COSO 2013 Internal Control Framework
|
|
- Dwight Andrews
- 8 years ago
- Views:
Transcription
1 COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1
2 Who/What is COSO? Committee of Sponsoring Organizations of the Treadway Commission (COSO) A private sector initiative, jointly sponsored and funded by: American Accounting Association (AAA) American Institute of Certified Public Accountants (AICPA) Financial Executives International (FEI) Institute of Management Accountants (IMA) The Institute of Internal Auditors (IIA) Formed after the SEC and U.S. Congress enacted campaign finance law reforms and the 1977 Foreign Corrupt Practices Act Primary responsibility is to develop frameworks and guidance on enterprise risk management, internal control and fraud deterrence 3 COSO 1992 Initial Initial framework defined control functions in terms of: Entities (2) Categories (3) Components (5) Source: SOX-Online.com 4 2
3 COSO 2013 Revised Revised the framework elements: Entities (4) Categories (3) Components (5) Source: Chapter 2 of COSO Internal Control: Integrated (2013). Supersedes previous framework on December 15, COSO 2013: Key Changes Codification of fundamental concepts from original framework as Principles and offers points of focus for each principle Expands the financial reporting category of objectives to include other forms of reporting (internal and non-financial) Consideration for changes to business and operating environments Increased relevance and dependence on IT Focus on fraud risk assessment 6 3
4 COSO Internal Control Integrated The 5 components and 17 principles of internal control are intended to function in an integrated manner Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies 7 COSO Internal Control Integrated Points of focus describe important characteristics of each Principle Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. Points of Focus: Sets the Tone at the Top Establishes Standards of Conduct Evaluates Adherence to Standards of Conduct Addresses Deviations in a Timely Manner Control Examples: Source: coso.org BOD and established committees charged with oversight Code of Conduct defining integrity and ethical values expected by the company Follow-up/Investigation process of reported ethics violations 8 4
5 COSO Internal Control Integrated Risk Assessment 7. Identifies and Analyzes Risk Points of Focus: Includes Entity, Subsidiary, Division, Operating Unit and Functional Levels Analyzes Internal and External Factors Involves Appropriate Levels of Management Estimates Significance of Risks Identified Determines How to Respond to Risks Control Examples: Risk/Control Self Assessment process and adherence (Likelihood/Impact ranking) Risk and/or Performance metric dashboard monitoring and documentation of acceptance or avoidance Documented governance and oversight process to ensure risks are communicated to appropriate levels of mgmt. (escalation path) 9 COSO 2013: Why now? Catching up with emerging trends Globalization of economies Complexity of business operations Growing reliance on technology Increased reliance on thirdparty Increased volume and maturity of fraud schemes Increased government oversight, regulations, and legislation Increased focus and scrutiny of BoD and Senior Management oversight 10 5
6 Implementation Roadmap Evaluate & Plan Map to New Refine & Enhance Documentation Communicate & Train Read and interpret new framework Attend consultant webinars, seminars, and training classes Develop transition strategy with key stakeholders Top-down, risk based review of controls and map to framework as appropriate Consult with key mgmt. personnel to ensure appropriate coverage Consult with external auditors on COSO 2013 compliance Identify and clarify COSO 2013 controls in your universe Ensure appropriate testing is in place Internal Audit Involvement Consult with External Auditors Communicate control framework to key management, external auditors, and BOD Provide training and awareness of the new framework to stakeholders 11 Implementation Considerations All 5 components and all 17 principles must be present, functioning and operating together in an integrated manner Principles are present and functioning if any deficiencies are less than major (same as material weakness using traditional SOX control deficiency methods) If implementing the framework for SOX compliance only, consider building the foundation for applying it to other company objectives Take this opportunity to take a fresh look at all controls Consider controls for vendors, and external business partners Implementation Evidence: Mapping of 17 principles to key controls Memo documenting implementation approach and process (who was involved, timeline, etc.) 12 6
7 Lessons Learned From Early Adopters This is not a complete overhaul of your system of internal controls no major projects, consultants, or mountains of documents Top down, risk-based approach is recommended COSO did not intend this to be a checklist exercise. Utilize currently available COSO guidance, manuals and tools Engage external and internal auditors early and often Engage internal/external stakeholders from the beginning Approaches, complexity and level of effort vary by organization Controls and processes likely exist, but just aren t documented If it s not documented, it doesn t count! Present and functioning (tested) PCAOB report findings may cover COSO 13 COSO 2013 Revised Questions? 14 7
Internal Control Integrated Framework. May 2013
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
More informationCOSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE
COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationThe 2013 COSO Framework & SOX Compliance
The 2013 COSO Framework & SOX Compliance ONE APPROACH TO AN EFFECTIVE TRANSITION By J. Stephen McNally, CPA The 2013 COSO Framework & SOX Compliance ONE APPROACH TO AN EFFECTIVE TRANSITION By J. Stephen
More informationThis article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.
Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international
More informationCorporate Resiliency Managing g the Growing Risk of Fraud and Corruption
Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption Toby Bishop, Director, Deloitte Forensic Center Deloitte Financial Advisory Services LLP Contents Why corporate resiliency? What
More informationSarbanes-Oxley Compliance Workbook. From Zero to SOX. Sarbanes-Oxley Compliance Workbook. sensiba san filippo www.ssfllp.com sox@ssfllp.
From Zero to SOX Zero to SOX An Overview The goals of a program to meet SOX 404 requirements go far beyond compliance. The process of building a sustainable, comprehensive internal control environment
More informationLEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE
Committee of Sponsoring Organizations of the Treadway Commission Governance and Internal Control LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE By The Institute of Internal Auditors Douglas J. Anderson
More informationThe Updated COSO Internal Control Framework. Frequently Asked Questions
The Updated COSO Internal Control Framework Frequently Asked Questions Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing thought leadership
More informationCOSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP
COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP Disclaimer The material appearing in this presentation is for informational purposes only and should not be construed
More informationCOSO Internal Control Integrated Framework (2013)
COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)
More informationThe Updated COSO Internal Control Framework
The Updated COSO Internal Control Framework Frequently Asked Questions Second Edition Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing
More informationFebruary 2015. Sample audit committee charter
February 2015 Sample audit committee charter Sample audit committee charter This sample audit committee charter is based on observations of selected companies and the requirements of the SEC, the NYSE,
More informationDeveloping a Fraud Risk Management Program
Developing a Fraud Risk Management Program Erick O. Bell Priyanka Jhang Deloitte Financial Advisory Services LLP September 11, 2013 Agenda Making the case for a Fraud Risk Management Program A COSO-consistent
More informationGuide to Internal Control Over Financial Reporting
Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).
More informationInternal Control over Financial Reporting Guidance for Smaller Public Companies
Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked Questions Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked
More informationSOX 404 Compliance Challenges for Small Companies
A SOX2007.com White Paper SOX 404 and Small Companies: A Cost Effective Approach to 2007 Compliance Background The Sarbanes-Oxley Act (SOX) was passed by Congress in July 2002 to address corporate mismanagement
More informationPractice guide. quality assurance and IMProVeMeNt PrograM
Practice guide quality assurance and IMProVeMeNt PrograM MarCh 2012 Table of Contents Executive Summary... 1 Introduction... 2 What is Quality?... 2 Quality in Internal Audit... 2 Conformance or Compliance?...
