Introduction to COSO 2013 - Corporate Compliance Seminars


Published on

This short presentation provides an overview of the COSO 2013 and important information concerning the upgrading of Internal Control Frameworks.

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

Introduction to COSO 2013 - Corporate Compliance Seminars

  1. 1. Property of Corporate Compliance Seminars 1 David S. Marshall, MBA, CISA, CFE, CFS Ph: 708-205-2366 / John C. Blackshire, Jr., CPA Ph: 479-200-4373/ COSO 2013 Overview of the Framework A Practical Implementation of the COSO Update for Management and Auditors Corporate Compliance Seminars
  2. 2. Corporate Compliance Seminars provides educational seminars and consulting services to businesses of all sizes. Our mission is to promote the awareness of internal controls, regulatory compliance, corporate governance, IT security, and fraud prevention and detection to improve business profitability. Each faculty member has over 20 years of work experience within the subject matter. Corporate Compliance Seminars has been presenting practical, informative and entertaining seminars since 2004. We are a proud sponsor of NASBA. Property of Corporate Compliance Seminars 2 Corporate Compliance Seminars
  3. 3. Problems • Foreign Corrupt Practices Act of 1977 - Violations • Real Estate boon; inflation; high interest rates; Savings and Loan deregulation • Business Failures: Penn Square Bank, Continental Bank; Crazy Eddie’s Electronics • S & L Crisis: Over 700 failures - many from fraud; overvalued real estate; lack of internal controls; lending out far too much money than was prudent Solutions 1985: National Commission on Fraudulent Financial Reporting aka “Treadway Commission” Mission: “To identify causal factors that can lead to fraudulent financial reporting.” 1999: Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees 3 Property of Corporate Compliance Seminars
  4. 4. Property of Corporate Compliance Seminars 4 1985 - Committee of Sponsoring Organizations (COSO) of the Treadway Commission was formed “COSO is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence.”
  5. 5. The term internal control over financial reporting is defined as a process designed by, or under the supervision of, the issuer's principal executive and principal financial officers, or persons performing similar functions, and effected by the issuer's board of directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that: • Pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the issuer; • Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the issuer are being made only in accordance with authorizations of management and directors of the issuer; and • Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the issuer's assets that could have a material effect on the financial statements.” (Rule 13a-15 (f) ) Property of Corporate Compliance Seminars 5
  6. 6. “A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding achievement of objectives in the following categories: • Effectiveness and efficiency of operations, • Reliability of financial reporting, and • Compliance with applicable laws and regulations.” Property of Corporate Compliance Seminars 6 Components of Internal Control Definition of Internal Control Layers of Internal Control
  7. 7. 7 COSO - Board of Directors COSO Advisory Council AICPA, AAA, IIA, FEI, IMA Regulatory Observers Public Accounting Firms Others (IFAC, GAVI Alliance, ISACA) PwC - Contracted Author Stakeholders Over 700 stakeholders and users were surveyed and others submitted comments during the draft review period Douglas F. Prawitt AAA Charles Landes AICPA Marie N. Hollein FEI Sandra Richtermeyer IMA Richard F. Chambers, IIA Robert B. Hirth, Jr. Chairman
  8. 8. Why update the “Internal Control – Integrated Framework”? • Address significant changes to business environment and associated risks • Codify criteria to us in development and assessment of systems of internal control • Increase focus on operations, compliance and non-financial reporting objectives. Property of Corporate Compliance Seminars
  9. 9. A changing business environment... Drives updates to the Framework... Expectations for governance oversight Globalization of markets and operations Changes in business models Demands and complexity of rules, regulations and standards Expectations for competencies and accountabilities Use and reliance on evolving technology Expectations for preventing and detecting fraud 9 Why Change? Benefits… - Improve governance - Expand use beyond financial reporting - Improve quality of risk assessment - Strengthen anti-fraud efforts - Adapt controls to changing business needs - Greater applicability for various business models
  10. 10. What did not change... What changed... 1. Definition of internal control 2. Five components of internal control 3. The fundamental criteria used to assess effectiveness of systems of internal control 4. Use of judgment in evaluating the effectiveness of systems of internal control 1. Codification of principles with universal application for use in developing and evaluating the effectiveness of systems of internal control 2. Expanded financial reporting objective to address internal and external, financial and non-financial reporting objectives 3. Increased focus on operations, compliance and non-financial reporting objectives based on user input “The experienced reader will find much familiar in the updated Framework, which builds on what has proven effective in the original version.” Property of Corporate Compliance Seminars COSO Update created “Principles of Control” (PoCs) and “Points of Focus” (PoFs)
