers various types of fraud Assesses incentive and pressures Assesses opportunities Assesses attitudes and rationalizations Principle 9. Identifies and analyzes significant change Assesses change in the external environment Assesses change in the business model Assesses change in leadership 27
28 Control Activities Three principles are introduced related to control activities: 10. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 11. The organization selects and develops general control activities over technology to support the achievement of objectives. 12. The organization deploys control activities through policies that establish what is expected and procedures that put policies into action. 28
29 Point of focus control activities Principle 10. Selects and develops control activities Integrates with risk assessment Considers entity-specific factors Determines relevant business processes Evaluates a mix of control activity types Considers at what level activities are applied Addresses segregation of duties Principle 11. Selects and develops general controls over technology Principle 12. Deploys through policies and procedures Establishes policies and procedures to support deployment of management s directives Establishes responsibility and accountability for executing policies and procedures Performs in a timely manner Takes corrective action Performs using competent personnel Reassesses policies and procedures Determines dependency between the use of technology in business processes and technology general controls Establishes relevant technology infrastructure control activities Establishes relevant security management process control activities Establishes relevant technology acquisition, development, and maintenance process control activities 29
30 Information and Communication Three principles are introduced related to information and communication: 13. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. 14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. 15. The organization communicates with external parties regarding matters affecting the functioning of internal control. 30
31 Point of focus information and communication Principle 13. Uses relevant information Identifies information requirements Captures internal and external sources of data Processes relevant data into information Maintains quality throughout processing Considers costs and benefits Principle 15. Communicates externally Communicates to external parties Enables inbound communications Communicates with the board of directors Provides separate communication lines Selects relevant method of communication Principle 14. Communicates internally Communicates internal control information Communicates with the board of directors Provides separate communication lines Selects relevant method of communication 31
32 Monitoring Activities Two principles are introduced related to monitoring activities: 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. 17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. 32
33 Point of focus monitoring activities Principle 16. Conducts ongoing and/or separate evaluations Considers a mix of ongoing and separate evaluations Considers rate of change Establishes baseline understanding Uses knowledgeable personnel Integrates with business processes Adjusts scope and frequency Objectively evaluates Principle 17. Evaluates and communicates deficiencies Assesses results Communicates deficiencies Monitors corrective actions 33
34 Scalability for Smaller Entities For many smaller entities, when looking quickly through the points of focus it is evident that many will not be relevant to their operations. Focuses on multiple locations or business units quickly can be dismissed for singlelocation businesses. The 2013 Framework includes specific additional guidance related to smaller entities and governments. The following highlights consideration points related to segregation of duties, management override, board of directors, information technology, and monitoring activities for these entities. Key consideration factors for each area include: 34
35 Scalability for Smaller Entities - Segregation of Duties Managers can review reports of detailed transactions on a regular and timely basis Managers can select transactions for review to supporting documents Managers can take periodic counts of inventory, equipment or other physical assets and compare them with the accounting records Managers can review reconciliations of account balances or periodically perform them independently 35
36 Scalability for Smaller Entities - Management Override Maintain a corporate culture of integrity and ethical values Implement a whistle-blower program Engage an effective internal audit program Attract and retain qualified board members 36
37 Scalability for Smaller Entities - Board of Directors To find qualified board members, companies may expand their search to broader populations with financial and accounting and other valued expertise 37
38 Scalability for Smaller Entities - Information Technology The use of commercially developed software packages: Reduces risks from program changes control requirements May include the ability to control access to selected employees May perform checks on data processing completeness and accuracy May be able to maintain related documentation 38
39 Scalability for Smaller Entities - Monitoring Activities Smaller entities may have less formal monitoring processes, but should still take credit for the monitoring performed It is noted in the Framework that smaller entities often need less formal documentation because there are fewer people working closer together. Consequently, management may perform monitoring through direct observation. 39
40 Risk Assessment Enhanced Concepts 40
41 Risk Assessment Enhanced Concepts Principle 6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. Separates the financial reporting category into three objectives: (1) external financial reporting, (2) external nonfinancial reporting, and (3) internal reporting. 41
42 Risk Assessment Enhanced Concepts Cont. Principle 7 The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. Explains that the risk assessment process includes risk identification, analysis, and response. Incorporates the concept of inherent risk. Expands the discussion of risk tolerance and how risk may be managed, including by accepting, avoiding, reducing, and sharing risk. Considers velocity and persistence of risk (in addition to impact and likelihood). Incorporates consideration of OSPs. 42
