In this webinar, Bob Hirth, COSO Chair, will provide a brief overview of the new COSO Framework, followed by an interactive discussion around the December 15 deadline set by COSO and what this means for companies that have – and have not yet – implemented the updated framework.
In addition, participants will hear what is required under the new COSO Framework, and how those requirements relate to SEC rules for determining if the system of internal controls over financial reporting is “effective,” specifically for purposes of Sarbanes-Oxley reporting.
In this session we will discuss:
- Best practices and lessons learned working with clients as they transition to the new COSO Framework along with industry adoption rates
- How adoption of COSO 2013 provides an opportunity for companies to review and potentially improve internal controls
- How financial management software can streamline the mapping, documenting, and testing activities relating to COSO 2013
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
COSO, which has provided global thought leadership and guidance on internal control, enterprise risk management, and fraud deterrence for over three decades, recently released a draft update to the original COSO ERM Framework. This framework is widely used by organizations to enhance their ability to manage uncertainty, gauge risk, and increase stakeholder value. However, significant new risks have emerged since the Framework was released, demanding heightened board awareness and oversight of risk management, as well as improved risk reporting. For those organizations exploring ESRM – these themes will be strikingly familiar and the lessons learned, highly relevant.
Presentation by: Bob Hirth, Global Chairman of COSO.
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
COSO, which has provided global thought leadership and guidance on internal control, enterprise risk management, and fraud deterrence for over three decades, recently released a draft update to the original COSO ERM Framework. This framework is widely used by organizations to enhance their ability to manage uncertainty, gauge risk, and increase stakeholder value. However, significant new risks have emerged since the Framework was released, demanding heightened board awareness and oversight of risk management, as well as improved risk reporting. For those organizations exploring ESRM – these themes will be strikingly familiar and the lessons learned, highly relevant.
Presentation by: Bob Hirth, Global Chairman of COSO.
Presentation från GRC 2014 den 15 maj. Kontakta gärna talaren om du har några frågor. Hela schemat för eventet hittar du här: http://www.transcendentgroup.com/sv/har-har-du-hela-schemat-for-grc-2014/
Presentation given by Vincent Tophoff, IFAC Senior Technical Manager, on risk management and internal control at the Second International ISO 31000 Conference in Toronto, May 2013.
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
The webinar covers:
• Overview of ISO 31000 and how this standard implies threats but opportunities as well
• Risk-based thinking as an integral part of ISO 9001:2015 and ISO 14001:2015
• Principles, processes and framework of ISO 31000
• How organizations can reduce uncertainty, seize opportunities and treat risks
Presenter:
This session will be presented by PECB Trainer Jacob McLean, Principal Consultant and Managing Director of Kaizen Training & Management Consultants Limited.
Link of the recorded session published on YouTube: https://youtu.be/MVBMM6X3Vgw
What is GRC – Governance, Risk and Compliance BOC Group
A simple guide to learn what Governance, Risk and Compliance (GRC) is all about, why it’s important and how you can use it to help drive enterprise objectives.
For more information visit: https://www.boc-group.com/governance-risk-and-compliance/
Presentation by Vincent Tophoff, IFAC Senior Technical Manager and J. Stephen McNally, Campbell Soup Company Finance Director and Comptroller at the IMA Annual Conference and Exposition, June 2014
PART 1 – CISA Domain 3 – Information Systems Acquisition, development and implementation
Overall understanding of Domain 3
What is benefits realization?
What is portfolio management?
https://www.infosectrain.com/blog/cisa-domain-3-information-systems-acquisition-development-and-implementation-part1/
A corporation must have social acceptance to survive and grow.
The society’s expectations change through:
1.- Changing population mix.
2.- Changing values and orientations.
Business performance changes through
1.-Economic, competitive, and structural conditions.
2.- Regulatory constraints.
3.- Futuristic, Long Term orientation.
4.- Leadership style
What is ISO 27005? How is an ISO 27005 Risk Assessment done effectively? Find out in this presentation delivered at the ISACA Bangalore Chapter Office by Dharshan Shanthamurthy.
COSO Implementation: Getting Real, Getting It RightBlackLine
Join this webcast featuring senior-level financial executives with deep knowledge of the updated internal control framework released by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Hear first-hand how Pfizer, Raytheon and Dow have implemented the updated framework (which will supersede COSO’s original 1992 guidelines at the end of this year).
