SlideShare a Scribd company logo

Are You Ready? Implementing COSO's Updated Internal Controls Framework

BlackLine
BlackLine

In this webinar, Bob Hirth, COSO Chair, will provide a brief overview of the new COSO Framework, followed by an interactive discussion around the December 15 deadline set by COSO and what this means for companies that have – and have not yet – implemented the updated framework. In addition, participants will hear what is required under the new COSO Framework, and how those requirements relate to SEC rules for determining if the system of internal controls over financial reporting is “effective,” specifically for purposes of Sarbanes-Oxley reporting. In this session we will discuss: - Best practices and lessons learned working with clients as they transition to the new COSO Framework along with industry adoption rates - How adoption of COSO 2013 provides an opportunity for companies to review and potentially improve internal controls - How financial management software can streamline the mapping, documenting, and testing activities relating to COSO 2013

Economy & Finance
1 of 54
Download to read offline
December 16, 2014 11:00A PST/2:00PM EST
CPE credits and supplemental information We are issuing 1 CPE credit To be eligible for CPE credit, please answer three (3) out of the four (4) polling questions throughout the duration of this webinar. An email with a link to the CPE Course Evaluation Form will be emailed after the webinar.
3 Today’s Speakers Robert Hirth Chairman Committee of Sponsoring Organizations of the Treadway Commission Susan Parcells Director, Finance Transformation & Product Expert BlackLine Michael P Rose Partner, Northeast Region Advisory Services Grant Thornton
Agenda 4 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
Polling Question #1 What type of organization do you work for? A. Public, US listed B. Private C. Not for Profit D. Other
Agenda 6 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
7 20 Years in the Making…
8 15,000 > 600,000 Originally formed in 1985, COSO is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management (ERM) internal control and fraud deterrence. 9,300 386,000 67,000 180,000
9 Mission COSO’s Mission is “To provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.” COSO’s Fundamental Principle Good risk management and internal control are necessary for long term success of all organizations
10 COSO is more than Internal Control…
11 And Thus… National Commission on Fraudulent Financial Reporting formed with James C. Treadway, Jr., former SEC Commissioner and General Counsel, Paine Webber as its Chairman – becoming known as the “Treadway Commission” a private-sector initiative, was formed in 1985 to inspect, analyze, and make recommendations on fraudulent corporate financial reporting. Source: sechistorical.org
12 The Internal Control Recommendation All public companies should maintain internal controls that provide reasonable assurance that fraudulent financial reporting will be prevented or subject to early detection - this is a broader concept than internal accounting controls… …The Commission also recommends that its sponsoring organizations cooperate on developing additional, integrated guidance on internal controls… - Treadway Commission report
Agenda 13 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
14 W hy Make Changes? In the twenty years since the inception of the original framework, business and operating environments have changed dramatically, becoming increasingly complex, technologically driven, and global. At the same time, stakeholders are more engaged, seeking greater transparency and accountability for the integrity of systems of internal control that support business decisions and governance of the organizationSource: COSO September 2012
15 Environmental changes... …have driven Framework updates Expectations for governance oversight Globalization of markets and operations Changes and greater complexity in business Demands and complexities in laws, rules, regulations, and standards Expectations for competencies and accountabilities Use of, and reliance on, evolving technologies Expectations relating to preventing and detecting fraud COSO Cube (2013 Edition) Update considers changes in business and operating environments…
16 Original Framework COSO’s Internal Control–Integrated Framework (1992 Edition) Refresh Objectives Updated Framework COSO’s Internal Control–Integrated Framework (2013 Edition) Broadens Application Clarifies Requirements Articulate principles to facilitate effective internal control Why update what works – The Framework has become the most widely adopted control framework worldwide. Updates Context Enhancements Reflect changes in business & operating environments Expand operations and reporting objectives
17 Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities Update articulates principles of effective internal control 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
18 Update describes important characteristics of principles, e.g., • Points of focus may not be suitable or relevant, and others may be identified • Points of focus may facilitate designing, implementing, and conducting internal control • There is no requirement to separately assess whether points of focus are in place Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. Points of Focus: • Sets the Tone at the Top • Establishes Standards of Conduct • Evaluates Adherence to Standards of Conduct • Addresses Deviations in a Timely Manner
19 Update describes how various controls effect principles, e.g., Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. Component Principle Controls embedded in other components may effect this principle Human Resources review employees’ confirmations to assess whether standards of conduct are understood and adhered to by staff across the entity Control Environment Management obtains and reviews data and information underlying potential deviations captured in whistleblower hot-line to assess quality of information Information & Communication Internal Audit separately evaluates Control Environment, considering employee behaviors and whistleblower hotline results and reports thereon Monitoring Activities
20 There is no Magic 17 Principles Control Checklist … • The Framework does not prescribe controls to be selected, developed, and deployed for effective internal control • Selection of controls is a function of management judgment based on factors unique to the entity • How controls effect multiple principles can provide persuasive evidence
Polling Question #2 What industry are you in? A. Financial Services B. Distribution, Manufacturing C. Services D. Technology E. Energy and Utilities F. Other
Agenda 22 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
23 Transition & Impact • Users are encouraged to transition applications and related documentation to the updated Framework as soon as feasible • Updated Framework will supersede original Framework at the end of the transition period (i.e., December 15, 2014) • During the transition period, external reporting should disclose whether the original or updated version of the Framework was used
24 Mostly Smooth Sailing for Early Adopters of COSO Framework Update (?) “Early adopters of the updated COSO framework say they're finding their existing internal controls map rather well to the newly articulated principles contained in the updated framework, although they need to bring more controls into the scope of their internal control evaluation and audit to show it.” April 8, 2014
25 Microsoft Example • Nearly complete with its implementation of the COSO update, mapping the new framework to its existing control environment and updating its controls. • Increased the number of entity-level controls that are scoped into its Sarbanes-Oxley compliance exercise from 45 to 58 as a result of the refresh to the updated framework. • Found its coverage was adequate, but some of the controls that met the COSO principles were not scoped into the internal control assessment and audit. • Meant streamlining and identifying activities already doing that met the requirements, then documenting them and bringing them into scope for walkthroughs and testing. Source: Compliance Week
26 Microsoft Example, Continued • Devoted a few hundred staff hours to the project, • Finalizing its control design with input from its audit firm, Deloitte. • “There are still a couple of open questions we are working on with them that may result in a few more changes, but it's not substantial at this point,” • Throughout the implementation the audit firm has targeted areas that the Public Company Accounting Oversight Board has called on auditors to pay closer attention through its inspection process, he says. They are looking more closely, for example, at risk assessments, outsourcing, and reports that are generated and relied on internally. Source: Compliance Week
27 Don’t Rush it ? A Risk-free Decision? • “If the company isn’t well into the process already and doesn’t have the resources in place to make the transition in 2014, don’t rush it. • The SEC has stated that it doesn’t intend to challenge companies— at least in the near-term—that don’t transition by December 15, 2014.) • Disclose use of 1992 or 2013 Framework; explanation regarding why transition is delayed but not required in 2014. (revised) • COSO 2013 is “an important opportunity to improve the efficiency and effectiveness of the business.”