43 Risk Assessment Enhanced Concepts Cont. Principle 8 The organization considers the potential for fraud in assessing risks to the achievement of objectives. Incorporates the concept of fraud risk assessment. Considerations related to various types of fraud, including fraudulent financial reporting, fraudulent nonfinancial reporting, misappropriation of assets, safeguarding of assets, management override, and corruption. Evaluating incentives, pressures, opportunities, attitudes, and rationalizations. Incorporates consideration of OSPs. 43
44 Risk Assessment Enhanced Concepts Cont. Principle 9 The organization identifies and assesses changes that could significantly impact the system of internal control. Importance of assessing changes in the external environment, business model, operations, technology, relationship with OSPs, leadership, and how such changes may affect internal control. 44
45 Risk Assessment Outsourced Service Providers 45
46 Risk Assessment - Outsourced Services Providers (OPSs) Risk identification must be comprehensive and take into account significant interactions between the organization and OSPs. An organization s risk assessment process takes into account risks originating in OSPs. The organization considers possible acts of corruption by OSPs during its fraud risk assessment, which should be based on the presumption that the entity s expected standards of ethical conduct are being adhered to. In assessing possible corruption, the entity is not expected to directly manage the actions of OSP personnel; however, management may stipulate expected levels of performance and standards of conduct through contractual relations and may develop control activities that maintain oversight of OSPs. Management assesses changes in relationships with OSPs to determine the relevancy of previously effective internal controls. 46
47 Risk Assessment Information Technology 47
48 Risk Assessment Information Technology Many organizations apply external IT standards to help manage their operations. Risks at the entity level can arise from internal or external IT factors. As part of its fraud risk assessment process, the organization should consider the nature of IT and management s ability to manipulate information. The likelihood of a loss of assets or fraudulent external reporting increases when there are: High turnover rates of IT staff. Ineffective IT systems. The organization identifies and assesses changes to IT to determine whether its system of internal control will need to be modified. 48
49 Example Controls for Risk Assessment 49
50 Risk Assessment - Controls Principle 6. The organization identifies and assesses changes to IT to determine whether its system of internal control will need to be modified. The organization links accounts, assertions and risks (can be accomplished through a risk assessment & control matrix). The organization sets as the entity s broad external financial reporting objective to prepare reliable financial statements in accordance with GAAP. Management subsequently specified the suitable financial reporting objectives and subobjectives for all significant accounts and activities, including accounting policies, financial statement assertions, and qualitative characteristics. Management assesses materiality of significant accounts, considering both quantitative and qualitative factors. Management reviews publications from professional bodies for updates in accounting pronouncements relevant to the business. Periodically, management presents to the audit committee an analysis of changes released or emerging issues that may significantly impact financial reporting and notes any significant differences from accounting policies of similar entities. Management reviews financial accounting policies and discusses significant accounting policies with the audit committee on an annual basis. 50
51 Risk Assessment - Controls Principle 6. The organization identifies and assesses changes to IT to determine whether its system of internal control will need to be modified. Management reviews and updates its understanding of applicable standards and statutory reporting requirements and communicates the update tot eh appropriate individuals / committees. Management reviews its financial statements on a monthly basis to ensure all significant activities are included and to analyze its various divisions for new developments and changes that may impact the organization. 51
52 Risk Assessment - Controls Principle 7 The organization analyzes risk across functions / departments and to significant financial statement accounts using pre-determined risk ratings. The organization analyses risk for information technology. The organization assesses the likelihood and significance of identified risks. The organization uses benchmark data to assess significance and response to risk. The organization analyzes risks from external factors. 52
53 Risk Assessment - Controls Principle 8 The organization analyzes fraud risk. The audit committee reviews the fraud risk assessment process and discusses the risk of management override of controls. The organization identifies and analyzes risk of material omission and misstatement due to fraud. The compensation committee analyzes the compensation structure. 53
54 Risk Assessment - Controls Principle 9 The organization analyzes change in the external environment and prepares contingency plans (such as decreases in donor contributions, etc.) The organization analyzes significant change from international exposure. The organization analyzes significant change from a system implementation or process change. The organization analyzes change through succession and plans for executive transition. 54
55 Questions? 55
56 Templates 1
57 Templates 2
58 Templates 3
59 Templates 4
60 Templates 5
61 Templates 6
62 Templates 7
63 Templates 8
64 Templates 9
65 Templates 10
66 Examples 11
67 Examples 12
68 Examples 13
69 Examples 14
70 Examples 15
71 Examples 16
72 Examples 17
73 Examples 18
74 Examples 19
75 Examples 20
76 Examples 21
77 Examples 22
78 Examples 23
Internal Control Integrated Framework. May 2013
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationCOSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting
in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 SIGNIFICANT CHANGES AFFECTING INTERNAL CONTROL
More informationCOSO Internal Control Integrated Framework (2013)
COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)
More informationCOSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP
COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP Disclaimer The material appearing in this presentation is for informational purposes only and should not be construed
More informationCOSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE
COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationCOSO Framework 2013 & SOX Compliance. Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013
COSO Framework 2013 & SOX Compliance Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013 What s Happened On May 14, 2013, after a little more than 20 years the Committee of Sponsoring
More informationThe Updated COSO Internal Control Framework
The Updated COSO Internal Control Framework Frequently Asked Questions Second Edition Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing
More informationThe Updated COSO Internal Control Framework. Frequently Asked Questions
The Updated COSO Internal Control Framework Frequently Asked Questions Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing thought leadership
More information2015-16 Internal Control Questionnaire and Assessment
Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 9, 2015 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org TABLE
More informationEnterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM
Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied
More informationEnterprise Risk Management
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
More informationCOSO 2013 Internal Control Framework
COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1 Who/What
More informationFebruary 2015. Sample audit committee charter
February 2015 Sample audit committee charter Sample audit committee charter This sample audit committee charter is based on observations of selected companies and the requirements of the SEC, the NYSE,
More informationAudit of the Policy on Internal Control Implementation
Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF
More informationA&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report
A&CS Assurance Review Accounting Policy Division Rule Making Participation in Standard Setting Report April 2010 Table of Contents Background... 1 Engagement Objectives, Scope and Approach... 1 Overall
More informationInternal Financial Controls
Internal Financial Controls Who All Are Responsible? 3 What is Internal Financial Control (IFC)? 5 What is Internal financial controls over financial reporting (ICFR)? Internal Controls Global Perspective
More informationThe 2013 COSO Framework & SOX Compliance
The 2013 COSO Framework & SOX Compliance ONE APPROACH TO AN EFFECTIVE TRANSITION By J. Stephen McNally, CPA The 2013 COSO Framework & SOX Compliance ONE APPROACH TO AN EFFECTIVE TRANSITION By J. Stephen
More informationUnderstanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
Understanding the Entity and Its Environment 1667 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55.) Source: SAS No. 109.
More informationFraud and Role of Information Technology. September 2008
Fraud and Role of Information Technology September 2008 Agenda IT Value Proposition Slide 2 Prior Interpretations of Internal Control Structure Have Addressed Three Separate Parts Which Were Audited Somewhat
More informationA Risk-Based Audit Strategy November 2006 Internal Audit Department
Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal
More information[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06]
SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting
More informationGuide to Internal Control Over Financial Reporting
Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).
More informationGAO. Government Auditing Standards. 2003 Revision. By the Comptroller General of the United States. United States General Accounting Office.
GAO United States General Accounting Office By the Comptroller General of the United States June 2003 Government Auditing Standards 2003 Revision GAO-03-673G GAO United States General Accounting Office
More informationService Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard
Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,
More informationTable of Contents: Chapter 2 Internal Control
Table of Contents: Chapter 2 Chapter 2... 2 2.1 Establishing an Effective System... 2 2.1.1 Sample Plan Elements... 5 2.1.2 Limitations of... 7 2.2 Approvals... 7 2.3 PCard... 7 2.4 Payroll... 7 2.5 Reconciliation
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationINTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404
INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404 OF THE U.S. SARBANES-OXLEY ACT OF 2002 May 26, 2004 Copyright 2004 by, 247 Maitland Avenue, Altamonte Springs, Florida, 32701-4201, USA Internal Auditing
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationAN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF VIEWS AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN
More informationEnterprise risk management: A pragmatic, four-phase implementation plan
Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com
More informationAuditor Attestation of Internal Control Over Financial Reporting: What You Can Expect. A Smaller Public Company Perspective
Auditor Attestation of Internal Control Over Financial Reporting: What You Can Expect A Smaller Public Company Perspective Smaller public companies were required to comply with the management assertion
More informationUniversity Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment
Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need
More informationInternal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned
Internal Controls over Financial Reporting Integrating in Business Processes & Key Lessons learned Introduction Stephen McIntyre, CA, CPA (Illinois) Senior Manager at Ernst & Young in the Risk Advisory
More informationA Sarbanes-Oxley Roadmap to Business Continuity
A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT
More informationAUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC
AUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC Today s Agenda Background: Audit Standard #5 adopted by PCAOB and approved by the SEC in 2007 was intended
More informationRISK MANAGEMENT AND COMPLIANCE
RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6
More informationin THE WAKE OF FIRST-YEAR FILINGS FOR SECTION 404 a guide to Section 404 project management
S A RB A N E S - OX LE Y: A SPE C IAL R E P O RT As organizations look toward year two of Sarbanes-Oxley, there are several steps they can take to ensure a more effective and efficient documentation process.
