Updates to the COSO Internal Controls Framework. How to Apply it to Your Control Framework

Similar documents
COSO Internal Control Integrated Framework (2013)

Internal Control Integrated Framework. May 2013

COSO 2013 Internal Control Framework

COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP

COSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Enterprise Risk Management

Internal Financial Controls

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

Audit of the Policy on Internal Control Implementation

The Updated COSO Internal Control Framework

Enterprise Risk Management: COSO, New COSO, ISO Review of ERM

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

A Risk-Based Audit Strategy November 2006 Internal Audit Department

The Updated COSO Internal Control Framework. Frequently Asked Questions

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Table of Contents: Chapter 2 Internal Control

How To Ensure Internal Control Of Financial Reporting In India

INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404

Beyond Sarbanes-Oxley: Improving Corporate Value With a 4th Generation Balanced Scorecard Approach

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Summary of Internal Control-Integrated Framework by COSO:

Internal Controls and Risk Management Report

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Sarbanes-Oxley Section 404 Implementation Practices of Leading Companies

ACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document.

[RELEASE NOS ; ; FR-77; File No. S ]

MISSION VALUES. The guide has been printed by:

How To Understand The Role Of An Internal Audit

Master Document Audit Program. Version 7.4, dated November 2006 B-1 Planning Considerations. Purpose and Scope

Internal Audit RFP 2013 Questions and Answers

Internal Audit Manual

Practical and ethical considerations on the use of cloud computing in accounting

October 20, Sincerely. Anthony Chavez, CIA, CGAP, CRMA Director, Internal Audit Division

Internal Control Questionnaire and Assessment

Audit of the Test of Design of Entity-Level Controls

7/22/2014. From Treadway To the Cube ( ) So, Who is COSO? What Does COSO Do?

Major IT Projects: Continue Expanding Oversight and Strengthen Accountability

Dr. Thomas Nösberger. A short overview

How To Audit A Company

Fraud Control Theory

The 2013 COSO Framework & SOX Compliance

J-SOX Compliance Approach Best Practices for Foreign Subsidiaries November 8, 2007

COSO Framework 2013 & SOX Compliance. Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013

Control Environment Questionnaire

Communicating Internal Control Related Matters Identified in an Audit

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 315

MEMORANDUM. Municipal Officials. From: Karen Horn, Director, Public Policy and Advocacy; and Abby Friedman, Director, Municipal Assistance Center

Internal Audit Framework

SCOPE MANAGEMENT PLAN <PROJECT NAME>

Impact of New Internal Control Frameworks

How To Get A Tech Startup To Comply With Regulations

MEMORANDUM FOR CHIEF FINANCIAL OFFICERS. Update on the Financial Management Line of Business and the Financial Systems Integration Office

Audit Phases. Phase 1: Planning and Risk Identification

September 2010 Report No

Guidance for audit committees. The internal audit function

Strategic Direction 7 Vision for Shared Administrative Services

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

A Sarbanes-Oxley Roadmap to Business Continuity

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

CONTINUOUS CONTROLS MONITORING

ENTERPRISE RISK MANAGEMENT POLICY

IBAO Member Programs. Overview

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Auditing Treasury Activities. Devina Rankin Assistant Treasurer

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Corporate Governance Guidelines of Ferrellgas, Inc., as the general partner of Ferrellgas Partners, L.P.

Third Party Risk Management 12 April 2012

Internal Auditing Guidelines

INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT NO. П4-01 П-01 REVISION1.00

Performance Measures for Internal Auditing

Risk Assessment & Enterprise Risk Management

GAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports

The Role of Internal Audit in Risk Governance

Continuous auditing: the audit of the future

Audit and Permitted Non-Audit Services Pre-Approval Policy (Pertaining to the Company s Independent Auditor)

M-Aud. Comptroller of the Currency Administrator of National Banks. Internal and External Audits. Comptroller s Handbook. April 2003.

