Top 5 Pitfalls to Avoid Implemeting COSO 2013


Published on

Learn about the 5 pitfalls you should avoid when implementing COSO's 2013 framework. This presentation will provide you with background on what could go wrong for SOX testing and other pitfalls to be aware of.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Ineffective Evaluation strategies (also noted in
  • Ineffective Evaluation strategies (also noted in
  • Ineffective Evaluation strategies (also noted in
  • Ineffective Evaluation strategies (also noted in
  • Top 5 Pitfalls to Avoid Implemeting COSO 2013

    1. 1. 2012 Regulatory updateCompliance Made Simple ©
    2. 2. Compliance Made Simple © 2AgendaCOSO 2012 Massive ProjectMajor Concerns - ACTop 5 PitfallsHow to WIN!
    3. 3. Compliance Made Simple © 3COSO 2012 Project ParticipantsCOSOBoard of DirectorsCOSO Advisory Council• AICPA• AAA• IIA• FEI• IMA• Regulatory Observers• Public Accounting Firms• Others (IFAC, GAVI Alliance, ISACA)PwCAuthor and Project LeaderStakeholder InputSurvey of over 700 stakeholders and usersof the 1992 Internal Control – IntegratedFramework
    4. 4. Compliance Made Simple © 4What’s Staying & What’s Leaving?What is not changing... What is changing...1. Definition of internal control2. Five components of internal control3. The fundamental criteria used to assesseffectiveness of systems of internalcontrol4. Use of judgment in evaluating theeffectiveness of systems of internalcontrol1. Codification of principles with universalapplication for use in developing andevaluating the effectiveness of systemsof internal control2. Expanded financial reporting objective toaddress internal and external, financialand non-financial reporting objectives3. Increased focus on operations,compliance and non-financial reportingobjectives based on user input
    5. 5. A changing business environment... Drives updates to the Framework...Expectations for governance oversightGlobalization of markets and operationsChanges in business modelsDemands and complexity of rules, regulations andstandardsExpectations for competencies and accountabilitiesUse and reliance on evolving technologyExpectations for preventing and detecting fraudUpdated COSO CubeCOSO-2012: Summary of UpdatesNot limitedtoFINANCIALCompliance Made Simple © (see appendix for AICPA Toolkitchanges)5
    6. 6. ConfidenceBenefits of the Updated FrameworkManagementand Board of DirectorsOtherUsersExternalPartiesPerformance• Improve governance• Expand use beyondfinancial reporting• Improve quality of riskassessment• Strengthen anti-fraudefforts• Adapt controls tochanging business needs• Greater applicability forvarious business modelsCompliance Made Simple © 6
    7. 7. Compliance Made Simple © 7Control EnvironmentRisk AssessmentControl ActivitiesInformation & CommunicationMonitoring ActivitiesCOSO 2012: CODIFICATION OF 17 PRINCIPLES1. Demonstrates commitment to integrity and ethical values2. Exercises oversight responsibility3. Establishes structure, authority and responsibility4. Demonstrates commitment to competence5. Enforces accountability6. Specifies relevant objectives7. Identifies and analyzes risk8. Assesses fraud risk9. Identifies and analyzes significant change10. Selects and develops control activities11. Selects and develops general controls over technology12. Deploys through policies and procedures13. Uses relevant information14. Communicates internally15. Communicates externally16. Conducts ongoing and/or separate evaluations17. Evaluates and communicates deficienciesC O M P L I A N C E M A D E S I M P L E © 7
    8. 8. Compliance Made Simple © 8COSO 2006 Vs. 2012 (proposed)
    9. 9. Compliance Made Simple © 9COSO 2006 Vs. 2012 (proposed)
    10. 10. New Fraud ConsiderationsChanges to “Oversight functions”In-Depth questions regarding forecasting impact ofchanges to ICFR and OperationsCompliance Made Simple © 10Major Impact to A/C
    11. 11. Compliance Made Simple © 11Part I: Audit Committee Administration Audit CommitteeRoles and ResponsibilitiesAudit Committee Charter MatrixAudit Committee Financial Expert Decision TreeSample Request for Proposal Letter for CPA Services (PublicCompany)AICPA Peer Reviews and PCAOB Inspections of CPA Firms: AnOverviewGuidelines for Hiring the Chief Audit Executive (CAE)Engaging Independent Counsel and Other AdvisersPart II: Key ResponsibilitiesPart III: Performance Evaluation PartIV: Other Tools
