SlideShare a Scribd company logo

COSO Deep Dive - Using BlackLine to Manage Your COSO Framework

BlackLine
BlackLine

COSO recommends the transition to the revised framework be completed by December 15, 2014. Is your organization ready? In our previous session Clearing Up the COSO Confusion: How to Adopt the New Framework, we discussed the broad scope of the new COSO Framework and how it may apply to your current internal control system. In this upcoming session, we will provide a preview of how to use the COSO template to document and manage controls. This will enable financial leaders, like you, to break through common implementation difficulties to achieve and sustain a fully functioning and auditable internal controls framework. In this deep dive session, you will learn: - Powerful ways to utilize BlackLine’s Task Management Module to help manage your internal controls framework - Practical implementation examples facilitated through directed case studies and activities - Key steps to be taken to ensure all relevant issues have been considered and appropriate changes have been implemented in the framework - Best practices for organizations to establish and accelerate the implementation of the new framework

Software
1 of 42
Download to read offline
David Barton Managing Director UHY Advisors TIME: 12pm PDT / 3pm EDT, Tuesday, October 21st Susan Hols Senior Solutions Consultant BlackLine Systems Inc.
AGENDA • See a live demonstration of how BlackLine Systems’ Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework • Quick review of the COSO Framework and what is new • Key steps to be taken to ensure all relevant issues have been considered and appropriate changes have been implemented in the framework • Practical implementation examples facilitated through directed case studies and activities • Best practices for organizations to establish and accelerate the implementation of the new framework
Susan Hols Senior Solutions Consultant BlackLine Systems Inc. COSO Functionality in BlackLine – Screen Demo
COSO Framework: 5 Components & 17 Principles CONTROL ENVIRONMENT 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority, and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability RISK ASSESSMENT 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change CONTROL ACTIVITIES 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures INFORMATION & COMMUNICATION 13. Uses relevant information 14. Communicates internally 15. Communicates externally MONITORING 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies Optional : COSO Points of Focus 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 Public Company Internal Control Activities Map them to COSO Framework Department Control # Control Activity Accounts Payable CA 053 All postings to the General Ledger are run and validated to ensure that the GL and subledger are in balance. Systems CA 054 Segregation of Duties is maintained throughout all systems and all roles and responsibilities are reviewed by management on an annual basis Systems CA 055 Requests for access to systems and associated responsibilities/functionality is reviewed and approved by management. General Ledger CA 056 All balance sheet reconciliations are prepared and reviewed by management on a monthly basis. All reconciliation exceptions are addressed on a timely basis. General Ledger CA 057 All reconciliations deemed as critical (as per Corp. Policy 146) are completed and approved by workday 6. Step2: Evaluate and assess compliance of Internal Control Activities to COSO Framework Step1: Map Control Activities • Add additional control activities • Remediate any exceptions/deficiencies • Annually assess Actions: Step3:
David Barton Managing Director UHY Advisors COSO Functionality in BlackLine – Screen Demo
ABOUT UHY Advisors • Top 20 Global Public Accounting and Consulting Firm • 7,000 staff in 260 offices in 85 countries • Global resources and capabilities to assist you with all of your local, national and international service requirements • Certified BlackLine Implementation Partner • Leading implementation partner in 2012 and 2013 • Subject matter expertise across all BlackLine modules • Unique project management and finance transformation methodology BlackLine and UHY Advisors
COSO Internal Control Integrated Framework • On May 14, 2013, COSO released an updated version of its Internal Control – Integrated Framework – Intended to make the framework more relevant for investors and shareholders – Focused on enhancing control structures to deal with rapid changes in business environment • Original COSO framework will be superseded after December 15, 2014 – It’s time to get busy – External auditors and PCAOB will likely begin enforcement
What’s New? • “Fundamental Concepts” are now “Principles” – 17 Principles across the 5 components • In order for a system of control to be deemed “effective”: – All 17 principles must be “present and functioning” – All 5 components must operate together in an integrated manner • Each Principle contains multiple points of focus • Financial Reporting has been expanded to include non-financial and internal reporting
What Does “present and functioning” mean? • Present equates to the existence of a control, i.e. is it active? • Inference toward effective design • Functioning equates to operating effectiveness, i.e. it has been tested • Task module is a great way to prove operation and possibly testing
5 Elements and 17 Principles Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities 1. The organization demonstrates a commitment to integrity and ethical values. 2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. 3. Management establishes– with board oversight– structures, reporting lines, and appropriate authorities and responsibilities in pursuit of objectives. 4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. 5. The organization holds the individuals accountable for their internal control responsibilities in the pursuit of objectives. 6. The organization specifies objectives with sufficient clarity to enable identification and assessment of risks relating to objectives. 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 8. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control. 10. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 11. The organization selects and develops general control activities over technology to support the achievement of objectives. 12. The organization deploys control activities through policies that establish what is expected and procedures that put policies into action. 13. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. 14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. 15. The organization communicates with external parties regarding matters affecting the functioning of internal control. 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. 17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
Where to Begin? • Most companies have some form of controls documentation (flowcharts, narratives, matrix) • Step 1 is to map your existing controls to the 2013 COSO framework – Gap analysis – Remediation (fill the gaps) • Export existing COSO Template tasks • Compare to existing internal controls
Possible Controls Status • Control exists in your BlackLine Task Module and in your control matrix (existing Task user) • Control exists in your control matrix but not in Template (add control) • Control exists in Template but not in your control matrix (remediation)
Risk Key Control(s) High Controller group reviews Great Plains automated calculations. JE's are reviewed and approved by Controller. CA 061 Controller group maintains a Month-end Close Checklist. CA 063 A draft of financial statements is sent each month by Assistant Controller to CEO, President, Controller, and COO for reasonableness review. Only the Controller and Assistant Controller have access to Great Plains during the closing periods. CA 054 Controller group prepares GL balance sheet reconciliation; GL is compared to sources, subsidiary schedule/ledger, or other reports that provide detailed account activity information. CA 059 CA 060 Annually, Goodwill impairment analysis reviewed for reasonableness. Controller and Assistant Controller review the financial statements for the impact of material and/or unique exposure items. High Control Exists in Both
High Controller group prepares GL balance sheet reconciliation; GL is compared to sources, subsidiary schedule/ledger, or other reports that provide detailed account activity information Annually, Goodwill impairment analyses (SFAS 142) are summarized by Controller's group and reviewed for reasonableness High JE's are reviewed and approved by Controller. CA 061 Changes to the chart of accounts are approved by the Controller and implemented by the Assistant Controller. A draft of financial statements is sent each month by Assistant Controller to CEO, President, Controller, and COO for reasonableness review. Add a control to BlackLine Task Module
Control in Template, not in Matrix • Specifies suitable objectives • Identifies and analyzes risk • Assesses fraud risk • Identifies and analyzes significant change Risk Assessment
What’s Next? • Map your current controls and documentation to the new framework • Perform a gap analysis • Develop a transition plan – Consider centralized PMO – Ensure top-down approach – Identify roles and responsibilities – Facilitate awareness and perform training • Remediate gaps • Communicate with stakeholders
THANK YOU! https://www.blackline.com/ http://uhy-us.com/