Presentation från GRC 2014 den 15 maj. Kontakta gärna talaren om du har några frågor. Hela schemat för eventet hittar du här: http://www.transcendentgroup.com/sv/har-har-du-hela-schemat-for-grc-2014/
Presentation given by Vincent Tophoff, IFAC Senior Technical Manager, on risk management and internal control at the Second International ISO 31000 Conference in Toronto, May 2013.
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
The webinar covers:
• Overview of ISO 31000 and how this standard implies threats but opportunities as well
• Risk-based thinking as an integral part of ISO 9001:2015 and ISO 14001:2015
• Principles, processes and framework of ISO 31000
• How organizations can reduce uncertainty, seize opportunities and treat risks
Presenter:
This session will be presented by PECB Trainer Jacob McLean, Principal Consultant and Managing Director of Kaizen Training & Management Consultants Limited.
Link of the recorded session published on YouTube: https://youtu.be/MVBMM6X3Vgw
What is GRC – Governance, Risk and Compliance BOC Group
A simple guide to learn what Governance, Risk and Compliance (GRC) is all about, why it’s important and how you can use it to help drive enterprise objectives.
For more information visit: https://www.boc-group.com/governance-risk-and-compliance/
Presentation by Vincent Tophoff, IFAC Senior Technical Manager and J. Stephen McNally, Campbell Soup Company Finance Director and Comptroller at the IMA Annual Conference and Exposition, June 2014
PART 1 – CISA Domain 3 – Information Systems Acquisition, development and implementation
Overall understanding of Domain 3
What is benefits realization?
What is portfolio management?
https://www.infosectrain.com/blog/cisa-domain-3-information-systems-acquisition-development-and-implementation-part1/
A corporation must have social acceptance to survive and grow.
The society’s expectations change through:
1.- Changing population mix.
2.- Changing values and orientations.
Business performance changes through
1.-Economic, competitive, and structural conditions.
2.- Regulatory constraints.
3.- Futuristic, Long Term orientation.
4.- Leadership style
What is ISO 27005? How is an ISO 27005 Risk Assessment done effectively? Find out in this presentation delivered at the ISACA Bangalore Chapter Office by Dharshan Shanthamurthy.
COSO Implementation: Getting Real, Getting It RightBlackLine
Join this webcast featuring senior-level financial executives with deep knowledge of the updated internal control framework released by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Hear first-hand how Pfizer, Raytheon and Dow have implemented the updated framework (which will supersede COSO’s original 1992 guidelines at the end of this year).
A presentation based on M.Sc thesis
“Usability evaluation of design solutions for tablet magazines”. Includes introduction to usability, tablet magazine types/categories, how to make a usable tablet publication. Most usability principles are universal, so these results considering iPads can be implemented on other forms of digital publishing.
Webinar - Top 5 Strategies for Digital Process AgilityBizagi
This Webinar explores the top strategies for Digital Process agility. Hosted by Jan Marek (Generali), Jorge Garcia (Technology Evaluation Centre) and moderated by Bizagi CMO John Webster. This jam-packed webinar included live audience polling and insights into why BPM and Digital transformation go hand in hand.
policyIQ for COSO 2013 Internal Control - Integrated Frameworksbyearly
The policyIQ Team was joined by Senior Practice Director of RGP’s Governance Risk & Compliance (GRC) practice, Les Sussman, to discuss how the updated COSO framework will impact companies and, specifically, policyIQ clients or prospects. Mr. Sussman recaptured the highlights from a webinar that he co-presented with RGP’s Global Managing Director of the Finance & Accounting practice, Shauna Watson. Their session, “Effective Transition to the 2013 COSO Framework and SOX Compliance”, drew more than a thousand registrants and received great reviews for addressing considerations that have not been discussed in other COSO-related sessions.
With a diverse audience of current policyIQ users and many participants who are not currently using policyIQ, we took time to introduce some highlights of policyIQ. We went on to demonstrate how easily and quickly we amended our policyIQ configuration to accommodate the updated 2013 COSO Internal Control – Integrated Framework.
RGP recommends that companies employ both a top down and a bottom up approach to mapping Principles and Controls to one another. We discussed this and how policyIQ reports can be applied to make quick work of mapping, gap analysis, control rationalization and reporting to the Audit Committee and External Auditors.