  11. 11. Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies relevant objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
  12. 12. • “Effective internal control provides reasonable assurance regarding the achievement of objectives and requires that: • Each component and each relevant principle is present and functioning • The five components are operating together in an integrated manner” • “Each principle is suitable to all entities…” • “All principles are presumed relevant except in rare situations where management determines that a principle is not relevant to a component (e.g., governance, technology)” • “Components operate together when all components are present and functioning and internal control deficiencies aggregated across components do not result in one or more major deficiencies…” • “A major deficiency represents an internal control deficiency or combination thereof that severely reduces the likelihood that an entity can achieve its objectives…”
  13. 13. PoF Statements from COSO • “Points of focus may not be suitable or relevant, and others may be identified” • “Points of focus may facilitate designing, implementing, and conducting internal control” • “There is no requirement to separately assess whether points of focus are in place” Control Environment Principle of Control 1: “The organization demonstrates a commitment to integrity and ethical values.” Points of Focus: • Sets the Tone at the Top • Establishes Standards of Conduct • Evaluates Adherence to Standards of Conduct • Addresses Deviations in a Timely Manner
  14. 14. • “The Framework does not prescribe controls to be selected, developed, and deployed for effective internal control.” • “An organization’s selection of controls to effect relevant principles and associated components is a function of management judgment based on factors unique to the entity.” • “A major deficiency in a component or principle cannot be mitigated to an acceptable level by the presence and functioning of other components and principles.” • “However, understanding and considering how controls effect multiple principles can provide persuasive evidence supporting management’s assessment of whether components and relevant principles are present and functioning.”
  15. 15. 10. No statement of the problems with COSO 1992 9. Management by Objectives (MBO) based 8. COSO is not ERM – financial statement risks 7. No Study of the utility of the COSO Framework 6. No integration of other disciplines Property of Corporate Compliance Seminars 15
  16. 16. 5. It is not a dynamic framework nor organization 4. No study of “What Went Wrong Post-SOX” 3. Linear control representation 2. “Concept of Culture” Property of Corporate Compliance Seminars 16 1. Is COSO independent and objective?
  17. 17. • “Users are encouraged to transition applications and related documentation to the updated Framework as soon as feasible” • Due date is December 15, 2014, when the New Framework will supersede the current one • The transition period starts now • During the transition period, external reports (issued by management to regulators-SEC) should disclose whether the original or updated version of the Framework was used • “Adopting the updated Framework will vary by organization…” Does your system of internal control need to address changes in operations – structure, products, services? Should your system of internal control be updated to address all 17 Principles? Should your system of internal control be updated to address all 79 Points of Focus?
  18. 18. Property of Corporate Compliance Seminars 18 Five COSO Components: CE, RA, CA, I&C, MA 17 Principles Imbedded in the Components Focus on the pervasive controls that set the overall tone of the organization and the key controls to prevent and detect material misstatements The fundamental concepts associated with, and drawn directly from, the five components of the Framework 87 Points of Focus Imbedded in the Principles Supporting each principle are “Points of Focus” to assist management in determining whether the associated principle is present and functioning
  19. 19. Property of Corporate Compliance Seminars 19 • Understand the COSO updated Framework and its impact on your organization • Communicate the Update to your Compliance team, internal auditors, executives, Board/ Audit Committee, and operations management • Assess and apply changes in controls and supporting documentation, and map to five COSO Components and applicable Principles of Control and Points of Focus • Implement by December 31, 2014 for external reporting
  20. 20. The principles-based approach provides flexibility in applying the Framework to multiple, overlapping objectives across the entity • Easier to see what is covered and what is missing • Focus on principles may reduce likelihood of considering something that’s irrelevant Understand the importance of specifying suitable objectives focuses on those risks and controls most important to achieving these objectives Focus on areas of risk that exceed acceptance levels or need to be managed across the entity may reduce efforts spent mitigating risks in areas of lesser significance Coordinate efforts for identifying and assessing risks across multiple, overlapping objectives may reduce the number of discrete risks assessed and mitigated Improved Controls = Less Risk = Achieving Organization Objectives
  21. 21. - This is an excerpt from our COSO Update seminars - David S. Marshall, MBA, CISA, CFE, CFS Corporate Compliance Seminars/ Infotech Global 708-205-2366/ John C. Blackshire, Jr., CPA Corporate Compliance Seminars/ The AccountWare Group 479-200-4373/ Property of Corporate Compliance Seminars 21 Corporate Compliance Seminars