Recommended

Modern Finance Tour London May 2016
Modern Finance Tour London May 2016Modern Finance Tour London May 2016
Modern Finance Tour London May 2016BlackLine
 
Reconciliations Done Right: Automate and Scale Your Bank and Credit Card Reco...
Reconciliations Done Right: Automate and Scale Your Bank and Credit Card Reco...Reconciliations Done Right: Automate and Scale Your Bank and Credit Card Reco...
Reconciliations Done Right: Automate and Scale Your Bank and Credit Card Reco...BlackLine
 
Asurion and BlackLine Systems
Asurion and BlackLine SystemsAsurion and BlackLine Systems
Asurion and BlackLine SystemsMichael A Baas
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideCenapSerdarolu
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid themSurajit Datta
 
Automating Account Reconciliations to Mitigate Compliance Risk
Automating Account Reconciliations to Mitigate Compliance RiskAutomating Account Reconciliations to Mitigate Compliance Risk
Automating Account Reconciliations to Mitigate Compliance RiskProformative, Inc.
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
Automating Account Reconciliation to Mitigate Compliance Risk
Automating Account Reconciliation to Mitigate Compliance RiskAutomating Account Reconciliation to Mitigate Compliance Risk
Automating Account Reconciliation to Mitigate Compliance RiskProformative, Inc.
 