Reach out to us with any questions: sbuehrle@rgp.com or support@policyIQ.com.
This session shows how your practice can utilize internal controls to promote efficiencies and effectiveness in the workplace and prevent the susceptibility of fraudulent acts by employees. Learn about the risk factors, vulnerable transactions, methods of detection and prevention as they specifically relate to your practice.
Management audit is a total surgery of an organisation. It diverts from the traditional financial audit and focuses on the objectives, plans, organisational structure and the right business strategy. It is of interest to the practioners and students to understanding of technical issues covering the business operation. It actually focuses on the Value for Money Audit Methodology.
The Importance of Internal Controls in Fraud Prevention Rea & Associates
Presentation made by Ohio Accounting Firm, Rea & Associates, on the how strong internal controls can help Ohio companies deter fraud in the workplace. Special attention is given to the 5 components of internal controls and how to diffuse the traingle of fraud.
Internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations
This presentation examines ICs and their effectiveness.
Effective Internal Controls (Annotated) by @EricPesikEric Pesik
Instilling good governance and ensuring full compliance with an effective internal control program. Presented at Corruption and Compliance South & South East Asia Summit, September 2012, Hilton Hotel, Singapore.
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkBlackLine
COSO recommends the transition to the revised framework be completed by December 15, 2014. Is your organization ready?
In our previous session Clearing Up the COSO Confusion: How to Adopt the New Framework, we discussed the broad scope of the new COSO Framework and how it may apply to your current internal control system. In this upcoming session, we will provide a preview of how to use the COSO template to document and manage controls. This will enable financial leaders, like you, to break through common implementation difficulties to achieve and sustain a fully functioning and auditable internal controls framework.
In this deep dive session, you will learn:
- Powerful ways to utilize BlackLine’s Task Management Module to help manage your internal controls framework
- Practical implementation examples facilitated through directed case studies and activities
- Key steps to be taken to ensure all relevant issues have been considered and appropriate changes have been implemented in the framework
- Best practices for organizations to establish and accelerate the implementation of the new framework
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
SOD conflict mitigation is a complex subject considering present manpower constraints and lack of technical understanding of core SAP domain. It is a mix of BPR and Technology together where process as well as IT knowledge is must to encounter this specialized area.
Prepare for the 2013 COSO Internal Control Framework—Start NowBrown Smith Wallace
For the first time in almost 12 years, companies that comply with COSO will need to update their internal control frameworks. A revised structure and plan ideally should be in place by summer of 2014 in order to seamlessly transition ahead of the December 15, 2014, deadline.
Is your company prepared to handle the transition from COSO92 to COSO2013 by the December 2014 deadline?
In a recent article featured in AFP Exchange magazine, Amy Ribick, manager, risk advisory services at Brown Smith Wallace, explains the significant changes in the COSO update and a three-phased approach to implementation.
Top 5 Pitfalls to Avoid Implemeting COSO 2013Aviva Spectrum™
Learn about the 5 pitfalls you should avoid when implementing COSO's 2013 framework. This presentation will provide you with background on what could go wrong for SOX testing and other pitfalls to be aware of.
Performance audit has a long story in many countries to oversee the programme or activity carried out by the public agencies to manage the resource in an efficient and economical manner and the programme are carried out effectively and managed to give a positive impact to the target group. In Malaysia, performance audit has started way back since the 1990’s but the approach at that time whereby certain criteria and aspects are not complicated as compared to this day. Performance audit from time to time are also affected by the government policy and the development of the ICT.
Similar to Are You Ready? Implementing COSO's Updated Internal Controls Framework (20)
Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...Vighnesh Shashtri
In India, financial inclusion remains a critical challenge, with a significant portion of the population still unbanked. Non-Banking Financial Companies (NBFCs) have emerged as key players in bridging this gap by providing financial services to those often overlooked by traditional banking institutions. This article delves into how NBFCs are fostering financial inclusion and empowering the unbanked.
Even tho Pi network is not listed on any exchange yet.
Buying/Selling or investing in pi network coins is highly possible through the help of vendors. You can buy from vendors[ buy directly from the pi network miners and resell it]. I will leave the telegram contact of my personal vendor.