Many Firms, But One Framework
29 Same Destination, Slightly Different Path
Polling Question #3 What is your current status for transitioning to the 2013 COSO Framework? A. Basically done and did just fine B. Basically done but it was hard C. Still in process and doing just fine D. Still in process and struggling with the amount of work E. 12/31 year-end but deferring to 2015 F. Not a 12/31 year-end
Agenda 31 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
© Grant Thornton LLP. All rights reserved. Leading Practices and Lessons Learned
© Grant Thornton LLP. All rights reserved. Summary of Changes to COSO 1992  Enhances Governance Concepts  Consider Expectations for Competencies and Accountabilities  Consider Demands and Complexities in Laws, Rules, Regulations and Standards  Reflects Increased Relevance of Technology  Enhances Consideration of Anti-Fraud Expectations  Applies a Principle – Based Approach - Explicitly States 17 Principles 33
© Grant Thornton LLP. All rights reserved. Consideration for Implementation of COSO 2013  Spend Time to Understand 17 Principles and Points of Focus  Gather Information on COSO 2013 from a Variety of Sources (Larger Accounting Firms)  Attend Training Sessions  Meet with Peers or Attend Roundtables to Get Questions Answered and See What Others are Doing 34
© Grant Thornton LLP. All rights reserved. Consideration for Implementation of COSO 2013 (cont'd)  Map the 17 Principles to Existing Controls  Evaluate Results and any Gaps in the Controls or Documentation  Plan to Make Necessary Additions to Controls and Documentation  Meet with External Audit Firm  Execute on Changes Needed 35
© Grant Thornton LLP. All rights reserved. Some Considerations In Implementing COSO 2013  Principles 1-5 Relate to the Control Environment Component - explain linkages between various components of internal control - expand the discussion of governance roles to match organization structures, note committee/board charters, minutes, accountability, roles, responsibilities - clarify expectations of integrity/ethical values, codes or conduct, whistle-blower process, investigation and resolution, potential issues, training - expand risk oversight and strengthen linkages between risk and performance  Principles 6-9 Relate to Risk Assessment Component - objective setting as a precondition to risk assessment - focusing risk assessment component on objectives related to operations, reporting and compliance - clarifying that risk assessment includes processes for risk identification, risk analysis, risk response, aligning risk tolerance with risk appetite - expand the risk severity beyond impact and likelihood to include velocity and persistence - considering fraud risk relating to material omission or misstatements of reporting, inadequate safeguarding of assets, corruption 36
© Grant Thornton LLP. All rights reserved. Some Considerations In Implementing COSO 2013 (cont'd)  Principles 10-12 Relate to the Control Activities Component - reflect evolution in technology since 1992 move toward technology infrastructure - more details to reinforce linkages in general controls over technology and automated control activities - distinction of transaction level controls from controls at other levels of organization  Principles 13-15 Relating to the Information and Communication Component - emphasizing the importance of quality of information - verifying to a source and for retention when information is used to support reporting objectives to third parties - impact of regulating requirements on reliability and protection of information - impact of technology as it relates to spend, means and quality of information - use of third-party service providers to manage specific processes and the user controls that need to be in place 37
© Grant Thornton LLP. All rights reserved. Some Considerations In Implementing COSO 2013 (cont'd)  Principles 16-17 Relating to the Monitoring Activities Component - refines terminology of monitoring activities as "ongoing evaluations" and "separate evaluations" - expanding discussion of the use of technology and external service providers - use of management's reporting controls 38
© Grant Thornton LLP. All rights reserved. Additional Considerations for Implementation  PCAOB Practice Alert #11  Results of Latest PCAOB Inspection Reports  Discussions with External Audit Firm  Business Risk Manual Produced by AICPA, ACFE and IIA. 39
© Grant Thornton LLP. All rights reserved. Thank You Michael P. Rose, CPA, CIA, CCSA, CRMA, CISA, CISM, CGEIT, CRISC, CITP Partner Northeast Region GRC Practice Leader michael.rose@us.gt.com 40
Agenda 41 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
BlackLine Modern Finance The world’s most trusted solution for Finance Controls and Automation
COMMON CHALLENGES AROUND THE NEW COSO FRAMEWORK Documenting your controls Mapping your controls to the applicable Points of Focus/Principles Organizing the supporting documentation Assigning roles and responsibilities Providing evidence of managements’ testing of internal controls
COSO Framework: 5 Components & 17 Principles CONTROL ENVIRONMENT 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority, and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability RISK ASSESSMENT 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change CONTROL ACTIVITIES 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures INFORMATION & COMMUNICATION 13. Uses relevant information 14. Communicates internally 15. Communicates externally MONITORING 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies Optional: COSO Points of Focus 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 Public Company Internal Control Activities Map them to COSO Framework Department Control # Control Activity Accounts Payable CA 053 All postings to the General Ledger are run and validated to ensure that the GL and subledger are in balance. Systems CA 054 Segregation of Duties is maintained throughout all systems and all roles and responsibilities are reviewed by management on an annual basis Systems CA 055 Requests for access to systems and associated responsibilities/functionality is reviewed and approved by management. General Ledger CA 056 All balance sheet reconciliations are prepared and reviewed by management on a monthly basis. All reconciliation exceptions are addressed on a timely basis. General Ledger CA 057 All reconciliations deemed as critical (as per Corp. Policy 146) are completed and approved by workday 6. Step2: Step1: Map Control Activities Add additional control activities Remediate any exceptions/deficiencies Annually assess Step3: Evaluate and assess compliance of Internal Control Activities to COSO Framework
Polling Question #4 What tools are you using to currently manage your SOX compliance documentation? A. Using spreadsheets, flowcharts B. Using internally developed software C. Using a third party software
BLACKLINE’S SOLUTION TO MANAGING THE NEW COSO FRAMEWORK
Task Dependency Use the task dependency functionality to align those control activities with either the Points of Focus and/or the Principles as appropriate Use the COSO import template to bring in just the 17 COSO Principles or the Principles and the 87 Points of Focus into the BlackLine Task Module (can also bring in approximately 90 basic control activities) and two certification checklists COSO Import Template Features
Control Activities Add your own control activities as additional tasks Create a certification checklist around internal controls at the COSO principle level and/or the individual points of focus which includes the necessary documentation of overall analysis and any acceptable level of risk. Certification Checklist Features
Certification checklist to indicate: The Principle is present The Principle is functioning Major deficiencies exist Add documentation to provide: • Summary of Controls for Points of Focus/Principles • Evaluation of Deficiencies within the Principle Add comments to indicate: • Any identified deficiencies • Compensating controls for the deficiencies • Impact on any of the other Principles Additional Features
Manage COSO Compliance Costs: Track time spent at the individual control points and at the COSO principle levels Certification Details: Full audit trail tracks and timestamps all certification events for all control point assessments and COSO reviews Built-In Workflow: • Ensure that there is clear ownership around the control activities Real-time Reporting and Dashboards: • Management can easily report on their COSO compliance activities Additional Features
THANK YOU! 53
QUESTIONS? 54 Robert B. Hirth, Jr. Chairman Committee of Sponsoring Organizations of the Treadway Commission Office: 415.402.3621 www.coso.org Susan Parcells, CPA, CGMA Director, Finance Transformation & Product Expert BlackLine Office: 818.223.9008 https://www.blackline.com Michael P. Rose Partner, Northeast Region Advisory Services Grant Thornton Office: http://www.grantthornton.com FEI http://www.financialexecutives.org