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners

SUPERVISORY AND REGULATORY GUIDELINES: PU GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS

CORPORATE GOVERNANCE GUIDELINES OF THE HOME DEPOT, INC. BOARD OF DIRECTORS. (Effective February 28, 2013)

Agenda Item: 7.6 Prepared by: Mark Majek, Kathy Thomas, Deborah Bell, Tamara Cowen and Jaye Stepp Meeting Date: October 2014

Vendor Management. Minimizing Value Leakage. Deloitte Consulting LLP. November 19, 2013

Forensic Audit Building a World Class Program

Internal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned

Effective Monitoring of Outsourced Plan Recordkeeping and Reporting Functions

GRANTS ADMINISTRATION. Audit Report No. AGM0110. May 11, 2010

STAFF GUIDANCE FOR AUDITORS OF SEC-REGISTERED BROKERS AND DEALERS JUNE 26, 2014

Transcription:

Updates to the COSO Internal Controls Framework How to Apply it to Your Control Framework

Presenters Jack Kristan, CPA. CIA, MBA Senior Consulting Manager, Plante Moran Enterprise Risk Services Jack has more than 11 years of business operations, finance, accounting, and internal audit experience. Since joining Plante Moran s Enterprise Risks Services (ERS) practice, he has been actively involved engaged in assignments evaluating internal audits across multiple industries, including trusts. Jack serves as an onsite team leader for internal audit, Sarbanes-Oxley, JSOX, and consulting engagements. He has been engaged to perform operational improvement audits, lead the finance effort for an ERP implementation with a FORTUNE 500 company, manufacturing variances audits, developed an audit module for a large class action settlement, and co-developed a software solution for segregation of duties with another ERS associate. He regularly presents on various internal control and audit related topics for the MACPA and local IIA chapters in Michigan. Matthew Bohdan, CPA, CIA, MBA Consulting Manager, Plante Moran Enterprise Risk Services Matt has over 7 years of public accounting and management consulting experience providing services to clients in a number of industries. Matt is a member of Plante Moran s Financial Support and Enterprise Risk Services practice, and is responsible for assisting clients with various accounting and finance related consulting projects. Projects include interim accounting assistance provided to provided to companies in transition, including holdings and subsidiaries of venture capital entities, financial modeling, system and process implementation, internal audit & Sarbanes-Oxley, business planning, financial reporting, due diligence, other outsourced financial management. Matt has played a key role in several client projects in the development and implementation of accounting/finance procedures and business process improvement for companies in transition and distress.

What is COSO and the Internal Control Framework? 2

What is COSO and the Internal Control Framework? COSO - Recap FORMATION & HISTORY Organized in 1985 to sponsor the National Commission on Fraudulent Financial Reporting Formation was jointly sponsored by the American Accg. Association, AICPA, Financial Executives International, the IIA and IMA Significant frameworks and guidance papers: Internal Controls (1992)* Internal Control Issues in Derivatives Usage (1996) Enterprise Risk Management (2004) Internal Control over Financial Reporting Guidance for Smaller Public Companies (2006) Guidance on Monitoring Internal Control Systems (2009) 3

What is COSO and the Internal Control Framework? COSO - Recap MISSION / VISION Provides thought leadership through the development of frameworks for Enterprise Risk Management Internal Controls Fraud Deterrence Aims to leverage these frameworks to improve operational and governance practices in an organization COSO s vision is to be a recognized thought leader in the global marketplace on the development of guidance in the areas of risk and control which enable good organizational governance and reduction of fraud. 4

What is COSO and the Internal Control Framework? COSO - Recap THE FRAMEWORK COSO s Internal Controls framework is based on three objectives and five components across and organization OBJECTIVES Operations Effectiveness and efficiency of an organization s operations, including operational and financial goals & safeguarding and organization s assets against loss Reporting Internal and external financial and non-financial reporting, encompassing the reliability, timeliness, transparency and other terms set forth by other agency s that set standards and the entity s policies Compliance Pertains to the adherence of laws and regulations the entity is subject to 5

