SlideShare a Scribd company logo

COSO Update DTF

Download as PPTX, PDF
D
David Fernandes

This document provides an overview of updates to the COSO Internal Control-Integrated Framework made in 2013. The key changes include expanding the framework to apply to operations and compliance objectives in addition to financial reporting, reflecting changes in the business environment. It articulates principles for each of the five components of internal control (control environment, risk assessment, control activities, information and communication, and monitoring activities). The update also clarifies requirements for effective internal control, such as each component and principle needing to be present and functioning, and components operating together.

1 of 15
COMPANY CONFIDENTIAL COSO 2013 Update Internal Control–Integrated Framework COSO Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of a System of Internal Control Internal Control over External Financial Reporting: A Compendium of Approaches and examples Transition & Impact Recommended Actions Questions & Comments
Original Framework COSO’s Internal Control–Integrated Framework (1992 Edition) Refresh Objectives Updated Framework COSO’s Internal Control–Integrated Framework (2013 Edition) Broadens Application Clarifies Requirements Articulate principles to facilitate effective internal control COSO has become the most widely adopted control framework. Updates Context Enhancements Reflect changes in business & operating environments Expand operations and reporting objectives COSO 2013 Update
COMPANY CONFIDENTIAL COSO 2013 Update What is not changing... What is changing... • Core definition of internal control • Three categories of objectives and five components of internal control • Each of the five components of internal control are required for effective internal control • Important role of judgment in designing, implementing and conducting internal control, and in assessing its effectiveness • Changes in business and operating environments considered • Operations and reporting objectives expanded • Fundamental concepts underlying five components articulated as principles • Additional approaches and examples relevant to operations, compliance, and non-financial reporting objectives added Update has increased use and broadened application
COMPANY CONFIDENTIAL COSO 2013 Update Update reflects changes in business and operating environments Environments changes... …have driven Framework updates Expectations for governance oversight Globalization of markets and operations Changes and greater complexity in business Demands and complexities in laws, rules, regulations, and standards Expectations for competencies and accountabilities Use of, and reliance on, evolving technologies Expectations relating to preventing and detecting fraud COSO Cube (2013 Edition)
Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities Update articulates principles of effective internal control 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies COSO 2013 Update 5COSO 2013 Update
Control Environment Update articulates principles of effective internal control (continued) 1. The organization demonstrates a commitment to integrity and ethical values. 2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. COSO 2013 Update 6COSO 2013 Update
6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 8. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control. Risk Assessment Update articulates principles of effective internal control (continued) COSO 2013 Update 7COSO 2013 Update
10. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 11. The organization selects and develops general control activities over technology to support the achievement of objectives. 12. The organization deploys control activities through policies that establish what is expected and procedures that put policies into place. Control Activities Update articulates principles of effective internal control (continued) COSO 2013 Update 8COSO 2013 Update
13. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. 14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. 15. The organization communicates with external parties regarding matters affecting the functioning of internal control. Information & Communication Update articulates principles of effective internal control (continued) COSO 2013 Update 9COSO 2013 Update
16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. 17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. Monitoring Activities Update articulates principles of effective internal control (continued) COSO 2013 Update 10COSO 2013 Update
Update clarifies requirements for effective internal control • Effective internal control provides reasonable assurance regarding the achievement of objectives and requires that: – Each component and each relevant principle is present and functioning – The five components are operating together in an integrated manner • Each principle is suitable to all entities; all principles are presumed relevant except in rare situations where management determines that a principle is not relevant to a component (e.g., governance, technology) • Components operate together when all components are present and functioning and internal control deficiencies aggregated across components do not result in one or more major deficiencies • A major deficiency represents an internal control deficiency or combination thereof that severely reduces the likelihood that an entity can achieve its objectives COSO 2013 Update 11COSO 2013 Update
Update describes important characteristics of principles, e.g., • Points of focus may not be suitable or relevant, and others may be identified • Points of focus may facilitate designing, implementing, and conducting internal control • There is no requirement to separately assess whether points of focus are in place Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. Points of Focus: • Sets the Tone at the Top • Establishes Standards of Conduct • Evaluates Adherence to Standards of Conduct • Addresses Deviations in a Timely Manner COSO 2013 Update 12COSO 2013 Update
Update describes the role of controls to effect principles • The Framework does not prescribe controls to be selected, developed, and deployed for effective internal control • An organization’s selection of controls to effect relevant principles and associated components is a function of management judgment based on factors unique to the entity • A major deficiency in a component or principle cannot be mitigated to an acceptable level by the presence and functioning of other components and principles • However, understanding and considering how controls effect multiple principles can provide persuasive evidence supporting management’s assessment of whether components and relevant principles are present and functioning COSO 2013 Update 13COSO 2013 Update
Update describes how various controls effect principles, e.g., Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. Component Principle Controls embedded in other components may effect this principle Human Resources review employees’ confirmations to assess whether standards of conduct are understood and adhered to by staff across the entity Control Environment Management obtains and reviews data and information underlying potential deviations captured in whistleblower hot- line to assess quality of information Information & Communication Internal Audit separately evaluates Control Environment, considering employee behaviors and whistleblower hotline results and reports thereon Monitoring Activities COSO 2013 Update 14COSO 2013 Update
• Principles – Provide clarity regarding the role of principles in designing, implementing, and conducting internal control, and assessing its effectiveness – Clarify descriptions of some principles, but no additional principles • Effectiveness – Recognize effective internal control can provide reasonable assurance of achieving effective and efficient operations objectives (as noted before) – Clarify requirement that each of the components and relevant principles must be present and functioning and components must operating together – Remove presumption that points of focus are present and functioning, and clarify that no separate assessment of points of focus is required – Standardize classification of internal control deficiencies, and clarify use of only relevant criteria established in laws, rules, regulations and standards COSO 2013 Update 15COSO 2013 Update