Recommended

Modern Finance Tour London May 2016
Modern Finance Tour London May 2016Modern Finance Tour London May 2016
Modern Finance Tour London May 2016BlackLine
 
Reconciliations Done Right: Automate and Scale Your Bank and Credit Card Reco...
Reconciliations Done Right: Automate and Scale Your Bank and Credit Card Reco...Reconciliations Done Right: Automate and Scale Your Bank and Credit Card Reco...
Reconciliations Done Right: Automate and Scale Your Bank and Credit Card Reco...BlackLine
 
Asurion and BlackLine Systems
Asurion and BlackLine SystemsAsurion and BlackLine Systems
Asurion and BlackLine SystemsMichael A Baas
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideCenapSerdarolu
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid themSurajit Datta
 
Automating Account Reconciliations to Mitigate Compliance Risk
Automating Account Reconciliations to Mitigate Compliance RiskAutomating Account Reconciliations to Mitigate Compliance Risk
Automating Account Reconciliations to Mitigate Compliance RiskProformative, Inc.
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
Automating Account Reconciliation to Mitigate Compliance Risk
Automating Account Reconciliation to Mitigate Compliance RiskAutomating Account Reconciliation to Mitigate Compliance Risk
Automating Account Reconciliation to Mitigate Compliance RiskProformative, Inc.
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Frameworkhyesue
 
Best Practices: Change Management
Best Practices: Change ManagementBest Practices: Change Management
Best Practices: Change ManagementCorporate Compliance Seminars
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsCorporate Compliance Seminars
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideCenapSerdarolu
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The AuditorCorporate Compliance Seminars
 
A COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkA COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkJhurt7103
 
Faster financial closing & Effective Management reporting strategies
Faster financial closing & Effective Management reporting strategiesFaster financial closing & Effective Management reporting strategies
Faster financial closing & Effective Management reporting strategiesDr. Dhirendra Gautam
 
For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentRajeswaran Muthu Venkatachalam
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit planessbaih
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightBlackLine
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Internal Auditor Roles
Internal Auditor RolesInternal Auditor Roles
Internal Auditor RolesIyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditorsminkhollow
 
Model i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaModel i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaRajeswaran Muthu Venkatachalam
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal AuditArmeniaFED
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideCenapSerdarolu
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing functionDebashis Gupta
 
Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Amit Bhargava
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007Danial Khan
 
COSO Deck
COSO DeckCOSO Deck
COSO DeckRon Steinkamp
 

More Related Content

What's hot

Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Frameworkhyesue
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsCorporate Compliance Seminars
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideCenapSerdarolu
 
A COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkA COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkJhurt7103
 
Faster financial closing & Effective Management reporting strategies
Faster financial closing & Effective Management reporting strategiesFaster financial closing & Effective Management reporting strategies
Faster financial closing & Effective Management reporting strategiesDr. Dhirendra Gautam
 
For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentRajeswaran Muthu Venkatachalam
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit planessbaih
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightBlackLine
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditorsminkhollow
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal AuditArmeniaFED
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideCenapSerdarolu
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing functionDebashis Gupta
 
Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Amit Bhargava
 

What's hot (20)

Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Framework
 
Best Practices: Change Management
Best Practices: Change ManagementBest Practices: Change Management
Best Practices: Change Management
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance Seminars
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
 
A COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkA COSO Based Risk & Control Framework
A COSO Based Risk & Control Framework
 
Faster financial closing & Effective Management reporting strategies
Faster financial closing & Effective Management reporting strategiesFaster financial closing & Effective Management reporting strategies
Faster financial closing & Effective Management reporting strategies
 
For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit department
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit plan
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guide
 
COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It Right
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Internal Auditor Roles
Internal Auditor RolesInternal Auditor Roles
Internal Auditor Roles
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
 
Model i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaModel i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for ia
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guide
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing function
 
Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation
 

Similar to COSO Deep Dive - Using BlackLine to Manage Your COSO Framework

El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007Danial Khan
 
UNCCInternalControls.pptx
UNCCInternalControls.pptxUNCCInternalControls.pptx
UNCCInternalControls.pptxAral20101
 
COSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfCOSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfAliehaDhea
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
IFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxIFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxSejalJain178980
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Stress Testing Conference - FinRep 6.23.15
Stress Testing Conference - FinRep 6.23.15Stress Testing Conference - FinRep 6.23.15
Stress Testing Conference - FinRep 6.23.15Robert Fournier
 
Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013SARVJEET KAUSHAL
 
990025 p executive-summary-final-may20
990025 p executive-summary-final-may20990025 p executive-summary-final-may20
990025 p executive-summary-final-may20Thoriq Rivaldi
 
Internal Control Review for a Federal Agency - Introduction
Internal Control Review for a Federal Agency - IntroductionInternal Control Review for a Federal Agency - Introduction
Internal Control Review for a Federal Agency - IntroductionAnthony Rainey
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summaryErwin Morales
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summaryKatherine Reyes V.
 