@Pi_vendor_247
what is the future of Pi Network currency.DOT TECH
The future of the Pi cryptocurrency is uncertain, and its success will depend on several factors. Pi is a relatively new cryptocurrency that aims to be user-friendly and accessible to a wide audience. Here are a few key considerations for its future:
Message: @Pi_vendor_247 on telegram if u want to sell PI COINS.
1. Mainnet Launch: As of my last knowledge update in January 2022, Pi was still in the testnet phase. Its success will depend on a successful transition to a mainnet, where actual transactions can take place.
2. User Adoption: Pi's success will be closely tied to user adoption. The more users who join the network and actively participate, the stronger the ecosystem can become.
3. Utility and Use Cases: For a cryptocurrency to thrive, it must offer utility and practical use cases. The Pi team has talked about various applications, including peer-to-peer transactions, smart contracts, and more. The development and implementation of these features will be essential.
4. Regulatory Environment: The regulatory environment for cryptocurrencies is evolving globally. How Pi navigates and complies with regulations in various jurisdictions will significantly impact its future.
5. Technology Development: The Pi network must continue to develop and improve its technology, security, and scalability to compete with established cryptocurrencies.
6. Community Engagement: The Pi community plays a critical role in its future. Engaged users can help build trust and grow the network.
7. Monetization and Sustainability: The Pi team's monetization strategy, such as fees, partnerships, or other revenue sources, will affect its long-term sustainability.
It's essential to approach Pi or any new cryptocurrency with caution and conduct due diligence. Cryptocurrency investments involve risks, and potential rewards can be uncertain. The success and future of Pi will depend on the collective efforts of its team, community, and the broader cryptocurrency market dynamics. It's advisable to stay updated on Pi's development and follow any updates from the official Pi Network website or announcements from the team.
The European Unemployment Puzzle: implications from population agingGRAPE
We study the link between the evolving age structure of the working population and unemployment. We build a large new Keynesian OLG model with a realistic age structure, labor market frictions, sticky prices, and aggregate shocks. Once calibrated to the European economy, we quantify the extent to which demographic changes over the last three decades have contributed to the decline of the unemployment rate. Our findings yield important implications for the future evolution of unemployment given the anticipated further aging of the working population in Europe. We also quantify the implications for optimal monetary policy: lowering inflation volatility becomes less costly in terms of GDP and unemployment volatility, which hints that optimal monetary policy may be more hawkish in an aging society. Finally, our results also propose a partial reversal of the European-US unemployment puzzle due to the fact that the share of young workers is expected to remain robust in the US.
The Evolution of Non-Banking Financial Companies (NBFCs) in India: Challenges...beulahfernandes8
Role in Financial System
NBFCs are critical in bridging the financial inclusion gap.
They provide specialized financial services that cater to segments often neglected by traditional banks.
Economic Impact
NBFCs contribute significantly to India's GDP.
They support sectors like micro, small, and medium enterprises (MSMEs), housing finance, and personal loans.
how to sell pi coins at high rate quickly.DOT TECH
Where can I sell my pi coins at a high rate.
Pi is not launched yet on any exchange. But one can easily sell his or her pi coins to investors who want to hold pi till mainnet launch.
This means crypto whales want to hold pi. And you can get a good rate for selling pi to them. I will leave the telegram contact of my personal pi vendor below.
A vendor is someone who buys from a miner and resell it to a holder or crypto whale.
Here is the telegram contact of my vendor:
@Pi_vendor_247
Poonawalla Fincorp and IndusInd Bank Introduce New Co-Branded Credit Cardnickysharmasucks
The unveiling of the IndusInd Bank Poonawalla Fincorp eLITE RuPay Platinum Credit Card marks a notable milestone in the Indian financial landscape, showcasing a successful partnership between two leading institutions, Poonawalla Fincorp and IndusInd Bank. This co-branded credit card not only offers users a plethora of benefits but also reflects a commitment to innovation and adaptation. With a focus on providing value-driven and customer-centric solutions, this launch represents more than just a new product—it signifies a step towards redefining the banking experience for millions. Promising convenience, rewards, and a touch of luxury in everyday financial transactions, this collaboration aims to cater to the evolving needs of customers and set new standards in the industry.