Recommended

Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Frameworkhyesue
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Frameworksbyearly
 
COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightBlackLine
 
Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Amit Bhargava
 
SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013Lorri Jongeneel, CPA
 
COSO ERM
COSO ERMCOSO ERM
COSO ERMSophia Abigayle
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 

Recommended

Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Frameworkhyesue
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Frameworksbyearly
 
COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightBlackLine
 
Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Amit Bhargava
 
SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013Lorri Jongeneel, CPA
 
COSO ERM
COSO ERMCOSO ERM
COSO ERMSophia Abigayle
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Auditijazurrehman
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The AuditorCorporate Compliance Seminars
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
Coso illustrative tool
Coso illustrative toolCoso illustrative tool
Coso illustrative toolSARVJEET KAUSHAL
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsCorporate Compliance Seminars
 
COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to knowjennyhollingworth
 
COSO Deck
COSO DeckCOSO Deck
COSO DeckRon Steinkamp
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationInternational Federation of Accountants
 
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationUpgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationInternational Federation of Accountants
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
A COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkA COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkJhurt7103
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkAziz Fataliyev, Internal Audit Practitioner
 
Best Practices: Change Management
Best Practices: Change ManagementBest Practices: Change Management
Best Practices: Change ManagementCorporate Compliance Seminars
 
Professional opportunities in Internal Audit
Professional opportunities in Internal AuditProfessional opportunities in Internal Audit
Professional opportunities in Internal AuditManoj Agarwal
 
Internal Control COSO
Internal Control COSOInternal Control COSO
Internal Control COSOJesús Gándara
 
Audit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementAudit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementManoj Agarwal
 
Fraud principles1
Fraud principles1Fraud principles1
Fraud principles1Sevisa Isufaj
 
7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and Reporting7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and ReportingBrown Smith Wallace
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsInternational Federation of Accountants
 
Fraud Detection presentation
Fraud Detection presentationFraud Detection presentation
Fraud Detection presentationHernan Huwyler
 

More Related Content

What's hot

Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Auditijazurrehman
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsCorporate Compliance Seminars
 
COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to knowjennyhollingworth
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationInternational Federation of Accountants
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
A COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkA COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkJhurt7103
 
Professional opportunities in Internal Audit
Professional opportunities in Internal AuditProfessional opportunities in Internal Audit
Professional opportunities in Internal AuditManoj Agarwal
 
Audit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementAudit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementManoj Agarwal
 

What's hot (18)

Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Audit
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
 
Coso illustrative tool
Coso illustrative toolCoso illustrative tool
Coso illustrative tool
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance Seminars
 
COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to know
 
COSO Deck
COSO DeckCOSO Deck
COSO Deck
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your Organization
 
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationUpgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
A COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkA COSO Based Risk & Control Framework
A COSO Based Risk & Control Framework
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated Framework
 
Best Practices: Change Management
Best Practices: Change ManagementBest Practices: Change Management
Best Practices: Change Management
 