More informationFraud-Related Compliance
Fraud-Related Compliance Areas of Compliance, Part 1: FCPA, SOX, PCAOB, Dodd-Frank 2015 Association of Certified Fraud Examiners, Inc. Foreign Corrupt Practices Act (FCPA) Enacted to prohibit corrupt payments
More informationCOSO Framework 2013 & SOX Compliance. Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013
COSO Framework 2013 & SOX Compliance Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013 What s Happened On May 14, 2013, after a little more than 20 years the Committee of Sponsoring
More informationAudit of the Policy on Internal Control Implementation
Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF
More informationHow To Get A Tech Startup To Comply With Regulations
Agile Technology Controls for Startups a Contradiction in Terms or a Real Opportunity? Implementing Dynamic, Flexible and Continuously Optimized IT General Controls POWERFUL INSIGHTS Issue It s not a secret
More informationInternal and External Audits Table of Contents
Internal and External Audits Table of Contents Supplemental Examination Procedures...61 Planning the Audit Review...61 Board and Committee Oversight...64 Internal Audit...69 External Audit...93 Overall
More informationUniversity Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment
Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need
More informationRisk Assessment & Enterprise Risk Management
Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less
More informationCOSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting
in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 SIGNIFICANT CHANGES AFFECTING INTERNAL CONTROL
More informationSARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners
SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners The Institute of Internal Auditors
More informationIFRS in Asia 2008 Driving the Capital Markets of Tomorrow 10-11 October 2008, Beijing, China
International Accounting Standards Committee Foundation, Ministry of Finance (PRC), and Shulun Pan Certified Public Accountants IFRS in Asia 2008 Driving the Capital Markets of Tomorrow 10-11, Beijing,
More informationInternal/External Audits
Internal/External Audits Joint World Bank/Federal Reserve System Seminar for Senior Bank Supervisors Arthur Lindo Federal Reserve Board Presentation Topics ❿Internal Audit, Corporate Governance and Controls
More informationPrüfung von Outsourcing mit SAS70
Prüfung von Outsourcing mit SAS70 AGENDA Historical flashback Reasons for the standard Major contents Potential areas of SAS 70 application Audit approach and Responsibility Client and Service Provider
More informationAdministrative Guidelines on the Internal Control Framework and Internal Audit Standards
Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page
More informationInternal Controls and Risk Management Report
42 Internal Controls and Risk Management Report Responsibility Our Board of Directors has the overall responsibility to ensure that sound and effective internal controls are maintained, while management
More informationB o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing
B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued
More informationEnterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM
Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied
More informationCOMPANY LEVEL CONTROLS A PRACTICAL FRAMEWORK
COMPANY LEVEL CONTROLS A PRACTICAL FRAMEWORK During the past two years a group of internal control specialists of large Dutch companies listed in the USA have held regular meetings to share experiences
More informationInternational Institute of Management
Executive Education Executive Action Learning Seminars Executive Seminars Executive Courses International Institute of Management Executive Education Courses CIO & Sarbanes Oxley Compliance SOX Implementation
More informationSix Financial Oversight Strategies for Nonprofits
Six Financial Oversight Strategies for Nonprofits You Inspire Us! 1) Greet your new friends! 2) Surf the binder and resources 3) Enjoy The Hope Center 4) Watch for MORE resources in 7 days: ECFA.org/Content/Six-Financial-Oversight-Strategiesfor-Nonprofits
More informationVendor Compliance Management Series: Performing an Effective Risk Assessment
Vendor Compliance Management Series: Performing an Effective Risk Assessment Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationPractical and ethical considerations on the use of cloud computing in accounting
Practical and ethical considerations on the use of cloud computing in accounting ABSTRACT Katherine Kinkela Iona College Cloud Computing promises cost cutting efficiencies to businesses and specifically
More informationUsing COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister
Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.
More informationAUDIT COMMITTEE BEST PRACTICES CHECKLIST
AUDIT COMMITTEE BEST PRACTICES CHECKLIST General 1. Members have the appropriate predefined qualifications to meet the objectives of the audit committee s charter, including appropriate financial literacy.
More information7/22/2014. From Treadway To the Cube (1987 2014) So, Who is COSO? What Does COSO Do?
From Treadway To the Cube (1987 2014) National Society of Accountants for Cooperatives (NSAC) CLAconnect.com Instructor: Ron Durkin, CPA/CFF, CFE, CIRA National Principal in Charge Fraud & Misconduct Investigations
More informationThe Role of Internal Audit In Business Continuity Planning
The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information
More informationMNLARS Project Audit Checklist
Audit Checklist The following provides a detailed checklist to assist the audit team in reviewing the health of a project. Relevance (at this time) How relevant is this attribute to this project or audit?