More informationAdministrative Guidelines on the Internal Control Framework and Internal Audit Standards
Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page
More informationTransmittal Letter... 1. Objectives and Scope... 2. Approach... 3-7. Financial System... 8. Permitting Application... 9
Internal Audit Committee of Information Technology Risk Assessment Public Report Prepared By: Internal Auditors of Brevard County September 30, 2009 Table of Contents Transmittal Letter... 1 Objectives
More informationCommunicating Internal Control Related Matters Identified in an Audit
Communicating Internal Control 1843 AU Section 325 Communicating Internal Control Related Matters Identified in an Audit (Supersedes SAS No. 112.) Source: SAS No. 115. Effective for audits of financial
More informationJ-SOX Compliance Approach Best Practices for Foreign Subsidiaries November 8, 2007
J-SOX Compliance Approach Best Practices for Foreign Subsidiaries November 8, 2007 Protiviti Background Consulting firm dedicated to business and technology risk consulting, and internal audit services
More information7/22/2014. From Treadway To the Cube (1987 2014) So, Who is COSO? What Does COSO Do?
From Treadway To the Cube (1987 2014) National Society of Accountants for Cooperatives (NSAC) CLAconnect.com Instructor: Ron Durkin, CPA/CFF, CFE, CIRA National Principal in Charge Fraud & Misconduct Investigations
More informationEnterprise Risk Management: From Theory to Practice
INSURANCE Enterprise Risk Management: From Theory to Practice KPMG LLP Executive Summary Enterprise Risk Management (ERM) is a structured and disciplined business tool aligning strategy, processes, people,
More informationJapanese Guidelines for Internal Control Reporting Finalized Differences in Requirements Between the U.S. Sarbanes-Oxley Act and J-SOX
FLASH REPORT Japanese Guidelines for Internal Control Reporting Finalized Differences in Requirements Between the U.S. Sarbanes-Oxley Act and On February 15, 2007, the Business Accounting Council of the
More informationGuidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationAuditing Standard 5- Effective and Efficient SOX Compliance
Auditing Standard 5- Effective and Efficient SOX Compliance September 6, 2007 Presented to: The Dallas Chapter of the Institute of Internal Auditors These slides are incomplete without the benefit of the
More informationSarbanes-Oxley Compliance Workbook. From Zero to SOX. Sarbanes-Oxley Compliance Workbook. sensiba san filippo www.ssfllp.com sox@ssfllp.
From Zero to SOX Zero to SOX An Overview The goals of a program to meet SOX 404 requirements go far beyond compliance. The process of building a sustainable, comprehensive internal control environment
More informationThe Role of Internal Audit in Risk Governance
The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any
More informationB o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing
B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationInternal Audit Quality Assessment. Presented To: World Intellectual Property Organization
Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,
More informationACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document.
Internal Control ACCA P1 Internal Control Turnbull Report 1999 provided guidance for creating strong internal control system and later incorporated into Combined code, it was last revised in 2005 and still
More informationSaldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology
Inclusive of, framework, procedures and methodology Contents 1 Introduction 1 1.1 Legislative Framework and best practice 1 1.2 Purpose of Enterprise Risk Management 2 1.3 Scope and Applicability 3 1.4
More informationGAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.