Professional opportunities in Internal Audit
Professional opportunities in Internal AuditProfessional opportunities in Internal Audit
Professional opportunities in Internal Audit
 
Internal Control COSO
Internal Control COSOInternal Control COSO
Internal Control COSO
 
Audit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementAudit Audit Commite And Risk Management
Audit Audit Commite And Risk Management
 

Viewers also liked

7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and Reporting7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and ReportingBrown Smith Wallace
 
Fraud Detection presentation
Fraud Detection presentationFraud Detection presentation
Fraud Detection presentationHernan Huwyler
 
Credit card fraud detection
Credit card fraud detectionCredit card fraud detection
Credit card fraud detectionkalpesh1908
 

Viewers also liked (6)

Fraud principles1
Fraud principles1Fraud principles1
Fraud principles1
 
7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and Reporting7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and Reporting
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
 
Fraud Detection presentation
Fraud Detection presentationFraud Detection presentation
Fraud Detection presentation
 
Fraud detection
Fraud detectionFraud detection
Fraud detection
 
Credit card fraud detection
Credit card fraud detectionCredit card fraud detection
Credit card fraud detection
 

Similar to COSO Update DTF

COSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfCOSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfAliehaDhea
 
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkCOSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkBlackLine
 
IFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial controlIFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial controlajayinvestrade
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007Danial Khan
 
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...miguelserrano5851127
 
IFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxIFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxSejalJain178980
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessmentManoj Agarwal
 
Final_Compliance Program _Internal Audit
Final_Compliance Program _Internal AuditFinal_Compliance Program _Internal Audit
Final_Compliance Program _Internal AuditLindsay DiFazio
 
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control Tahir Abbas
 
control-and-its-process-icsi.pdf
control-and-its-process-icsi.pdfcontrol-and-its-process-icsi.pdf
control-and-its-process-icsi.pdfssuser1fdbd91
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideCenapSerdarolu
 
conroling slides by sohar bakhsh
conroling slides by sohar bakhshconroling slides by sohar bakhsh
conroling slides by sohar bakhshSohar Bakhsh
 
What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business? What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business? Ardea International
 
Controlling in Management
Controlling in ManagementControlling in Management
Controlling in ManagementNawarAlSaadi1
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideAstalapulosListestos
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 

Similar to COSO Update DTF (20)

COSO.pptx
COSO.pptxCOSO.pptx
COSO.pptx
 
COSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfCOSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdf
 
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkCOSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
 
IFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial controlIFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial control
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
 
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...
 
IFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxIFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptx
 
TEAM 10.pptx
TEAM 10.pptxTEAM 10.pptx
TEAM 10.pptx
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessment
 
Final_Compliance Program _Internal Audit
Final_Compliance Program _Internal AuditFinal_Compliance Program _Internal Audit
Final_Compliance Program _Internal Audit
 
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
 
control-and-its-process-icsi.pdf
control-and-its-process-icsi.pdfcontrol-and-its-process-icsi.pdf
control-and-its-process-icsi.pdf
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guide
 
conroling slides by sohar bakhsh
conroling slides by sohar bakhshconroling slides by sohar bakhsh
conroling slides by sohar bakhsh
 
What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business? What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business?
 
Unit 6.pom
Unit 6.pomUnit 6.pom
Unit 6.pom
 
Controlling in Management
Controlling in ManagementControlling in Management
Controlling in Management
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guide
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Internal control system
Internal control systemInternal control system
Internal control system
 