Recommended

Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
Magdalena Matell
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
timmcguinness
 
Coso erm
Coso ermCoso erm
Coso erm
Humberto Omar Valverde Taborga
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Resolver Inc.
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Framework
hyesue
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
Sophia Abigayle
 

Recommended

Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
Magdalena Matell
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
timmcguinness
 
Coso erm
Coso ermCoso erm
Coso erm
Humberto Omar Valverde Taborga
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Resolver Inc.
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Framework
hyesue
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
Sophia Abigayle
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
Andy Willams
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
Transcendent Group
 
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
International Federation of Accountants
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
Max Neira Schliemann
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
Arul Nambi
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
Hafiz Sheikh Adnan Ahmed
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0Rachael Phelan
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
Manoj Agarwal
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1
Ismail aboulezz
 
Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryo
Danang suryo Wardhono
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Auditijazurrehman
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
Manoj Agarwal
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationUpgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
International Federation of Accountants
 
Cisa domain 3
Cisa domain 3Cisa domain 3
Cisa domain 3
ShivamSharma909
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
Max Neira Schliemann
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
 
COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It Right
BlackLine
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
International Federation of Accountants
 

More Related Content

What's hot

business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
Andy Willams
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
Transcendent Group
 
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
International Federation of Accountants
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
Max Neira Schliemann
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
Arul Nambi
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
Hafiz Sheikh Adnan Ahmed
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0Rachael Phelan
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
Manoj Agarwal
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1
Ismail aboulezz
 
Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryo
Danang suryo Wardhono
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Auditijazurrehman
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
Manoj Agarwal
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationUpgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
International Federation of Accountants
 
Cisa domain 3
Cisa domain 3Cisa domain 3
Cisa domain 3
ShivamSharma909
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
Max Neira Schliemann
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
 

What's hot (20)

business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
 
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1
 
Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryo
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Audit
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationUpgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
 
Cisa domain 3
Cisa domain 3Cisa domain 3
Cisa domain 3
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance framework
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 

Viewers also liked

COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It Right
BlackLine
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
International Federation of Accountants
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
Jesús Gándara
 
Usability in digital publications
Usability in digital publicationsUsability in digital publications
Usability in digital publications
MCI Press
 
Webinar - Top 5 Strategies for Digital Process Agility
Webinar - Top 5 Strategies for Digital Process AgilityWebinar - Top 5 Strategies for Digital Process Agility
Webinar - Top 5 Strategies for Digital Process Agility
Bizagi
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Framework
sbyearly
 