More informationAuditing Standard 5- Effective and Efficient SOX Compliance
Auditing Standard 5- Effective and Efficient SOX Compliance September 6, 2007 Presented to: The Dallas Chapter of the Institute of Internal Auditors These slides are incomplete without the benefit of the
More informationA Sarbanes-Oxley Roadmap to Business Continuity
A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT
More informationGuide to Pcaob Inspections
Guide to Pcaob Inspections october 2012 Since 2002, a new regulator, the Public Company Accounting Oversight Board (PCAOB), has had responsibility for overseeing auditors of public companies. Regular inspections
More informationBAKER HUGHES INCORPORATED. CHARTER OF THE AUDIT/ETHICS COMMITTEE OF THE BOARD OF DIRECTORS (as amended and restated October 24, 2012)
BAKER HUGHES INCORPORATED CHARTER OF THE AUDIT/ETHICS COMMITTEE OF THE BOARD OF DIRECTORS (as amended and restated October 24, 2012) The Board of Directors of Baker Hughes Incorporated (the Company ) has
More informationWhat Should IS Majors Know About Regulatory Compliance?
What Should IS Majors Know About Regulatory Compliance? Working Paper Series 08-12 August 2008 Craig A. VanLengen Professor of Computer Information Systems/Accounting Northern Arizona University The W.
More informationACC 215 ETHICS IN ACCOUNTING. Upon completion of this course, the student will be able to:
ACC 215 ETHICS IN ACCOUNTING COURSE DESCRIPTION: Perequisites: ACC 121 Corequistites: None This course introduces students to professional codes of conduct and ethics adopted by professional associations
More informationM-Aud. Comptroller of the Currency Administrator of National Banks. Internal and External Audits. Comptroller s Handbook. April 2003.
M-Aud Comptroller of the Currency Administrator of National Banks Internal and External Audits Comptroller s Handbook April 2003 M Management Internal and External Audits Table of Contents Introduction...1
More informationGAO. Government Auditing Standards. 2011 Revision. By the Comptroller General of the United States. United States Government Accountability Office
GAO United States Government Accountability Office By the Comptroller General of the United States December 2011 Government Auditing Standards 2011 Revision GAO-12-331G GAO United States Government Accountability
More informationGuide to the Sarbanes-Oxley Act:
Guide to the Sarbanes-Oxley Act: internal Control Reporting Requirements Frequently Asked Questions Regarding Section 404 Fourth Edition Table of Contents Page No. Introduction... 1 Applicability of Section
More informationChapter 2 Highlights: M&A and Compliance With The Sarbanes-Oxley Act of 2002
Chapter 2 Highlights: M&A and Compliance With The Sarbanes-Oxley Act of 2002 Excerpted From The Complete Guide to Mergers And Acquisitions: Process Tools To Support M&A Integration At Every Level Second
More informationFraud Prevention and Deterrence
Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining
More informationEthical Maturity Index: Questionnaire Authors: Elena Demidenko and Patrick McNutt
Ethical Maturity Index: Questionnaire Authors: Elena Demidenko and Patrick McNutt Patrick McNutt and Elena Demidenko have developed a questionnaire to enable management self assessment of current situation
More informationEnterprise Risk Management (ERM) & Compliance
Enterprise Risk Management (ERM) & Compliance Mid Atlantic Regional Meeting, May 1, 2015 Society of Corporate Compliance and Ethics Jason Lunday, consultant Compliance Opportunities in ERM Increase compliance
More informationKPMG Internal Audit 2015: Top 10 considerations for private equity firms. kpmg.com
KPMG Internal Audit 2015: Top 10 considerations for private equity firms kpmg.com INTERNAL AUDIT TOP 10 CONSIDERATIONS IN 2015 1 Historically, private equity has been less regulated than other parts of
More informationGuide to Public Company Auditing