The secret way to sell pi coins effortlessly.DOT TECH
Well as we all know pi isn't launched yet. But you can still sell your pi coins effortlessly because some whales in China are interested in holding massive pi coins. And they are willing to pay good money for it. If you are interested in selling I will leave a contact for you. Just telegram this number below. I sold about 3000 pi coins to him and he paid me immediately.
Telegram: @Pi_vendor_247
If you are looking for a pi coin investor. Then look no further because I have the right one he is a pi vendor (he buy and resell to whales in China). I met him on a crypto conference and ever since I and my friends have sold more than 10k pi coins to him And he bought all and still want more. I will drop his telegram handle below just send him a message.
@Pi_vendor_247
Currently pi network is not tradable on binance or any other exchange because we are still in the enclosed mainnet.
Right now the only way to sell pi coins is by trading with a verified merchant.
What is a pi merchant?
A pi merchant is someone verified by pi network team and allowed to barter pi coins for goods and services.
Since pi network is not doing any pre-sale The only way exchanges like binance/huobi or crypto whales can get pi is by buying from miners. And a merchant stands in between the exchanges and the miners.
I will leave the telegram contact of my personal pi merchant. I and my friends has traded more than 6000pi coins successfully
Tele-gram
@Pi_vendor_247
US Economic Outlook - Being Decided - M Capital Group August 2021.pdfpchutichetpong
The U.S. economy is continuing its impressive recovery from the COVID-19 pandemic and not slowing down despite re-occurring bumps. The U.S. savings rate reached its highest ever recorded level at 34% in April 2020 and Americans seem ready to spend. The sectors that had been hurt the most by the pandemic specifically reduced consumer spending, like retail, leisure, hospitality, and travel, are now experiencing massive growth in revenue and job openings.
Could this growth lead to a “Roaring Twenties”? As quickly as the U.S. economy contracted, experiencing a 9.1% drop in economic output relative to the business cycle in Q2 2020, the largest in recorded history, it has rebounded beyond expectations. This surprising growth seems to be fueled by the U.S. government’s aggressive fiscal and monetary policies, and an increase in consumer spending as mobility restrictions are lifted. Unemployment rates between June 2020 and June 2021 decreased by 5.2%, while the demand for labor is increasing, coupled with increasing wages to incentivize Americans to rejoin the labor force. Schools and businesses are expected to fully reopen soon. In parallel, vaccination rates across the country and the world continue to rise, with full vaccination rates of 50% and 14.8% respectively.
However, it is not completely smooth sailing from here. According to M Capital Group, the main risks that threaten the continued growth of the U.S. economy are inflation, unsettled trade relations, and another wave of Covid-19 mutations that could shut down the world again. Have we learned from the past year of COVID-19 and adapted our economy accordingly?
“In order for the U.S. economy to continue growing, whether there is another wave or not, the U.S. needs to focus on diversifying supply chains, supporting business investment, and maintaining consumer spending,” says Grace Feeley, a research analyst at M Capital Group.
While the economic indicators are positive, the risks are coming closer to manifesting and threatening such growth. The new variants spreading throughout the world, Delta, Lambda, and Gamma, are vaccine-resistant and muddy the predictions made about the economy and health of the country. These variants bring back the feeling of uncertainty that has wreaked havoc not only on the stock market but the mindset of people around the world. MCG provides unique insight on how to mitigate these risks to possibly ensure a bright economic future.
2. CPE credits and supplemental
information
We are issuing 1 CPE credit
To be eligible for CPE credit, please answer three (3) out of the four
(4) polling questions throughout the duration of this webinar.
An email with a link to the CPE Course Evaluation Form will be
emailed after the webinar.
3. 3
Today’s Speakers
Robert Hirth
Chairman
Committee of Sponsoring Organizations of the Treadway Commission
Susan Parcells
Director, Finance Transformation & Product Expert
BlackLine
Michael P Rose
Partner, Northeast Region Advisory Services
Grant Thornton
4. Agenda
4
COSO Overview
Why the new Framework
Transition Timeline and Reporting Implications
Leading Practices and Lessons Learned
Learn how the BlackLine Task Product can be used
to help companies organize and manage the work around
complying with the new COSO Framework
5. Polling Question #1
What type of organization do you work for?