Fraud & Internal Controls
Fraud & Internal ControlsFraud & Internal Controls
Fraud & Internal Controls
Greenway Health
 
Evaluation of eLearning
Evaluation of eLearningEvaluation of eLearning
Evaluation of eLearning
Michael M Grant
 
Modus Operandi to improve internal controls
Modus Operandi to improve internal controlsModus Operandi to improve internal controls
Modus Operandi to improve internal controls
vikas_k
 
Internal Controls
Internal ControlsInternal Controls
Internal Controls
renaenew92
 
Management audit sako
Management audit sakoManagement audit sako
Management audit sako
EMAC Consulting Group
 
How to prepare for and pass the CIA exam?
How to prepare for and pass the CIA exam? How to prepare for and pass the CIA exam?
How to prepare for and pass the CIA exam?
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Part three cia_with_ answers
Part three cia_with_ answersPart three cia_with_ answers
Part three cia_with_ answersDeloitte
 
The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention
Rea & Associates
 
Cobit dan coso
Cobit dan cosoCobit dan coso
Cobit dan coso
Rohmad Adi Siaman SST Akt., M.Ec.Dev.
 
Penjelasan COSO & COBIT
Penjelasan COSO & COBITPenjelasan COSO & COBIT
Penjelasan COSO & COBIT
Muhamad Ardiansyah
 
Audit planning and risk assessment
Audit planning and risk assessmentAudit planning and risk assessment
Audit planning and risk assessmentcasahiljain1992
 
Internal controls
Internal controlsInternal controls
Internal controls
Geetali Tare
 
Audit working-papers
Audit working-papersAudit working-papers
Audit working-papers
Next Generation Security Agency
 
Effective Internal Controls (Annotated) by @EricPesik
Effective Internal Controls (Annotated) by @EricPesikEffective Internal Controls (Annotated) by @EricPesik
Effective Internal Controls (Annotated) by @EricPesik
Eric Pesik
 

Viewers also liked (20)

COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It Right
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
 
Usability in digital publications
Usability in digital publicationsUsability in digital publications
Usability in digital publications
 
Webinar - Top 5 Strategies for Digital Process Agility
Webinar - Top 5 Strategies for Digital Process AgilityWebinar - Top 5 Strategies for Digital Process Agility
Webinar - Top 5 Strategies for Digital Process Agility
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Framework
 
Fraud & Internal Controls
Fraud & Internal ControlsFraud & Internal Controls
Fraud & Internal Controls
 
Evaluation of eLearning
Evaluation of eLearningEvaluation of eLearning
Evaluation of eLearning
 
Modus Operandi to improve internal controls
Modus Operandi to improve internal controlsModus Operandi to improve internal controls
Modus Operandi to improve internal controls
 
Internal Controls
Internal ControlsInternal Controls
Internal Controls
 
Management audit sako
Management audit sakoManagement audit sako
Management audit sako
 
How to prepare for and pass the CIA exam?
How to prepare for and pass the CIA exam? How to prepare for and pass the CIA exam?
How to prepare for and pass the CIA exam?
 
Part three cia_with_ answers
Part three cia_with_ answersPart three cia_with_ answers
Part three cia_with_ answers
 
The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention
 
Cobit dan coso
Cobit dan cosoCobit dan coso
Cobit dan coso
 
Penjelasan COSO & COBIT
Penjelasan COSO & COBITPenjelasan COSO & COBIT
Penjelasan COSO & COBIT
 
Audit planning and risk assessment
Audit planning and risk assessmentAudit planning and risk assessment
Audit planning and risk assessment
 
Internal controls
Internal controlsInternal controls
Internal controls
 
Audit working-papers
Audit working-papersAudit working-papers
Audit working-papers
 
Effective Internal Controls (Annotated) by @EricPesik
Effective Internal Controls (Annotated) by @EricPesikEffective Internal Controls (Annotated) by @EricPesik
Effective Internal Controls (Annotated) by @EricPesik
 

Similar to Are You Ready? Implementing COSO's Updated Internal Controls Framework

COSO.pptx
COSO.pptxCOSO.pptx
COSO.pptx
ThnhLTin6
 
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkCOSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
BlackLine
 
ICSA Ireland CPD_Senior Executive Accountability Regime_Deloitte 22Jan19
ICSA Ireland CPD_Senior Executive Accountability Regime_Deloitte 22Jan19ICSA Ireland CPD_Senior Executive Accountability Regime_Deloitte 22Jan19
ICSA Ireland CPD_Senior Executive Accountability Regime_Deloitte 22Jan19
Institute of Chartered Secretaries and Administrators
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
CA CISA Jayjit Biswas
 
Prepare for the 2013 COSO Internal Control Framework—Start Now
Prepare for the 2013 COSO Internal Control Framework—Start NowPrepare for the 2013 COSO Internal Control Framework—Start Now
Prepare for the 2013 COSO Internal Control Framework—Start Now
Brown Smith Wallace
 
Control findingsreporting
Control findingsreportingControl findingsreporting
Control findingsreporting
Aviva Spectrum™
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007Danial Khan
 
Top 5 Pitfalls to Avoid Implemeting COSO 2013
Top 5 Pitfalls to Avoid Implemeting COSO 2013Top 5 Pitfalls to Avoid Implemeting COSO 2013
Top 5 Pitfalls to Avoid Implemeting COSO 2013
Aviva Spectrum™
 
Standard operating procedures
Standard operating proceduresStandard operating procedures
Standard operating procedures
Kinetik Solutions Ltd
 