Guide to Public Company Auditing The Center for Audit Quality (CAQ) prepared this Guide to Public Company Auditing to provide an introduction to and overview of the key processes, participants and issues
More informationObtaining Quality Employee Benefit Plan Audit Services: The Request for Proposal and Auditor Evaluation Process
Obtaining Quality Employee Benefit Plan Audit Services: The Request for Proposal and Auditor Evaluation Process The AICPA Employee Benefit Plan Audit Quality Center has prepared this document to assist
More informationInternal Control Strategies. A Mid to Small Business Guide
Brochure More information from http://www.researchandmarkets.com/reports/2325460/ Internal Control Strategies. A Mid to Small Business Guide Description: Praise for Internal Control Strategies A Mid to
More informationSurviving SOX with Scrum. Integrating Scrum in IT Governance at Allianz
Surviving SOX with Scrum Integrating Scrum in IT Governance at Allianz 1 Who are we? Simon Roberts MBA and Dr. Christoph Mathis Independent Scrum coaches and trainers; Scrum since 2002, XP since late 1990s
More informationIFAD Policy on Enterprise Risk Management
Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008
More informationAUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL
AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT REPORT JUNE 2010 TABLE OF CONTENTS EXCUTIVE SUMMARY... 3 1 INTRODUCTION... 5 1.1 AUDIT OBJECTIVE. 5 1.2 SCOPE...5 1.3 SUMMARY
More informationEnterprise Risk Management
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
More informationBDO Seidman, LLP Accountants and Consultants
BDO Seidman, LLP Accountants and Consultants 330 Madison Avenue New York, NY 10017 (212) 885-8000 Phone (212) 697-1299 Fax Via E-mail: comments@pcaobus.org Office of the Secretary Public Company Accounting
More informationCentre for Corporate Governance. Managing the business risk of fraud: New guidance for a new risk environment
Centre for Corporate Governance Managing the business risk of fraud: New guidance for a new risk environment Many antifraud professionals believe that organizations today face a greater risk of fraud occurring
More informationPartner With Your Auditor on Controls
WHITE PAPER Partner With Your Auditor on Controls How management can help its auditors address PCAOB inspections findings on internal control Written by Thomas Ray, Distinguished Lecturer at Baruch College
More informationInternal Auditing Guidelines
Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may
More informationSample Financial institution Risk Management Policy 2011
Sample Financial institution Risk Management Policy 2011 1 Contents Risk Management Program...2 Internal Control and Risk Management Diagram... 2 General Control Environment... 2 Specific Internal Control
More informationFramework for Enterprise Risk Management
Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach
More informationOn the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal
(Provisional translation) On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) Released on
More informationCARIBBEAN DEVELOPMENT BANK STRATEGIC FRAMEWORK FOR INTEGRITY, COMPLIANCE AND ACCOUNTABILITY (2015)
CARIBBEAN DEVELOPMENT BANK STRATEGIC FRAMEWORK FOR INTEGRITY, COMPLIANCE AND ACCOUNTABILITY (2015) Provides a comprehensive strategic framework for institutional integrity (fraud and corruption), ethics,
More informationAUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC
AUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC Today s Agenda Background: Audit Standard #5 adopted by PCAOB and approved by the SEC in 2007 was intended
More information[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06]
SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting
More informationIPPF Practice Guide. the control environment
Auditing the control environment APRIL 2011 Table of Contents Executive Summary... 1 Introduction... 2 An Organization s Control Environment... 2 Scope and Approach to... 3 Practical Considerations in...