    12. 12. Template Type of Change that may be Expected#1 AC Member role &responsibilities.Minor updates related to AC members role to assist the BOD in its role of oversight for internal control and other whistleblowerfindings and their investigation and related action implementation including the consideration of the impact of a board memberscontinued social relationship with company executives.#2 AC Charter Minor updates related to investigative authority and its implementation by the AC.#7 Engaging CouncilMinor updates as they relate to consideration of long standing social relations and their impact on independence in the light of thecurrent SEC filings based on the Dodd-Frank Act.#8 Internal Control Major updates to align the principles and attributes under each of the 5 areas of COSO based on the new Integrated Framework.#9 – Fraud Responsibilities Minor (core issues have already been addressed)#10 WhistleblowerModerate –(needs to include in the template/log how to track when SEC investigations have come to attention of AuditCommittee)#12 Executive SessionMinor updates to the suggested questions to include queries related to assessment and impact of significant changes on theinternal controls.#14 Responding to ID of MaterialWeaknessModerate – (needs to update language for needs of Dodd-Frank related issues)#15 – Evaluating the Internal AuditTeamModerate (currently no mention of Whistleblower complaint analysis or material weakness follow-up, this could be issues for ACgiven the new Dodd-Frank act)#17 Self Evaluation Minor update related to AC responsibilities per the Dodd Frank Act.Compliance Made Simple © 12Appendix ADodd-Frank Act: PoteAICPA Tool Kit Impacton AC Toolkit byAICPA
    13. 13. Top 5 Implementation PitfallsCompliance Made Simple © 131. Pitfall – Deliverables Not Defined40% of projects fail completely (failure definedas not delivered expectations or unusable1)1 Standish Groups 1996 IT survey
    14. 14. Top 5 Implementation PitfallsCompliance Made Simple © 142. Pitfall – No LinkOver 90% of strategies never meet fulfillment of originalintent2.Primary driver – planning never linked to key deliverablesand overall quantifiable impact. (i.e. # of key controls dropsby 10%, External auditor use of IA work increase by 15%, ELCcontrols reduce 25% of detailed transaction testing)Key Success formulaMotivation=Project SUCCESS!2a 2 JP Kotter, “Leading Change: Why Transformation Efforts Fail,” HarvardBusiness Rev., Mar.-Apr. 1995, pp. 59-672 a Data on 290 completed projects from software engineeringpractitioners based in Australia, Chile, and USA. By June Verner
    15. 15. Top 5 Implementation PitfallsCompliance Made Simple © 153. Pitfall – CultureMulti-Location Organizations have over 80% of projects failbecause of cultural issues3. (Rolls Royce Case Study)Primary drivers1. People don’t do as they say2. Ineffective leaders3. Competing Priorities4. Insufficient resources3 Enterprise information systems projectimplementation:: A case study of ERP inRolls-Royce Yahaya Yusufa, , , A Gunasekaranb, Mark S Abthorpec
    16. 16. Top 5 Implementation PitfallsCompliance Made Simple © 164. Pitfall – Insufficient ResourcesPeople are the most unstable set of resources (i.e. changeposition, turnover, CPE, life changes) and major projectstypically under estimate over 86% the need of “humanresources) on all project4.Primary drivers1. Budget – Ineffective (incorrect assumptions)2. Infrequent Timeline reviews3. Timeliness of budget vs. actual corrections4 Project management effectiveness: The Choice - formal or informal controls,University of Canberra, Susilo, A. Heales, J. Rohde, F.
    17. 17. Top 5 Implementation PitfallsCompliance Made Simple © 175. Pitfall – “Team B” Syndrome87% of C-Level Execs know the team leader function butNOTHING ELSE.5Staff augmentations without clear sense of futureSubcontactors never fully integrated within the projectmuch less the organization5 “Modern Approach” by Petty, 2009; Juli, 2010
    18. 18. Compliance Made Simple © 181. Discuss cultural issues upfront (what will work and what won’t…& “why”)2. Create low & high estimates with checks & balances on estimates3. Accountability structures for project leader and team members4. Never use Team B for a Top priority project5. Clearly define deliverables6. Link Deliverables to people’s performance and overall corporate goals (quantifymajor categories)7. Updates on timelines and ETC (estimate to complete by person, by task)8. Get “perceived percentages” from team members and “weed out” weakplayers9. Frequent project updates (more in the beginning and fewer towards end)10. Present deliverables in a GRAND way!How to win the COSO ImplementationProject?
    19. 19. Compliance Made Simple © 19Sonia Luna, President, CEOSonia.Luna@AvivaSpectrum.com700 S. Flower Street #1100Los Angeles, CA 90017P: (213) 250-5700 x206Contact Information