Accelerating Grassroots Adoption of IT Quality Transformation
Accelerating Grassroots Adoption of IT Quality TransformationAccelerating Grassroots Adoption of IT Quality Transformation
Accelerating Grassroots Adoption of IT Quality Transformation
Cognizant
 
ISO 30401 - The KM Management Systems Standard
ISO 30401 - The KM Management Systems StandardISO 30401 - The KM Management Systems Standard
ISO 30401 - The KM Management Systems Standard
SIKM
 
990025 p executive-summary-final-may20
990025 p executive-summary-final-may20990025 p executive-summary-final-may20
990025 p executive-summary-final-may20
Thoriq Rivaldi
 
Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013
SARVJEET KAUSHAL
 
New trends in the revised iso 9001:2015
New trends in the revised iso 9001:2015New trends in the revised iso 9001:2015
New trends in the revised iso 9001:2015
PMILebanonChapter
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summaryErwin Morales
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summaryKatherine Reyes V.
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance Seminars
Corporate Compliance Seminars
 
Creative Performance Audit
Creative Performance AuditCreative Performance Audit
Creative Performance Audit
Humanology
 

Similar to Are You Ready? Implementing COSO's Updated Internal Controls Framework (20)

COSO.pptx
COSO.pptxCOSO.pptx
COSO.pptx
 
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkCOSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
 
COSO Deck
COSO DeckCOSO Deck
COSO Deck
 
COSO Update DTF
COSO Update DTFCOSO Update DTF
COSO Update DTF
 
ICSA Ireland CPD_Senior Executive Accountability Regime_Deloitte 22Jan19
ICSA Ireland CPD_Senior Executive Accountability Regime_Deloitte 22Jan19ICSA Ireland CPD_Senior Executive Accountability Regime_Deloitte 22Jan19
ICSA Ireland CPD_Senior Executive Accountability Regime_Deloitte 22Jan19
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Prepare for the 2013 COSO Internal Control Framework—Start Now
Prepare for the 2013 COSO Internal Control Framework—Start NowPrepare for the 2013 COSO Internal Control Framework—Start Now
Prepare for the 2013 COSO Internal Control Framework—Start Now
 
Control findingsreporting
Control findingsreportingControl findingsreporting
Control findingsreporting
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
 
Top 5 Pitfalls to Avoid Implemeting COSO 2013
Top 5 Pitfalls to Avoid Implemeting COSO 2013Top 5 Pitfalls to Avoid Implemeting COSO 2013
Top 5 Pitfalls to Avoid Implemeting COSO 2013
 
Standard operating procedures
Standard operating proceduresStandard operating procedures
Standard operating procedures
 
Accelerating Grassroots Adoption of IT Quality Transformation
Accelerating Grassroots Adoption of IT Quality TransformationAccelerating Grassroots Adoption of IT Quality Transformation
Accelerating Grassroots Adoption of IT Quality Transformation
 
ISO 30401 - The KM Management Systems Standard
ISO 30401 - The KM Management Systems StandardISO 30401 - The KM Management Systems Standard
ISO 30401 - The KM Management Systems Standard
 
990025 p executive-summary-final-may20
990025 p executive-summary-final-may20990025 p executive-summary-final-may20
990025 p executive-summary-final-may20
 
Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013
 
New trends in the revised iso 9001:2015
New trends in the revised iso 9001:2015New trends in the revised iso 9001:2015
New trends in the revised iso 9001:2015
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summary
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summary
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance Seminars
 
Creative Performance Audit
Creative Performance AuditCreative Performance Audit
Creative Performance Audit
 

Recently uploaded

Commercial Bank Economic Capsule - May 2024
Commercial Bank Economic Capsule - May 2024Commercial Bank Economic Capsule - May 2024
Commercial Bank Economic Capsule - May 2024
Commercial Bank of Ceylon PLC
 
Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...
Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...
Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...
Vighnesh Shashtri
 
how can I sell/buy bulk pi coins securely
how can I sell/buy bulk pi coins securelyhow can I sell/buy bulk pi coins securely
how can I sell/buy bulk pi coins securely
DOT TECH
 
Intro_Economics_ GPresentation Week 4.pptx
Intro_Economics_ GPresentation Week 4.pptxIntro_Economics_ GPresentation Week 4.pptx
Intro_Economics_ GPresentation Week 4.pptx
shetivia
 
what is the future of Pi Network currency.
what is the future of Pi Network currency.what is the future of Pi Network currency.
what is the future of Pi Network currency.
DOT TECH
 
The European Unemployment Puzzle: implications from population aging
The European Unemployment Puzzle: implications from population agingThe European Unemployment Puzzle: implications from population aging
The European Unemployment Puzzle: implications from population aging
GRAPE
 
The WhatsPump Pseudonym Problem and the Hilarious Downfall of Artificial Enga...
The WhatsPump Pseudonym Problem and the Hilarious Downfall of Artificial Enga...The WhatsPump Pseudonym Problem and the Hilarious Downfall of Artificial Enga...
The WhatsPump Pseudonym Problem and the Hilarious Downfall of Artificial Enga...
muslimdavidovich670
 
The Evolution of Non-Banking Financial Companies (NBFCs) in India: Challenges...
The Evolution of Non-Banking Financial Companies (NBFCs) in India: Challenges...The Evolution of Non-Banking Financial Companies (NBFCs) in India: Challenges...
The Evolution of Non-Banking Financial Companies (NBFCs) in India: Challenges...
beulahfernandes8
 
Introduction to Value Added Tax System.ppt
Introduction to Value Added Tax System.pptIntroduction to Value Added Tax System.ppt
Introduction to Value Added Tax System.ppt
VishnuVenugopal84
 
how to sell pi coins at high rate quickly.
how to sell pi coins at high rate quickly.how to sell pi coins at high rate quickly.
how to sell pi coins at high rate quickly.
DOT TECH
 