A. Public, US listed
B. Private
C. Not for Profit
D. Other
6. Agenda
6
COSO Overview
Why the new Framework
Transition Timeline and Reporting Implications
Leading Practices and Lessons Learned
Learn how the BlackLine Task Product can be used
to help companies organize and manage the work around
complying with the new COSO Framework
8. 8
15,000 > 600,000
Originally formed in 1985, COSO is a joint initiative of five private sector
organizations and is dedicated to providing thought leadership through
the development of frameworks and guidance on enterprise risk
management (ERM) internal control and fraud deterrence.
9,300
386,000
67,000
180,000
9. 9
Mission
COSO’s Mission is “To provide thought leadership
through the development of comprehensive frameworks
and guidance on enterprise risk management, internal
control and fraud deterrence designed to improve
organizational performance and governance and to reduce
the extent of fraud in organizations.”
COSO’s Fundamental Principle
Good risk management and internal control are necessary
for long term success of all organizations
11. 11
And Thus…
National Commission on Fraudulent Financial Reporting
formed with James C. Treadway, Jr., former SEC
Commissioner and General Counsel, Paine Webber as its
Chairman – becoming known as the “Treadway
Commission” a private-sector initiative, was formed in 1985
to inspect, analyze, and make recommendations on
fraudulent corporate financial reporting.
Source: sechistorical.org
12. 12
The Internal Control Recommendation
All public companies should maintain internal
controls that provide reasonable assurance that
fraudulent financial reporting will be prevented or
subject to early detection - this is a broader
concept than internal accounting controls…
…The Commission also recommends that
its sponsoring organizations cooperate on
developing additional, integrated guidance on
internal controls…
- Treadway Commission report
13. Agenda
13
COSO Overview
Why the new Framework
Transition Timeline and Reporting Implications
Leading Practices and Lessons Learned
Learn how the BlackLine Task Product can be used
to help companies organize and manage the work around
complying with the new COSO Framework
14. 14
W
hy Make Changes?
In the twenty years since the inception of the
original framework, business and operating
environments have changed dramatically,
becoming increasingly complex,
technologically driven, and global.
At the same time, stakeholders are more
engaged, seeking greater transparency and
accountability for the integrity of systems of
internal control that support business
decisions and governance of the
organizationSource: COSO September 2012
15. 15
Environmental changes... …have driven Framework updates
Expectations for governance oversight
Globalization of markets and operations
Changes and greater complexity in business
Demands and complexities in laws, rules, regulations, and
standards
Expectations for competencies and accountabilities
Use of, and reliance on, evolving
technologies
Expectations relating to preventing and detecting fraud COSO Cube (2013 Edition)
Update considers changes in business and operating
environments…
16. 16
Original
Framework
COSO’s Internal Control–Integrated Framework (1992 Edition)
Refresh
Objectives
Updated
Framework COSO’s Internal Control–Integrated Framework (2013 Edition)
Broadens Application Clarifies Requirements
Articulate principles to
facilitate effective
internal control
Why update what works – The Framework has become the most
widely adopted control framework worldwide.
Updates
Context
Enhancements
Reflect changes in
business & operating
environments
Expand operations and
reporting objectives
17. 17
Control Environment
Risk Assessment
Control Activities
Information &
Communication
Monitoring Activities
Update articulates principles of effective internal control
1. Demonstrates commitment to integrity and ethical values
2. Exercises oversight responsibility
3. Establishes structure, authority and responsibility
4. Demonstrates commitment to competence
5. Enforces accountability
6. Specifies suitable objectives
7. Identifies and analyzes risk
8. Assesses fraud risk
9. Identifies and analyzes significant change
10. Selects and develops control activities
11. Selects and develops general controls over technology
12. Deploys through policies and procedures
13. Uses relevant information
14. Communicates internally
15. Communicates externally
16. Conducts ongoing and/or separate evaluations
17. Evaluates and communicates deficiencies
18. 18
Update describes important characteristics of principles, e.g.,
• Points of focus may not be suitable or relevant, and others may be identified
• Points of focus may facilitate designing, implementing, and conducting internal
control
• There is no requirement to separately assess whether points of focus are in
place
Control Environment 1. The organization demonstrates a commitment to
integrity and ethical values.
