COSO 2013 Internal Control Framework



Similar documents
Internal Control Integrated Framework. May 2013

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

Impact of New Internal Control Frameworks

The 2013 COSO Framework & SOX Compliance

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption

Sarbanes-Oxley Compliance Workbook. From Zero to SOX. Sarbanes-Oxley Compliance Workbook. sensiba san filippo

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

The Updated COSO Internal Control Framework. Frequently Asked Questions

COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP

COSO Internal Control Integrated Framework (2013)

The Updated COSO Internal Control Framework

February Sample audit committee charter

Guide to Internal Control Over Financial Reporting

Internal Control over Financial Reporting Guidance for Smaller Public Companies

Practice guide. quality assurance and IMProVeMeNt PrograM

Fraud-Related Compliance

COSO Framework 2013 & SOX Compliance. Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013

Audit of the Policy on Internal Control Implementation

How To Get A Tech Startup To Comply With Regulations

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

Risk Assessment & Enterprise Risk Management

COSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners

Internal/External Audits

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Internal Controls and Risk Management Report

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

Enterprise Risk Management: COSO, New COSO, ISO Review of ERM

COMPANY LEVEL CONTROLS A PRACTICAL FRAMEWORK

Vendor Compliance Management Series: Performing an Effective Risk Assessment

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Practical and ethical considerations on the use of cloud computing in accounting

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister

AUDIT COMMITTEE BEST PRACTICES CHECKLIST

7/22/2014. From Treadway To the Cube ( ) So, Who is COSO? What Does COSO Do?

The Role of Internal Audit In Business Continuity Planning

MNLARS Project Audit Checklist

Auditing Standard 5- Effective and Efficient SOX Compliance

A Sarbanes-Oxley Roadmap to Business Continuity

Guide to Pcaob Inspections

BAKER HUGHES INCORPORATED. CHARTER OF THE AUDIT/ETHICS COMMITTEE OF THE BOARD OF DIRECTORS (as amended and restated October 24, 2012)

What Should IS Majors Know About Regulatory Compliance?

ACC 215 ETHICS IN ACCOUNTING. Upon completion of this course, the student will be able to:

M-Aud. Comptroller of the Currency Administrator of National Banks. Internal and External Audits. Comptroller s Handbook. April 2003.

GAO. Government Auditing Standards Revision. By the Comptroller General of the United States. United States Government Accountability Office

Guide to the Sarbanes-Oxley Act:

Chapter 2 Highlights: M&A and Compliance With The Sarbanes-Oxley Act of 2002

Fraud Prevention and Deterrence

Ethical Maturity Index: Questionnaire Authors: Elena Demidenko and Patrick McNutt

Enterprise Risk Management (ERM) & Compliance

KPMG Internal Audit 2015: Top 10 considerations for private equity firms. kpmg.com

Guide to Public Company Auditing

Obtaining Quality Employee Benefit Plan Audit Services: The Request for Proposal and Auditor Evaluation Process

Internal Control Strategies. A Mid to Small Business Guide

Surviving SOX with Scrum. Integrating Scrum in IT Governance at Allianz

IFAD Policy on Enterprise Risk Management

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

Enterprise Risk Management

BDO Seidman, LLP Accountants and Consultants

Internal Auditing Guidelines

Sample Financial institution Risk Management Policy 2011

Framework for Enterprise Risk Management

On the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal

AUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC

[RELEASE NOS ; ; FR-77; File No. S ]

IPPF Practice Guide. the control environment

The Importance of IT Controls to Sarbanes-Oxley Compliance

Vendor Management Best Practices

C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t i o n s o f t h e T r e a d w a y C o m m i s s i o n

Certified Government Auditing Professional (CGAP )

Effective Internal Audit in the Financial Services Sector

Self-Service SOX Auditing With S3 Control

SOX FDICIA COSO 2013 Best Practices Presented by: Raji Sathappan MBA, CRCM, CAMS, CISA

Japanese Guidelines for Internal Control Reporting Finalized Differences in Requirements Between the U.S. Sarbanes-Oxley Act and J-SOX

FCPA 10 Hallmarks Self- Assessment

The Role of the Board in Enterprise Risk Management

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition

Sarbanes-Oxley Compliance: Section 404-Past, Present, and Future

GAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports

In a Search for Regulations on Risk Management, Internal Control and Internal Audit

Audit Committee Charter Altria Group, Inc. In the furtherance of this purpose, the Committee shall have the following authority and responsibilities:

