Coso Internal Control Integrated Framework

1,768 views

Published on

COSO

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,768
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
59
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Coso Internal Control Integrated Framework

  1. 1. COSO’s Proposed R i i tCOSO’ P d Revision to Internal Control - Integrated gFramework and its Implications on I f Information Technology ti T h l Ken Vander Wal, ISACA International President David Landsittel, Chairman of COSO Cara Beston, Partner at PricewaterhouseCoopers p 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  2. 2. Today’s webinar: • Text in questions using the Ask A Question button • All audio is streamed over your computer – Having technical issues? Click the ? button • Download the slide deck from the Event Home Page • No CPEs being offered for this event • Question or suggestion? Email them to eLearning@isaca.org L i @i 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  3. 3. Presenters: Ken Vander Wal ISACA International President David Landsittel Chairman of COSO Cara Beston Partner at PricewaterhouseCoopers 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  4. 4. Agenda • Introd ction Introduction • COSO, Project Overview, Scope and Structure • Proposed Updates • I Impact of Updates to Technology t fU d t t T h l • Open Discussion • C ll to Action – N t St Call t A ti Next Steps 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  5. 5. Introduction • Background • ISACA Membership on COSO’s Advisory Council – Represented by Ken Vander Wal – Supported by Global Task Force • Today’s Presenters – David Landsittel – Cara Beston 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  6. 6. COSO, Project Overview, Scope and Structure 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  7. 7. About COSO – Formed in 1985 to sponsor a Commission to examine fraudulent financial reporting f d l t fi i l ti – A joint initiative of five private sector organizations – Sponsors: • American Accounting Association • American Institute of Certified Public Accountants • Financial Executives International • Institute of Management Accountants • The Institute of Internal Auditors 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  8. 8. Mission of COSO • “To provide thought leadership through the development of To comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.” Fundamental Principle • Good risk management and internal control are necessary for the long-term success of organizations 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  9. 9. Project Overview j – Internal Control - Integrated Framework • First published in 1992 • M t widely used Most id l d framework in the US • Also widely used around the th worldld – However, since 1992, the operating environment has evolved l d – Framework concepts timeless, but context needs updating pdating 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  10. 10. Project Objectives j j – The goal of the project is to “refresh” the Framework, by providing a context that is current. – Enhancements are not intended to alter the core concepts developed in the original Framework – Other project objectives include: • Explicitly identifying principles and attributes to provide efficiency and a basis for evaluating effectiveness • Adding more f focus on operational and compliance control objectives • Expanding “Financial Reporting” objective to encompass “ “reporting” more broadly i ” b dl 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  11. 11. Project Governance Structure andParticipants COSO Board of Directors PricewaterhouseCoopers Project Team COSO Advisory Council Companies & Other Stakeholders (nominated by the COSO Board) • Industry Associations • AICPA • Academia • AAA • Not-for-profit, government entities • IIA • Professional associations • FEI • Risk management professionals • IMA • Lawyers • Regulatory Observers • Public Accounting Firms • Regulators • Others • Other rule-makers 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  12. 12. Project Scope and Deliverables • Three Products Contemplated: – An updated Internal Control – Integrated Framework – A companion document focusing on applying framework for Internal Control over External Financial Reporting (ICEFR) – Evaluation tools for use in assessing the overall effectiveness of internal control 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  13. 13. Project Timetable j 2010 2011 2012 Sept – Jan Feb - Oct Dec - Mar Apr - Dec Assess & Survey Design & Public Finalize Stakeholder Build Exposure 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  14. 14. Obtaining Input: Survey ofStakeholders – Over 700 responses – Responses come from wide range of organizations and individuals • Large, small and non-profit organizations well represented • 1 in 4 respondents are international (27%) • The majority of respondents have been using the Framework for over 5 years – Overall, a large majority of respondents (85%) support updating, but not a major overhaul in the Framework 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  15. 15. What’s Changed • The experienced reader will find much familiar in the updated Framework, which builds on what has proven effective in the original version. What is not changing... What is changing... 1. Definition of internal control 1. Updating context to reflect 2. Five components of internal current environment control 2. Codification of principles used 3. 3 Criteria used to assess in developing and evaluating effectiveness of systems of effectiveness of systems internal control 3. Expanded financial reporting 4. Use of judgment in evaluating objective to address internal the ff ti th effectiveness of systems of f t f and external, financial and non- external non internal control financial reporting objectives 4. Increased focus on operations, compliance objectives 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  16. 