GAO United States General Accounting Office Internal Control November 1999 Standards for Internal Control in the Federal Government GAO/AIMD-00-21.3.1 Foreword Federal policymakers and program managers
More informationFraud Checklist. From the enquiries made and procedures performed in completing Part B of this checklist we consider the risk of irregularities to be
Fraud Checklist Client Name Disclosing entity Prepared by Reviewed by Partner review Balance Date Close Monitoring Date Date Date How to use this checklist An initial assessment of the risk that irregularities
More informationGuide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions
Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall
More informationSECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT
SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing
More informationSTAFF GUIDANCE FOR AUDITORS OF SEC-REGISTERED BROKERS AND DEALERS JUNE 26, 2014
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF GUIDANCE FOR AUDITORS OF SEC-REGISTERED BROKERS AND DEALERS JUNE 26, 2014 This publication
More informationRISK ASSESSMENT CHECKLIST
RISK ASSESSMENT CHECKLIST Provided By The Office of the Georgia State Inspector General Produced In Cooperation With The Governor s Office of Texas Fraud Risk Assessment Checklist Performing an agency
More informationSTANDING ADVISORY GROUP MEETING
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org RISK ASSESSMENT IN FINANCIAL STATEMENT AUDITS Introduction The Standing Advisory Group ("SAG")
More informationInternal Audit and Advisory Services DRAFT
Internal Audit and Advisory Services DRAFT PAGE(S) Message from the Internal Audit and Advisory Services...1-2 Internal Audit and Advisory Services Plan...3-5 Objectives...6-7 Risk Assessment Process...8
More informationSTANDING ADVISORY GROUP MEETING
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org REASONABLE ASSURANCE OCTOBER 5-6, 2005 Introduction The Board's interim auditing standards 1/
More informationEURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS
D2725D-2013 EURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS Version: 1 October 2013 1. Objectives The European Money Markets Institute EMMI previously known as Euribor-EBF, as Administrator for the Euribor
More informationRisk Assessment Standards Toolkit. Practical Guidance in Implementing SFAS 104 111
Risk Assessment Standards Toolkit Practical Guidance in Implementing SFAS 104 111 Risk Assessment Standards Toolkit Practical Guidance in Implementing Statements on Auditing Standards 104 Through 111 About
More informationSarbanes-Oxley Section 404: Management s Assessment Process
Sarbanes-Oxley Section 404: Management s Assessment Process Frequently Asked Questions ADVISORY Contents 1 Introduction 2 Providing a Road Map for Management 3 Questions and Answers 3 Section I. Planning
More informationVendor Management. Minimizing Value Leakage. Deloitte Consulting LLP. November 19, 2013
Vendor Management Minimizing Value Leakage Deloitte Consulting LLP November 19, 2013 Vendor Management is a rapidly emerging business practice in the outsourcing industry Define sourcing strategy Assess
More informationInternal Audit Framework
Internal Audit Framework Internal Audit Framework National Treasury Republic of South Africa March 2009 (2 nd Edition) The Internal Audit Framework is being provided as a service to the Public Service.
More informationInternal Control over Financial Reporting Guidance for Smaller Public Companies
Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked Questions Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked
More informationInternal Controls and Risk Management Report
42 Internal Controls and Risk Management Report Responsibility Our Board of Directors has the overall responsibility to ensure that sound and effective internal controls are maintained, while management
More informationProject organisation and establishing a programme management office
PROJECT ADVISORY Project organisation and establishing a programme office Leadership Series 1 kpmg.com/nz About the Leadership Series KPMG s Leadership Series is targeted towards owners of major capital
More informationM-Aud. Comptroller of the Currency Administrator of National Banks. Internal and External Audits. Comptroller s Handbook. April 2003.