More informationThe Importance of IT Controls to Sarbanes-Oxley Compliance
Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers
More informationVendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
More informationC o m m i t t e e o f S p o n s o r i n g O r g a n i z a t i o n s o f t h e T r e a d w a y C o m m i s s i o n
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t i o n s o f t h e T r e a d w a y C o m m i s s i o n T h o u g h t L e a d e r s h i p i n E R M E m b r a c i n g E n t e r p r i s e R i s
More informationCertified Government Auditing Professional (CGAP ) www.theiia.org/certification
IIA Certifications: Certified Government Auditing Professional (CGAP ) PURPOSE A specialty certification designed for and by public- sector internal auditing practitioners Designed especially for auditors
More informationEffective Internal Audit in the Financial Services Sector
Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors
More informationSelf-Service SOX Auditing With S3 Control
Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with
More informationSOX FDICIA COSO 2013 Best Practices Presented by: Raji Sathappan MBA, CRCM, CAMS, CISA
SOX FDICIA COSO 2013 Best Practices Presented by: Raji Sathappan MBA, CRCM, CAMS, CISA Certified Public Accountants Consultants Wealth Management Technology Restatements - Mistakes that Dog Financial Reporting
More informationThe Impact of the SarbanesOxley Act and Similar Legislation: Lessons Learned and Considerations for the Future
The Impact of the SarbanesOxley Act and Similar Legislation: Lessons Learned and Considerations for the Future Protiviti, together with the input of the Singapore Accountancy Commission, has developed
More informationJapanese Guidelines for Internal Control Reporting Finalized Differences in Requirements Between the U.S. Sarbanes-Oxley Act and J-SOX
FLASH REPORT Japanese Guidelines for Internal Control Reporting Finalized Differences in Requirements Between the U.S. Sarbanes-Oxley Act and On February 15, 2007, the Business Accounting Council of the
More informationFCPA 10 Hallmarks Self- Assessment
FCPA 10 Hallmarks Self- Assessment How exposed is your business to corruption risk? Take this assessment to find out if your systems are sufficiently robust to protect your business October 2014 Prepared
More informationThe Role of the Board in Enterprise Risk Management
Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance
More information26 February 2007. Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC 20549-1090
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 26 February 2007 Ms. Nancy M. Morris, Secretary
More informationConsultation Response
Consultation Response PROPOSED AUDITING STANDARD AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING PERFORMED IN CONJUNCTION WITH AN AUDIT OF FINANCIAL STATEMENTS PCAOB Rulemaking Docket Matter No.
More information1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition
1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...
More informationSarbanes-Oxley Compliance: Section 404-Past, Present, and Future
Sarbanes-Oxley Compliance: Section 404-Past, Present, and Future BADM 590/395 IT Governance MS1 Professor Michael Shaw Submitted by: Amy Smith BA in MIS University of Illinois at Urbana-Champaign Smith
More informationGAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports
GAO United States Government Accountability Office Report to the Committee on Armed Services, U.S. Senate December 2011 DEFENSE CONTRACT AUDITS Actions Needed to Improve DCAA's Access to and Use of Defense
More informationIn a Search for Regulations on Risk Management, Internal Control and Internal Audit
In a Search for Regulations on Risk Management, Internal Control and Internal Audit Jacek Socha IAS Conference 17 October 2006 pwc Agenda Background Sarbanes-Oxley Act lessons learnt and benefits EU response
More informationCommonwealth Health Insurance Connector Authority
» Commonwealth Health Insurance Connector Authority Performance Audit of Centers for Medicare and Medicaid Services (CMS) Rule 9957 Requirements For the Year Ended December 31, 2014 May 28, 2015 KPMG LLP
More informationAudit Committee Charter Altria Group, Inc. In the furtherance of this purpose, the Committee shall have the following authority and responsibilities:
Audit Committee Charter Altria Group, Inc. Membership The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Altria Group, Inc. (the Company ) shall consist of at least three directors
More informationESKISP6046.02 Direct security architecture development
Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable
More informationDOJ and SEC Release FCPA Resource Guide: What Does Your Company Do Now? January 8, 2013 By: Evelyn Suarez & Patrick Hanes
DOJ and SEC Release FCPA Resource Guide: What Does Your Company Do Now? January 8, 2013 By: Evelyn Suarez & Patrick Hanes Speakers Evelyn M. Suarez International Law Williams Mullen, Washington D.C. esuarez@williamsmullen.com
More informationFraud and Role of Information Technology. September 2008
Fraud and Role of Information Technology September 2008 Agenda IT Value Proposition Slide 2 Prior Interpretations of Internal Control Structure Have Addressed Three Separate Parts Which Were Audited Somewhat
More information