IFC Presentation
IFC PresentationIFC Presentation
IFC PresentationSDN And CO.
 
SEATA by TOMMY SEAH
SEATA by TOMMY SEAHSEATA by TOMMY SEAH
SEATA by TOMMY SEAHTommy Seah
 

Similar to COSO Deep Dive - Using BlackLine to Manage Your COSO Framework (20)

El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
 
COSO Deck
COSO DeckCOSO Deck
COSO Deck
 
COSO.pptx
COSO.pptxCOSO.pptx
COSO.pptx
 
COSO Update DTF
COSO Update DTFCOSO Update DTF
COSO Update DTF
 
UNCCInternalControls.pptx
UNCCInternalControls.pptxUNCCInternalControls.pptx
UNCCInternalControls.pptx
 
COSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfCOSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdf
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
IFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxIFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptx
 
WIRC-IFC.pdf
WIRC-IFC.pdfWIRC-IFC.pdf
WIRC-IFC.pdf
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Stress Testing Conference - FinRep 6.23.15
Stress Testing Conference - FinRep 6.23.15Stress Testing Conference - FinRep 6.23.15
Stress Testing Conference - FinRep 6.23.15
 
Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013
 
990025 p executive-summary-final-may20
990025 p executive-summary-final-may20990025 p executive-summary-final-may20
990025 p executive-summary-final-may20
 
Internal Control Review for a Federal Agency - Introduction
Internal Control Review for a Federal Agency - IntroductionInternal Control Review for a Federal Agency - Introduction
Internal Control Review for a Federal Agency - Introduction
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summary
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summary
 
IFC Presentation
IFC PresentationIFC Presentation
IFC Presentation
 
SEATA by TOMMY SEAH
SEATA by TOMMY SEAHSEATA by TOMMY SEAH
SEATA by TOMMY SEAH
 

Recently uploaded

Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 

Recently uploaded (20)

Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 

COSO Deep Dive - Using BlackLine to Manage Your COSO Framework

  • 1. David Barton Managing Director UHY Advisors TIME: 12pm PDT / 3pm EDT, Tuesday, October 21st Susan Hols Senior Solutions Consultant BlackLine Systems Inc.
  • 2. AGENDA • See a live demonstration of how BlackLine Systems’ Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework • Quick review of the COSO Framework and what is new • Key steps to be taken to ensure all relevant issues have been considered and appropriate changes have been implemented in the framework • Practical implementation examples facilitated through directed case studies and activities • Best practices for organizations to establish and accelerate the implementation of the new framework
  • 3. Susan Hols Senior Solutions Consultant BlackLine Systems Inc. COSO Functionality in BlackLine – Screen Demo
  • 4. COSO Framework: 5 Components & 17 Principles CONTROL ENVIRONMENT 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority, and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability RISK ASSESSMENT 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change CONTROL ACTIVITIES 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures INFORMATION & COMMUNICATION 13. Uses relevant information 14. Communicates internally 15. Communicates externally MONITORING 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies Optional : COSO Points of Focus 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 Public Company Internal Control Activities Map them to COSO Framework Department Control # Control Activity Accounts Payable CA 053 All postings to the General Ledger are run and validated to ensure that the GL and subledger are in balance. Systems CA 054 Segregation of Duties is maintained throughout all systems and all roles and responsibilities are reviewed by management on an annual basis Systems CA 055 Requests for access to systems and associated responsibilities/functionality is reviewed and approved by management. General Ledger CA 056 All balance sheet reconciliations are prepared and reviewed by management on a monthly basis. All reconciliation exceptions are addressed on a timely basis. General Ledger CA 057 All reconciliations deemed as critical (as per Corp. Policy 146) are completed and approved by workday 6. Step2: Evaluate and assess compliance of Internal Control Activities to COSO Framework Step1: Map Control Activities • Add additional control activities • Remediate any exceptions/deficiencies • Annually assess Actions: Step3:
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30. David Barton Managing Director UHY Advisors COSO Functionality in BlackLine – Screen Demo
  • 31. ABOUT UHY Advisors • Top 20 Global Public Accounting and Consulting Firm • 7,000 staff in 260 offices in 85 countries • Global resources and capabilities to assist you with all of your local, national and international service requirements • Certified BlackLine Implementation Partner • Leading implementation partner in 2012 and 2013 • Subject matter expertise across all BlackLine modules • Unique project management and finance transformation methodology BlackLine and UHY Advisors
  • 32. COSO Internal Control Integrated Framework • On May 14, 2013, COSO released an updated version of its Internal Control – Integrated Framework – Intended to make the framework more relevant for investors and shareholders – Focused on enhancing control structures to deal with rapid changes in business environment • Original COSO framework will be superseded after December 15, 2014 – It’s time to get busy – External auditors and PCAOB will likely begin enforcement
  • 33. What’s New? • “Fundamental Concepts” are now “Principles” – 17 Principles across the 5 components • In order for a system of control to be deemed “effective”: – All 17 principles must be “present and functioning” – All 5 components must operate together in an integrated manner • Each Principle contains multiple points of focus • Financial Reporting has been expanded to include non-financial and internal reporting
  • 34. What Does “present and functioning” mean? • Present equates to the existence of a control, i.e. is it active? • Inference toward effective design • Functioning equates to operating effectiveness, i.e. it has been tested • Task module is a great way to prove operation and possibly testing
  • 35. 5 Elements and 17 Principles Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities 1. The organization demonstrates a commitment to integrity and ethical values. 2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. 3. Management establishes– with board oversight– structures, reporting lines, and appropriate authorities and responsibilities in pursuit of objectives. 4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. 5. The organization holds the individuals accountable for their internal control responsibilities in the pursuit of objectives. 6. The organization specifies objectives with sufficient clarity to enable identification and assessment of risks relating to objectives. 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 8. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control. 10. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 11. The organization selects and develops general control activities over technology to support the achievement of objectives. 12. The organization deploys control activities through policies that establish what is expected and procedures that put policies into action. 13. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. 14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. 15. The organization communicates with external parties regarding matters affecting the functioning of internal control. 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. 17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
  • 36. Where to Begin? • Most companies have some form of controls documentation (flowcharts, narratives, matrix) • Step 1 is to map your existing controls to the 2013 COSO framework – Gap analysis – Remediation (fill the gaps) • Export existing COSO Template tasks • Compare to existing internal controls
  • 37. Possible Controls Status • Control exists in your BlackLine Task Module and in your control matrix (existing Task user) • Control exists in your control matrix but not in Template (add control) • Control exists in Template but not in your control matrix (remediation)
  • 38. Risk Key Control(s) High Controller group reviews Great Plains automated calculations. JE's are reviewed and approved by Controller. CA 061 Controller group maintains a Month-end Close Checklist. CA 063 A draft of financial statements is sent each month by Assistant Controller to CEO, President, Controller, and COO for reasonableness review. Only the Controller and Assistant Controller have access to Great Plains during the closing periods. CA 054 Controller group prepares GL balance sheet reconciliation; GL is compared to sources, subsidiary schedule/ledger, or other reports that provide detailed account activity information. CA 059 CA 060 Annually, Goodwill impairment analysis reviewed for reasonableness. Controller and Assistant Controller review the financial statements for the impact of material and/or unique exposure items. High Control Exists in Both
  • 39. High Controller group prepares GL balance sheet reconciliation; GL is compared to sources, subsidiary schedule/ledger, or other reports that provide detailed account activity information Annually, Goodwill impairment analyses (SFAS 142) are summarized by Controller's group and reviewed for reasonableness High JE's are reviewed and approved by Controller. CA 061 Changes to the chart of accounts are approved by the Controller and implemented by the Assistant Controller. A draft of financial statements is sent each month by Assistant Controller to CEO, President, Controller, and COO for reasonableness review. Add a control to BlackLine Task Module
  • 40. Control in Template, not in Matrix • Specifies suitable objectives • Identifies and analyzes risk • Assesses fraud risk • Identifies and analyzes significant change Risk Assessment
  • 41. What’s Next? • Map your current controls and documentation to the new framework • Perform a gap analysis • Develop a transition plan – Consider centralized PMO – Ensure top-down approach – Identify roles and responsibilities – Facilitate awareness and perform training • Remediate gaps • Communicate with stakeholders