M-Aud Comptroller of the Currency Administrator of National Banks Internal and External Audits Comptroller s Handbook April 2003 M Management Internal and External Audits Table of Contents Introduction...1
More informationDeveloping Effective Internal Controls Using the COSO Model
Developing Effective Internal Controls Using the COSO Model Office of State Controller Internal Controls in a COSO Environment Seminar Raleigh, North Carolina March 2007 Mark S. Beasley Director, ERM Initiative
More informationLEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE
Committee of Sponsoring Organizations of the Treadway Commission Governance and Internal Control LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE By The Institute of Internal Auditors Douglas J. Anderson
More informationOn the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal
(Provisional translation) On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) Released on
More informationModule 6 Documenting Processes and Controls
A logical place to begin any comprehensive evaluation of internal controls is at the top entity-level controls that might have a pervasive effect on the organization. This includes a consideration of factors
More informationRisk Management Advisory Services, LLC Capital markets audit and control
Risk Management Advisory Services, LLC Capital markets audit and control November 14, 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C., 20006-2803
More informationRisk Assessment & Enterprise Risk Management
Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less
More informationthe role of the head of internal audit in public service organisations 2010
the role of the head of internal audit in public service organisations 2010 CIPFA Statement on the role of the Head of Internal Audit in public service organisations The Head of Internal Audit in a public
More informationSummary of Internal Control-Integrated Framework by COSO:
Summary of Internal Control-Integrated Framework by COSO: COSO stands for Commission of Sponsoring Organizations a private commission chartered to research and report on improving quality of financial
More informationPRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions
PRACTICE GUIDE Formulating and Expressing Internal Audit Opinions 2 of 23 Table of Contents 1. Executive Summary... 1 2. Introduction... 2 3. Planning the Expression of an Opinion... 3 3.1 Expressing an
More informationOBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES
More informationLegal Aid Board Training. 2010 Legal Aid Education P, Session 1, Page 1 Session 1. Introduction
to Legal Aid 2010 Legal Aid Education P, Session 1, Page 1 Session 1 Governance as Leadership What is governance? Governance is the exercise of authority, direction and control of an organization in order
More informationUsing COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister
Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.
More informationCITY OF BURLINGTON COSO FRAMEWORK & COMPLIANCE
CITY OF BURLINGTON COSO FRAMEWORK & COMPLIANCE Points of Focus Principle 1. The organization demonstrates a commitment to integrity and ethical values. Supporting Points of Focus:* Sets the tone at the
More informationISSAI 1300. Planning an Audit of Financial Statements. Financial Audit Guideline
The International Standards of Supreme Audit Institutions, ISSAI, are issued by the International Organization of Supreme Audit Institutions, INTOSAI. For more information visit www.issai.org. Financial
More informationHow To Understand The Role Of An Internal Audit
Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1
More informationQuality Assurance Checklist
Internal Audit Foundations Standards 1000, 1010, 1100, 1110, 1111, 1120, 1130, 1300, 1310, 1320, 1321, 1322, 2000, 2040 There is an Internal Audit Charter in place Internal Audit Charter is in place The
More informationAudit of the Test of Design of Entity-Level Controls
Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents
More informationA LAYPERSON S GUIDE INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR)
A LAYPERSON S GUIDE TO INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR) Prepared by Kayla J. Gillan, Member of the Public Company Accounting Oversight Board For The Council of Institutional Investors Annual
More informationProposed Consequential and Conforming Amendments to Other ISAs
IFAC Board Exposure Draft November 2012 Comments due: March 14, 2013, 2013 International Standard on Auditing (ISA) 720 (Revised) The Auditor s Responsibilities Relating to Other Information in Documents
More informationGovernance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
More informationSharon Kurek, CPA, CFE Director of Internal Audit
Sharon Kurek, CPA, CFE Director of Internal Audit What You Will Take Aware With You Definition of Internal Auditing Scope of Audit Activities Risk and Control Process Common Audit Topics Fraud Awareness
More information3.B METHODOLOGY SERVICE PROVIDER
3.B METHODOLOGY SERVICE PROVIDER Approximately four years ago, the American Institute of Certified Public Accountants (AICPA) issued Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting
More informationAudit Quality Thematic Review
Thematic Review Professional discipline Financial Reporting Council December 2014 Audit Quality Thematic Review The audit of loan loss provisions and related IT controls in banks and building societies
More informationPlanning an Audit 255
Planning an Audit 255 AU-C Section 300 Planning an Audit Source: SAS No. 122; SAS No. 128. Effective for audits of financial statements for periods ending on or after December 15, 2012. Introduction Scope
More informationINTERNATIONAL STANDARD ON AUDITING 240 THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS
INTERNATIONAL STANDARD ON 240 THE AUDITOR S RESPONSIBILITIES RELATING TO (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction
More informationSarbanes-Oxley 404. Sarbanes-Oxley Background. SOX 404 Internal Controls. Goals of Sarbanes-Oxley
Sarbanes-Oxley Background Sarbanes-Oxley 404 Internal Controls in Financial Reporting: Implications for Actuaries Legislation passed July 30, 2002 Applies to GAAP financial statements filed with SEC Effective
More informationThe Advanced Certificate in Performance Audit for International and Public Affairs Management. Workshop Overview
The Advanced Certificate in Performance Audit for International and Public Affairs Management Workshop Overview Performance Audit What is it? We will discuss the principles of performance audit. The session
More information