16. Proposed Updates 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  17. 17. Summary of Updates A changing business environment... Drives updates to the Framework... Expectations for governance oversight Globalization of markets and operations Changes in business models Demands and complexity of rules, p y , regulations and standards Expectations for competencies and accountabilities Use and reliance on evolving technology Expectations for preventing and detecting fraud f d 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  18. 18. Summary of UpdatesCodification of 17 principles embedded in original Framework Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. 3 Establishes t E t bli h structure, authority and responsibility t th it d ibilit 4. Demonstrates commitment to competence 5. Establishes accountability 6. Specifies relevant objectives Risk Assessment 7. Identifies and assesses risk Risk Assessment 8. Identifies and assesses significant change 9. Assesses fraud risk Control Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures Information & 13. Generates relevant information Communication C i ti 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and separate evaluations Monitoring Activities 17. Evaluates and communicates deficiencies 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  19. 19. Impact of Updates to Technology 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  20. 20. Impact of Updates to Technology • Concepts related to technology were retained – Application controls v. General Controls – Language updated to reflect more current terms • Original Framework addressed technology as a key component of control activities and the information system • Today, technology is embedded in virtually every enterprise – Supports new business models and delivers business value – Enables business processes – Drives efficiency in controls – Generates expanded information p – Enhances speed and breadth of communication • Updated Framework considers technology across all internal control components p 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  21. 21. Impact of Updates to Technology • Technology does not change the internal control landscape, but may affect how a company implements internal control • As an enabler, technology – Creates new opportunities pp – Presents new risks – Promotes efficiency and effectiveness – Simplifies previously challenging activities – Adds complexity – Increases rate of change • Updated Framework considers the continuous evolution of technology, but does not attempt to address various types • Anticipates that technology will exist, but recognizes that it will be adopted differently from entity to entity 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  22. 22. Impact of Updates to Technology • Control Environment – Improve access to senior management and vice versa • Risk Assessment – Facilitate risk assessment process through improved data and analytics – Create new risks • Control Activities – P id new responses t risks Provide to i k – Increase efficiency of risk responses • Information & Communication – Increases available information – Expands communication channels • Monitoring Activities g – Considers new methods to monitor 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  23. 23. Examples of Technology & Updates • Increased importance of technology skills in assessing competence (par 161) • Identification of risks related to technological developments that may impact achievement of objectives (par 228 and 274) • Technology impact on risk of business continuity (par 248) • Entity-level considerations of the impact of systems (par 282) • Technology can both support business processes and also act as control activities (par 295) – The extent of IT dependence on processes may indicate a greater reliance on IT for controls – Management has the option to choose between manual, automated or a combination of both in selecting and developing control activities 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  24. 24. Examples of Technology & Updates • Technology is not prominently discussed in the area of segregation of duties (par 303- 305) – Management has several alternative control activities to select from in addressing risks associated with incompatible duties – Assessing risks associated with access to technology is important precedent to selecting control activities • Impact of technology on volume and complexity of data and information raise awareness of: – High volume of data available through electronic means increases complexity of systems needed to process data – Benefits of increased information may be offset by the operational or compliance risks – Increased importance of security, protection and retention of data 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  25. 25. Open Discussion2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  26. 26. Open Discussion Text in questions using the Ask A Question b tt Q ti button 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  27. 27. Call to Action – Next Steps 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  28. 28. Call to Action – Next Steps: • Review and Provide Comments: Internal Control - Integrated Framework http://www.ic.coso.org p g • Deadline --- 31 March 2012 • Draft of Internal Control over External Financial Reporting (ICEFR) • Embrace and Utilize COSO Internal Control - Integrated Framework in Your Enterprise • COBIT 5 - Coming 2nd Q 2012 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  29. 29. Register Now! Upcoming ISACA T i i U i Training: • 4-day courses include: – COBIT – Fundamentals of IT Audit and Assurance – IT Audit and Assurance Practices A dit d A P ti • 27 – 30 March in Atlanta, Georgia • www.isaca.org/training i / i i 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  30. 30. Thank You!2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.

×