Points of Focus:
• Sets the Tone at the Top
• Establishes Standards of Conduct
• Evaluates Adherence to Standards of Conduct
• Addresses Deviations in a Timely Manner
19. 19
Update describes how various controls effect principles, e.g.,
Control Environment
1. The organization demonstrates a commitment to integrity and ethical
values.
Component
Principle
Controls
embedded in
other
components
may effect this
principle
Human Resources
review employees’
confirmations to
assess whether
standards of conduct
are understood and
adhered to by staff
across the entity
Control Environment
Management obtains
and reviews data and
information underlying
potential deviations
captured in
whistleblower hot-line
to assess quality of
information
Information &
Communication
Internal Audit
separately evaluates
Control Environment,
considering employee
behaviors and
whistleblower hotline
results and reports
thereon
Monitoring Activities
20. 20
There is no Magic 17 Principles
Control Checklist …
• The Framework does not prescribe controls to be
selected, developed, and deployed for effective
internal control
• Selection of controls is a function of management
judgment based on factors unique to the entity
• How controls effect multiple principles can provide
persuasive evidence
21. Polling Question #2
What industry are you in?
A. Financial Services
B. Distribution, Manufacturing
C. Services
D. Technology
E. Energy and Utilities
F. Other
22. Agenda
22
COSO Overview
Why the new Framework
Transition Timeline and Reporting Implications
Leading Practices and Lessons Learned
Learn how the BlackLine Task Product can be used
to help companies organize and manage the work around
complying with the new COSO Framework
23. 23
Transition & Impact
• Users are encouraged to transition applications and
related documentation to the updated Framework as
soon as feasible
• Updated Framework will supersede original Framework
at the end of the transition period (i.e., December 15,
2014)
• During the transition period, external reporting should
disclose whether the original or updated version of the
Framework was used
24. 24
Mostly Smooth Sailing for Early Adopters of
COSO Framework Update (?)
“Early adopters of the updated COSO framework
say they're finding their existing internal controls
map rather well to the newly articulated principles
contained in the updated framework, although they
need to bring more controls into the scope of their
internal control evaluation and audit to show it.”
April 8, 2014
25. 25
Microsoft Example
• Nearly complete with its implementation of the COSO update, mapping the
new framework to its existing control environment and updating its controls.
• Increased the number of entity-level controls that are scoped into its
Sarbanes-Oxley compliance exercise from 45 to 58 as a result of the
refresh to the updated framework.
• Found its coverage was adequate, but some of the controls that met the
COSO principles were not scoped into the internal control assessment and
audit.
• Meant streamlining and identifying activities already doing that met the
requirements, then documenting them and bringing them into scope for
walkthroughs and testing.
Source: Compliance Week
26. 26
Microsoft Example, Continued
• Devoted a few hundred staff hours to the project,
• Finalizing its control design with input from its audit firm, Deloitte.
• “There are still a couple of open questions we are working on with them
that may result in a few more changes, but it's not substantial at this point,”
• Throughout the implementation the audit firm has targeted areas that the
Public Company Accounting Oversight Board has called on auditors to pay
closer attention through its inspection process, he says. They are looking
more closely, for example, at risk assessments, outsourcing, and reports
that are generated and relied on internally.
Source: Compliance Week
27. 27
Don’t Rush it ? A
Risk-free Decision?
• “If the company isn’t well into the process already and doesn’t have
the resources in place to make the transition in 2014, don’t rush it.
• The SEC has stated that it doesn’t intend to challenge companies—
at least in the near-term—that don’t transition by December 15,
2014.)
• Disclose use of 1992 or 2013 Framework; explanation regarding
why transition is delayed but not required in 2014. (revised)
• COSO 2013 is “an important opportunity to improve the efficiency
and effectiveness of the business.”
30. Polling Question #3
What is your current status for transitioning to the 2013 COSO
Framework?