COSO Update DTF

  • 1. COMPANY CONFIDENTIAL COSO 2013 Update Internal Control–Integrated Framework COSO Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of a System of Internal Control Internal Control over External Financial Reporting: A Compendium of Approaches and examples Transition & Impact Recommended Actions Questions & Comments
  • 2. Original Framework COSO’s Internal Control–Integrated Framework (1992 Edition) Refresh Objectives Updated Framework COSO’s Internal Control–Integrated Framework (2013 Edition) Broadens Application Clarifies Requirements Articulate principles to facilitate effective internal control COSO has become the most widely adopted control framework. Updates Context Enhancements Reflect changes in business & operating environments Expand operations and reporting objectives COSO 2013 Update
  • 3. COMPANY CONFIDENTIAL COSO 2013 Update What is not changing... What is changing... • Core definition of internal control • Three categories of objectives and five components of internal control • Each of the five components of internal control are required for effective internal control • Important role of judgment in designing, implementing and conducting internal control, and in assessing its effectiveness • Changes in business and operating environments considered • Operations and reporting objectives expanded • Fundamental concepts underlying five components articulated as principles • Additional approaches and examples relevant to operations, compliance, and non-financial reporting objectives added Update has increased use and broadened application
  • 4. COMPANY CONFIDENTIAL COSO 2013 Update Update reflects changes in business and operating environments Environments changes... …have driven Framework updates Expectations for governance oversight Globalization of markets and operations Changes and greater complexity in business Demands and complexities in laws, rules, regulations, and standards Expectations for competencies and accountabilities Use of, and reliance on, evolving technologies Expectations relating to preventing and detecting fraud COSO Cube (2013 Edition)
  • 5. Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities Update articulates principles of effective internal control 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies COSO 2013 Update 5COSO 2013 Update
  • 6. Control Environment Update articulates principles of effective internal control (continued) 1. The organization demonstrates a commitment to integrity and ethical values. 2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. COSO 2013 Update 6COSO 2013 Update
  • 7. 6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 8. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control. Risk Assessment Update articulates principles of effective internal control (continued) COSO 2013 Update 7COSO 2013 Update
  • 8. 10. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 11. The organization selects and develops general control activities over technology to support the achievement of objectives. 12. The organization deploys control activities through policies that establish what is expected and procedures that put policies into place. Control Activities Update articulates principles of effective internal control (continued) COSO 2013 Update 8COSO 2013 Update
  • 9. 13. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. 14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. 15. The organization communicates with external parties regarding matters affecting the functioning of internal control. Information & Communication Update articulates principles of effective internal control (continued) COSO 2013 Update 9COSO 2013 Update
  • 10. 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. 17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. Monitoring Activities Update articulates principles of effective internal control (continued) COSO 2013 Update 10COSO 2013 Update
  • 11. Update clarifies requirements for effective internal control • Effective internal control provides reasonable assurance regarding the achievement of objectives and requires that: – Each component and each relevant principle is present and functioning – The five components are operating together in an integrated manner • Each principle is suitable to all entities; all principles are presumed relevant except in rare situations where management determines that a principle is not relevant to a component (e.g., governance, technology) • Components operate together when all components are present and functioning and internal control deficiencies aggregated across components do not result in one or more major deficiencies • A major deficiency represents an internal control deficiency or combination thereof that severely reduces the likelihood that an entity can achieve its objectives COSO 2013 Update 11COSO 2013 Update
  • 12. Update describes important characteristics of principles, e.g., • Points of focus may not be suitable or relevant, and others may be identified • Points of focus may facilitate designing, implementing, and conducting internal control • There is no requirement to separately assess whether points of focus are in place Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. Points of Focus: • Sets the Tone at the Top • Establishes Standards of Conduct • Evaluates Adherence to Standards of Conduct • Addresses Deviations in a Timely Manner COSO 2013 Update 12COSO 2013 Update
  • 13. Update describes the role of controls to effect principles • The Framework does not prescribe controls to be selected, developed, and deployed for effective internal control • An organization’s selection of controls to effect relevant principles and associated components is a function of management judgment based on factors unique to the entity • A major deficiency in a component or principle cannot be mitigated to an acceptable level by the presence and functioning of other components and principles • However, understanding and considering how controls effect multiple principles can provide persuasive evidence supporting management’s assessment of whether components and relevant principles are present and functioning COSO 2013 Update 13COSO 2013 Update
  • 14. Update describes how various controls effect principles, e.g., Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. Component Principle Controls embedded in other components may effect this principle Human Resources review employees’ confirmations to assess whether standards of conduct are understood and adhered to by staff across the entity Control Environment Management obtains and reviews data and information underlying potential deviations captured in whistleblower hot- line to assess quality of information Information & Communication Internal Audit separately evaluates Control Environment, considering employee behaviors and whistleblower hotline results and reports thereon Monitoring Activities COSO 2013 Update 14COSO 2013 Update
  • 15. • Principles – Provide clarity regarding the role of principles in designing, implementing, and conducting internal control, and assessing its effectiveness – Clarify descriptions of some principles, but no additional principles • Effectiveness – Recognize effective internal control can provide reasonable assurance of achieving effective and efficient operations objectives (as noted before) – Clarify requirement that each of the components and relevant principles must be present and functioning and components must operating together – Remove presumption that points of focus are present and functioning, and clarify that no separate assessment of points of focus is required – Standardize classification of internal control deficiencies, and clarify use of only relevant criteria established in laws, rules, regulations and standards COSO 2013 Update 15COSO 2013 Update