The new type of smart, sustainable entrepreneurship and the next day | Europe...
The new type of smart, sustainable entrepreneurship and the next day | Europe...The new type of smart, sustainable entrepreneurship and the next day | Europe...
The new type of smart, sustainable entrepreneurship and the next day | Europe...
Antonis Zairis
 
Poonawalla Fincorp and IndusInd Bank Introduce New Co-Branded Credit Card
Poonawalla Fincorp and IndusInd Bank Introduce New Co-Branded Credit CardPoonawalla Fincorp and IndusInd Bank Introduce New Co-Branded Credit Card
Poonawalla Fincorp and IndusInd Bank Introduce New Co-Branded Credit Card
nickysharmasucks
 
The secret way to sell pi coins effortlessly.
The secret way to sell pi coins effortlessly.The secret way to sell pi coins effortlessly.
The secret way to sell pi coins effortlessly.
DOT TECH
 
what is a pi whale and how to access one.
what is a pi whale and how to access one.what is a pi whale and how to access one.
what is a pi whale and how to access one.
DOT TECH
 
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
ydubwyt
 
Webinar Exploring DORA for Fintechs - Simont Braun
Webinar Exploring DORA for Fintechs - Simont BraunWebinar Exploring DORA for Fintechs - Simont Braun
Webinar Exploring DORA for Fintechs - Simont Braun
FinTech Belgium
 
Which Crypto to Buy Today for Short-Term in May-June 2024.pdf
Which Crypto to Buy Today for Short-Term in May-June 2024.pdfWhich Crypto to Buy Today for Short-Term in May-June 2024.pdf
Which Crypto to Buy Today for Short-Term in May-June 2024.pdf
Kezex (KZX)
 
how to sell pi coins on Binance exchange
how to sell pi coins on Binance exchangehow to sell pi coins on Binance exchange
how to sell pi coins on Binance exchange
DOT TECH
 
APP I Lecture Notes to students 0f 4the year
APP I Lecture Notes to students 0f 4the yearAPP I Lecture Notes to students 0f 4the year
APP I Lecture Notes to students 0f 4the year
telilaalilemlem
 
US Economic Outlook - Being Decided - M Capital Group August 2021.pdf
US Economic Outlook - Being Decided - M Capital Group August 2021.pdfUS Economic Outlook - Being Decided - M Capital Group August 2021.pdf
US Economic Outlook - Being Decided - M Capital Group August 2021.pdf
pchutichetpong
 

Recently uploaded (20)

Commercial Bank Economic Capsule - May 2024
Commercial Bank Economic Capsule - May 2024Commercial Bank Economic Capsule - May 2024
Commercial Bank Economic Capsule - May 2024
 
Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...
Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...
Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...
 
how can I sell/buy bulk pi coins securely
how can I sell/buy bulk pi coins securelyhow can I sell/buy bulk pi coins securely
how can I sell/buy bulk pi coins securely
 
Intro_Economics_ GPresentation Week 4.pptx
Intro_Economics_ GPresentation Week 4.pptxIntro_Economics_ GPresentation Week 4.pptx
Intro_Economics_ GPresentation Week 4.pptx
 
what is the future of Pi Network currency.
what is the future of Pi Network currency.what is the future of Pi Network currency.
what is the future of Pi Network currency.
 
The European Unemployment Puzzle: implications from population aging
The European Unemployment Puzzle: implications from population agingThe European Unemployment Puzzle: implications from population aging
The European Unemployment Puzzle: implications from population aging
 
The WhatsPump Pseudonym Problem and the Hilarious Downfall of Artificial Enga...
The WhatsPump Pseudonym Problem and the Hilarious Downfall of Artificial Enga...The WhatsPump Pseudonym Problem and the Hilarious Downfall of Artificial Enga...
The WhatsPump Pseudonym Problem and the Hilarious Downfall of Artificial Enga...
 
The Evolution of Non-Banking Financial Companies (NBFCs) in India: Challenges...
The Evolution of Non-Banking Financial Companies (NBFCs) in India: Challenges...The Evolution of Non-Banking Financial Companies (NBFCs) in India: Challenges...
The Evolution of Non-Banking Financial Companies (NBFCs) in India: Challenges...
 
Introduction to Value Added Tax System.ppt
Introduction to Value Added Tax System.pptIntroduction to Value Added Tax System.ppt
Introduction to Value Added Tax System.ppt
 
how to sell pi coins at high rate quickly.
how to sell pi coins at high rate quickly.how to sell pi coins at high rate quickly.
how to sell pi coins at high rate quickly.
 
The new type of smart, sustainable entrepreneurship and the next day | Europe...
The new type of smart, sustainable entrepreneurship and the next day | Europe...The new type of smart, sustainable entrepreneurship and the next day | Europe...
The new type of smart, sustainable entrepreneurship and the next day | Europe...
 
Poonawalla Fincorp and IndusInd Bank Introduce New Co-Branded Credit Card
Poonawalla Fincorp and IndusInd Bank Introduce New Co-Branded Credit CardPoonawalla Fincorp and IndusInd Bank Introduce New Co-Branded Credit Card
Poonawalla Fincorp and IndusInd Bank Introduce New Co-Branded Credit Card
 
The secret way to sell pi coins effortlessly.
The secret way to sell pi coins effortlessly.The secret way to sell pi coins effortlessly.
The secret way to sell pi coins effortlessly.
 
what is a pi whale and how to access one.
what is a pi whale and how to access one.what is a pi whale and how to access one.
what is a pi whale and how to access one.
 