Fraud and Role of Information Technology. September 2008

Transcription:

COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1

Who/What is COSO? Committee of Sponsoring Organizations of the Treadway Commission (COSO) A private sector initiative, jointly sponsored and funded by: American Accounting Association (AAA) American Institute of Certified Public Accountants (AICPA) Financial Executives International (FEI) Institute of Management Accountants (IMA) The Institute of Internal Auditors (IIA) Formed after the SEC and U.S. Congress enacted campaign finance law reforms and the 1977 Foreign Corrupt Practices Act Primary responsibility is to develop frameworks and guidance on enterprise risk management, internal control and fraud deterrence 3 COSO 1992 Initial Initial framework defined control functions in terms of: Entities (2) Categories (3) Components (5) Source: SOX-Online.com 4 2

COSO 2013 Revised Revised the framework elements: Entities (4) Categories (3) Components (5) Source: Chapter 2 of COSO Internal Control: Integrated (2013). Supersedes previous framework on December 15, 2014 5 COSO 2013: Key Changes Codification of fundamental concepts from original framework as Principles and offers points of focus for each principle Expands the financial reporting category of objectives to include other forms of reporting (internal and non-financial) Consideration for changes to business and operating environments Increased relevance and dependence on IT Focus on fraud risk assessment 6 3

COSO Internal Control Integrated The 5 components and 17 principles of internal control are intended to function in an integrated manner Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies 7 COSO Internal Control Integrated Points of focus describe important characteristics of each Principle Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. Points of Focus: Sets the Tone at the Top Establishes Standards of Conduct Evaluates Adherence to Standards of Conduct Addresses Deviations in a Timely Manner Control Examples: Source: coso.org BOD and established committees charged with oversight Code of Conduct defining integrity and ethical values expected by the company Follow-up/Investigation process of reported ethics violations 8 4

COSO Internal Control Integrated Risk Assessment 7. Identifies and Analyzes Risk Points of Focus: Includes Entity, Subsidiary, Division, Operating Unit and Functional Levels Analyzes Internal and External Factors Involves Appropriate Levels of Management Estimates Significance of Risks Identified Determines How to Respond to Risks Control Examples: Risk/Control Self Assessment process and adherence (Likelihood/Impact ranking) Risk and/or Performance metric dashboard monitoring and documentation of acceptance or avoidance Documented governance and oversight process to ensure risks are communicated to appropriate levels of mgmt. (escalation path) 9 COSO 2013: Why now? Catching up with emerging trends Globalization of economies Complexity of business operations Growing reliance on technology Increased reliance on thirdparty Increased volume and maturity of fraud schemes Increased government oversight, regulations, and legislation Increased focus and scrutiny of BoD and Senior Management oversight 10 5

Implementation Roadmap Evaluate & Plan Map to New Refine & Enhance Documentation Communicate & Train Read and interpret new framework Attend consultant webinars, seminars, and training classes Develop transition strategy with key stakeholders Top-down, risk based review of controls and map to framework as appropriate Consult with key mgmt. personnel to ensure appropriate coverage Consult with external auditors on COSO 2013 compliance Identify and clarify COSO 2013 controls in your universe Ensure appropriate testing is in place Internal Audit Involvement Consult with External Auditors Communicate control framework to key management, external auditors, and BOD Provide training and awareness of the new framework to stakeholders 11 Implementation Considerations All 5 components and all 17 principles must be present, functioning and operating together in an integrated manner Principles are present and functioning if any deficiencies are less than major (same as material weakness using traditional SOX control deficiency methods) If implementing the framework for SOX compliance only, consider building the foundation for applying it to other company objectives Take this opportunity to take a fresh look at all controls Consider controls for vendors, and external business partners Implementation Evidence: Mapping of 17 principles to key controls Memo documenting implementation approach and process (who was involved, timeline, etc.) 12 6

Lessons Learned From Early Adopters This is not a complete overhaul of your system of internal controls no major projects, consultants, or mountains of documents Top down, risk-based approach is recommended COSO did not intend this to be a checklist exercise. Utilize currently available COSO guidance, manuals and tools Engage external and internal auditors early and often Engage internal/external stakeholders from the beginning Approaches, complexity and level of effort vary by organization Controls and processes likely exist, but just aren t documented If it s not documented, it doesn t count! Present and functioning (tested) PCAOB report findings may cover COSO 13 COSO 2013 Revised Questions? 14 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information