What is COSO and the Internal Control Framework? COSO - Recap THE FRAMEWORK COSO s Internal Controls framework is based on three objectives and five components across and organization COMPONENTS Control Environment The control environment of any organization is the foundation of a sound system of internal controls. This includes the tone at the top, the organization's tone on integrity and ethics, the structure of the entity, its processes and the organization s risk philosophy Risk Assessment A systemic approach that is agreed upon to define the way to identify risk in the organization and ultimately determine the organization s approach to developing control actions for those risks. The risk assessment is dynamic and constantly changing Control Activities The actions that have been developed by the organization such as standard procedures to prevent or detect errors and prevent the identified risks coming to fruition Information and Communication The means by which information is passed throughout the organization, including senior management s tone on internal controls. The primary enabler to ensure that the organization understands what is necessary to achieve the organization objectives Monitoring Activities On-going evaluations of the other components to ensure that the objectives of internal control are being met 6

What is COSO and the Internal Control Framework? COSO - Recap THE COSO CUBE Though there are other COSO Cubes we have just described the fundamentals of COSO s Integrated Framework for Internal Controls. COSO s Objectives COSO s Components 7

2013 Framework Changes 8

What is the new framework? KEY CHANGES Improved clarity of the five objectives for enhanced design and implementation of internal controls Specific listing of the 17 principals Expansion of Reporting Objective to include non-financial and internal reporting Updates to accommodate the changes to the business environment since 1992: Expectations for governance oversight Globalization of markets and operations Changes and increased complexity of business operations Changes in regulations, standards, laws, etc Expectations for competencies and accountabilities Specific expectations relating to the prevention and detection of fraud Use and reliance on evolving technology 9

What is the new framework? EXPANDED GUIDANCE FOR INFORMATION TECHNOLOGY Consideration of information technology related factors that may impact the entity s ability to achieve its objectives Impact of technology on the control environment is evolutionary in nature Brought about by changes in technology and their associated risks Organizations frequently use IT to support control activities and monitor the components of internal control. Inherent limitations of the framework when applied to emerging technological trends such as cloud computing and the use of social media 10 10

Traditional Documentation Approaches Framework Changes Execute Risk Assessment Identify Key Accounts and Map to Business Processes Internal Audit* interviews, documents and validates internal controls with process owners and management 11

Traditional Documentation Approaches Risk Assessment Receipt of Financials Prepare and Issue Risk Survey Input Financials to Risk Model Review and input survey results to Risk Model Follow Up Interviews as needed / Revise Risk Model Prepare Risk Memo and Audit Plan Review w/ Management 12

Traditional Documentation Approaches Map Risks to Processes RISK MAPPING Obtain the consolidated financial statements Assign materiality based on internal discussions Typically percentage of assets for balance sheet items Percentage of net income for I.S. items Review the risk assessment exercise and tie the risks to the financial statements Use the risk assessment factors for impact and likelihood in conjunction with the financial statements Identify priority processes and begin the documentation processes 13

Map Risks to Processes RISK ASSESSMENT KEY DELIVERABLE AN ACTIONANBLE PLAN 14

Evaluate Existing System of Internal Control EVALUATION TOOLS Traditional Risk-Control Matrices, Working Papers & Summary of Control Deficiency Listings which identify control breakdowns and search for compensating controls COSO Suggestions Framework includes a number of enhanced tools that organizations can utilize to assess the efficacy of their internal controls 15

Traditional Documentation Approaches Documentation Prepare Narrative Interview Prepare Flowchart Prepare Risk- Control Matrix Validate Controls 16

Traditional Documentation Approaches Samples Accounts Payable 17

Traditional Documentation Approaches Samples 18

Traditional Documentation Approaches Samples The CLIENT, Anytown Accounts Payable 19

SAMPLE TOOLS Traditional Documentation Approaches Samples 20

Management Assessment Tools Provided by COSO 21

Sample Tools SAMPLE TOOLS ASSESSING THE COMPONENTS 1. Aggregate the design results of the principles 2. Aggregate the operating effectiveness of control suite for each principle 3. Identify deficient principles 4. Determine extent and impact of deficiencies 5. Assess the component 22

Evaluate Existing System of Internal Control EVALUATION TOOLS COSO TEMPLATES 23

Evaluate Existing System of Internal Control EVALUATION TOOLS COSO TEMPLATES 24

Evaluate Existing System of Internal Control EVALUATION TOOLS COSO SAMPLES 25

Thank you. Please contact us with any questions.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information