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
 
Webinar Exploring DORA for Fintechs - Simont Braun
Webinar Exploring DORA for Fintechs - Simont BraunWebinar Exploring DORA for Fintechs - Simont Braun
Webinar Exploring DORA for Fintechs - Simont Braun
 
Which Crypto to Buy Today for Short-Term in May-June 2024.pdf
Which Crypto to Buy Today for Short-Term in May-June 2024.pdfWhich Crypto to Buy Today for Short-Term in May-June 2024.pdf
Which Crypto to Buy Today for Short-Term in May-June 2024.pdf
 
how to sell pi coins on Binance exchange
how to sell pi coins on Binance exchangehow to sell pi coins on Binance exchange
how to sell pi coins on Binance exchange
 
APP I Lecture Notes to students 0f 4the year
APP I Lecture Notes to students 0f 4the yearAPP I Lecture Notes to students 0f 4the year
APP I Lecture Notes to students 0f 4the year
 
US Economic Outlook - Being Decided - M Capital Group August 2021.pdf
US Economic Outlook - Being Decided - M Capital Group August 2021.pdfUS Economic Outlook - Being Decided - M Capital Group August 2021.pdf
US Economic Outlook - Being Decided - M Capital Group August 2021.pdf
 

Are You Ready? Implementing COSO's Updated Internal Controls Framework

  • 1. December 16, 2014 11:00A PST/2:00PM EST
  • 2. CPE credits and supplemental information We are issuing 1 CPE credit To be eligible for CPE credit, please answer three (3) out of the four (4) polling questions throughout the duration of this webinar. An email with a link to the CPE Course Evaluation Form will be emailed after the webinar.
  • 3. 3 Today’s Speakers Robert Hirth Chairman Committee of Sponsoring Organizations of the Treadway Commission Susan Parcells Director, Finance Transformation & Product Expert BlackLine Michael P Rose Partner, Northeast Region Advisory Services Grant Thornton
  • 4. Agenda 4 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
  • 5. Polling Question #1 What type of organization do you work for? A. Public, US listed B. Private C. Not for Profit D. Other
  • 6. Agenda 6 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
  • 7. 7 20 Years in the Making…
  • 8. 8 15,000 > 600,000 Originally formed in 1985, COSO is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management (ERM) internal control and fraud deterrence. 9,300 386,000 67,000 180,000
  • 9. 9 Mission COSO’s Mission is “To provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.” COSO’s Fundamental Principle Good risk management and internal control are necessary for long term success of all organizations
  • 10. 10 COSO is more than Internal Control…
  • 11. 11 And Thus… National Commission on Fraudulent Financial Reporting formed with James C. Treadway, Jr., former SEC Commissioner and General Counsel, Paine Webber as its Chairman – becoming known as the “Treadway Commission” a private-sector initiative, was formed in 1985 to inspect, analyze, and make recommendations on fraudulent corporate financial reporting. Source: sechistorical.org
  • 12. 12 The Internal Control Recommendation All public companies should maintain internal controls that provide reasonable assurance that fraudulent financial reporting will be prevented or subject to early detection - this is a broader concept than internal accounting controls… …The Commission also recommends that its sponsoring organizations cooperate on developing additional, integrated guidance on internal controls… - Treadway Commission report
  • 13. Agenda 13 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
  • 14. 14 W hy Make Changes? In the twenty years since the inception of the original framework, business and operating environments have changed dramatically, becoming increasingly complex, technologically driven, and global. At the same time, stakeholders are more engaged, seeking greater transparency and accountability for the integrity of systems of internal control that support business decisions and governance of the organizationSource: COSO September 2012
  • 15. 15 Environmental changes... …have driven Framework updates Expectations for governance oversight Globalization of markets and operations Changes and greater complexity in business Demands and complexities in laws, rules, regulations, and standards Expectations for competencies and accountabilities Use of, and reliance on, evolving technologies Expectations relating to preventing and detecting fraud COSO Cube (2013 Edition) Update considers changes in business and operating environments…
  • 16. 16 Original Framework COSO’s Internal Control–Integrated Framework (1992 Edition) Refresh Objectives Updated Framework COSO’s Internal Control–Integrated Framework (2013 Edition) Broadens Application Clarifies Requirements Articulate principles to facilitate effective internal control Why update what works – The Framework has become the most widely adopted control framework worldwide. Updates Context Enhancements Reflect changes in business & operating environments Expand operations and reporting objectives
  • 17. 17 Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities Update articulates principles of effective internal control 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
  • 18. 18 Update describes important characteristics of principles, e.g., • Points of focus may not be suitable or relevant, and others may be identified • Points of focus may facilitate designing, implementing, and conducting internal control • There is no requirement to separately assess whether points of focus are in place Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. Points of Focus: • Sets the Tone at the Top • Establishes Standards of Conduct • Evaluates Adherence to Standards of Conduct • Addresses Deviations in a Timely Manner
  • 19. 19 Update describes how various controls effect principles, e.g., Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. Component Principle Controls embedded in other components may effect this principle Human Resources review employees’ confirmations to assess whether standards of conduct are understood and adhered to by staff across the entity Control Environment Management obtains and reviews data and information underlying potential deviations captured in whistleblower hot-line to assess quality of information Information & Communication Internal Audit separately evaluates Control Environment, considering employee behaviors and whistleblower hotline results and reports thereon Monitoring Activities
  • 20. 20 There is no Magic 17 Principles Control Checklist … • The Framework does not prescribe controls to be selected, developed, and deployed for effective internal control • Selection of controls is a function of management judgment based on factors unique to the entity • How controls effect multiple principles can provide persuasive evidence
  • 21. Polling Question #2 What industry are you in? A. Financial Services B. Distribution, Manufacturing C. Services D. Technology E. Energy and Utilities F. Other