A. Basically done and did just fine
B. Basically done but it was hard
C. Still in process and doing just fine
D. Still in process and struggling with the amount of work
E. 12/31 year-end but deferring to 2015
F. Not a 12/31 year-end
31. Agenda
31
COSO Overview
Why the new Framework
Transition Timeline and Reporting Implications
Leading Practices and Lessons Learned
Learn how the BlackLine Task Product can be used
to help companies organize and manage the work around
complying with the new COSO Framework
41. Agenda
41
COSO Overview
Why the new Framework
Transition Timeline and Reporting Implications
Leading Practices and Lessons Learned
Learn how the BlackLine Task Product can be used
to help companies organize and manage the work around
complying with the new COSO Framework
44. COMMON CHALLENGES
AROUND THE NEW
COSO FRAMEWORK
Documenting your controls
Mapping your controls to the applicable Points of Focus/Principles
Organizing the supporting documentation
Assigning roles and responsibilities
Providing evidence of managements’ testing of internal controls
45. COSO Framework:
5 Components & 17 Principles
CONTROL ENVIRONMENT
1. Demonstrates commitment to integrity and
ethical values
2. Exercises oversight responsibility
3. Establishes structure, authority, and responsibility
4. Demonstrates commitment to competence
5. Enforces accountability
RISK ASSESSMENT
6. Specifies suitable objectives
7. Identifies and analyzes risk
8. Assesses fraud risk
9. Identifies and analyzes significant change
CONTROL ACTIVITIES
10. Selects and develops control activities
11. Selects and develops general controls over technology
12. Deploys through policies and procedures
INFORMATION & COMMUNICATION
13. Uses relevant information
14. Communicates internally
15. Communicates externally
MONITORING
16. Conducts ongoing and/or separate evaluations
17. Evaluates and communicates deficiencies
Optional: COSO
Points of Focus
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Public Company
Internal Control Activities
Map them
to COSO
Framework
Department Control # Control Activity
Accounts Payable CA 053 All postings to the General Ledger are run
and validated to ensure that the GL and
subledger are in balance.
Systems CA 054 Segregation of Duties is maintained
throughout all systems and all roles and
responsibilities are reviewed by
management on an annual basis
Systems CA 055 Requests for access to systems and
associated responsibilities/functionality is
reviewed and approved by management.
General Ledger CA 056 All balance sheet reconciliations are
prepared and reviewed by management
on a monthly basis. All reconciliation
exceptions are addressed on a timely
basis.
General Ledger CA 057 All reconciliations deemed as critical (as
per Corp. Policy 146) are completed and
approved by workday 6.
Step2:
Step1: Map Control Activities
Add additional control activities
Remediate any exceptions/deficiencies
Annually assess
Step3:
Evaluate and assess compliance of
Internal Control Activities to COSO
Framework
46. Polling Question #4
What tools are you using to currently manage your SOX
compliance documentation?
A. Using spreadsheets, flowcharts
B. Using internally developed software
C. Using a third party software
49. Task
Dependency
Use the task dependency functionality to align those control activities
with either the Points of Focus and/or the Principles as appropriate
Use the COSO import template to bring in just the 17 COSO Principles or the
Principles and the 87 Points of Focus into the BlackLine Task Module (can also
bring in approximately 90 basic control activities) and two certification checklists
COSO
Import
Template
Features
50. Control
Activities
Add your own control activities as additional tasks
Create a certification checklist around internal controls at the COSO principle
level and/or the individual points of focus which includes the necessary
documentation of overall analysis and any acceptable level of risk.
Certification
Checklist
Features
51. Certification checklist to indicate:
The Principle is present
The Principle is functioning
Major deficiencies exist
Add documentation to provide:
• Summary of Controls for Points of Focus/Principles
• Evaluation of Deficiencies within the Principle
Add comments to indicate:
• Any identified deficiencies
• Compensating controls for the deficiencies
• Impact on any of the other Principles
Additional
Features
52. Manage COSO Compliance Costs:
Track time spent at the individual control
points and at the COSO principle levels
Certification Details:
Full audit trail tracks and timestamps all
certification events for all control point
assessments and COSO reviews
Built-In Workflow:
• Ensure that there is clear ownership
around the control activities
Real-time Reporting and Dashboards:
• Management can easily report on
their COSO compliance activities
Additional
Features
54. QUESTIONS?
54
Robert B. Hirth, Jr.
Chairman
Committee of Sponsoring Organizations of the Treadway Commission
Office: 415.402.3621
www.coso.org
Susan Parcells, CPA, CGMA
Director, Finance Transformation & Product Expert
BlackLine
Office: 818.223.9008
https://www.blackline.com
Michael P. Rose
Partner, Northeast Region Advisory Services
Grant Thornton
Office:
http://www.grantthornton.com
FEI
http://www.financialexecutives.org