  • 22. Agenda 22 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
  • 23. 23 Transition & Impact • Users are encouraged to transition applications and related documentation to the updated Framework as soon as feasible • Updated Framework will supersede original Framework at the end of the transition period (i.e., December 15, 2014) • During the transition period, external reporting should disclose whether the original or updated version of the Framework was used
  • 24. 24 Mostly Smooth Sailing for Early Adopters of COSO Framework Update (?) “Early adopters of the updated COSO framework say they're finding their existing internal controls map rather well to the newly articulated principles contained in the updated framework, although they need to bring more controls into the scope of their internal control evaluation and audit to show it.” April 8, 2014
  • 25. 25 Microsoft Example • Nearly complete with its implementation of the COSO update, mapping the new framework to its existing control environment and updating its controls. • Increased the number of entity-level controls that are scoped into its Sarbanes-Oxley compliance exercise from 45 to 58 as a result of the refresh to the updated framework. • Found its coverage was adequate, but some of the controls that met the COSO principles were not scoped into the internal control assessment and audit. • Meant streamlining and identifying activities already doing that met the requirements, then documenting them and bringing them into scope for walkthroughs and testing. Source: Compliance Week
  • 26. 26 Microsoft Example, Continued • Devoted a few hundred staff hours to the project, • Finalizing its control design with input from its audit firm, Deloitte. • “There are still a couple of open questions we are working on with them that may result in a few more changes, but it's not substantial at this point,” • Throughout the implementation the audit firm has targeted areas that the Public Company Accounting Oversight Board has called on auditors to pay closer attention through its inspection process, he says. They are looking more closely, for example, at risk assessments, outsourcing, and reports that are generated and relied on internally. Source: Compliance Week
  • 27. 27 Don’t Rush it ? A Risk-free Decision? • “If the company isn’t well into the process already and doesn’t have the resources in place to make the transition in 2014, don’t rush it. • The SEC has stated that it doesn’t intend to challenge companies— at least in the near-term—that don’t transition by December 15, 2014.) • Disclose use of 1992 or 2013 Framework; explanation regarding why transition is delayed but not required in 2014. (revised) • COSO 2013 is “an important opportunity to improve the efficiency and effectiveness of the business.”
  • 28. Many Firms, But One Framework
  • 30. Polling Question #3 What is your current status for transitioning to the 2013 COSO Framework? A. Basically done and did just fine B. Basically done but it was hard C. Still in process and doing just fine D. Still in process and struggling with the amount of work E. 12/31 year-end but deferring to 2015 F. Not a 12/31 year-end
  • 31. Agenda 31 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
  • 32. © Grant Thornton LLP. All rights reserved. Leading Practices and Lessons Learned
  • 33. © Grant Thornton LLP. All rights reserved. Summary of Changes to COSO 1992  Enhances Governance Concepts  Consider Expectations for Competencies and Accountabilities  Consider Demands and Complexities in Laws, Rules, Regulations and Standards  Reflects Increased Relevance of Technology  Enhances Consideration of Anti-Fraud Expectations  Applies a Principle – Based Approach - Explicitly States 17 Principles 33
  • 34. © Grant Thornton LLP. All rights reserved. Consideration for Implementation of COSO 2013  Spend Time to Understand 17 Principles and Points of Focus  Gather Information on COSO 2013 from a Variety of Sources (Larger Accounting Firms)  Attend Training Sessions  Meet with Peers or Attend Roundtables to Get Questions Answered and See What Others are Doing 34
  • 35. © Grant Thornton LLP. All rights reserved. Consideration for Implementation of COSO 2013 (cont'd)  Map the 17 Principles to Existing Controls  Evaluate Results and any Gaps in the Controls or Documentation  Plan to Make Necessary Additions to Controls and Documentation  Meet with External Audit Firm  Execute on Changes Needed 35
  • 36. © Grant Thornton LLP. All rights reserved. Some Considerations In Implementing COSO 2013  Principles 1-5 Relate to the Control Environment Component - explain linkages between various components of internal control - expand the discussion of governance roles to match organization structures, note committee/board charters, minutes, accountability, roles, responsibilities - clarify expectations of integrity/ethical values, codes or conduct, whistle-blower process, investigation and resolution, potential issues, training - expand risk oversight and strengthen linkages between risk and performance  Principles 6-9 Relate to Risk Assessment Component - objective setting as a precondition to risk assessment - focusing risk assessment component on objectives related to operations, reporting and compliance - clarifying that risk assessment includes processes for risk identification, risk analysis, risk response, aligning risk tolerance with risk appetite - expand the risk severity beyond impact and likelihood to include velocity and persistence - considering fraud risk relating to material omission or misstatements of reporting, inadequate safeguarding of assets, corruption 36
  • 37. © Grant Thornton LLP. All rights reserved. Some Considerations In Implementing COSO 2013 (cont'd)  Principles 10-12 Relate to the Control Activities Component - reflect evolution in technology since 1992 move toward technology infrastructure - more details to reinforce linkages in general controls over technology and automated control activities - distinction of transaction level controls from controls at other levels of organization  Principles 13-15 Relating to the Information and Communication Component - emphasizing the importance of quality of information - verifying to a source and for retention when information is used to support reporting objectives to third parties - impact of regulating requirements on reliability and protection of information - impact of technology as it relates to spend, means and quality of information - use of third-party service providers to manage specific processes and the user controls that need to be in place 37
  • 38. © Grant Thornton LLP. All rights reserved. Some Considerations In Implementing COSO 2013 (cont'd)  Principles 16-17 Relating to the Monitoring Activities Component - refines terminology of monitoring activities as "ongoing evaluations" and "separate evaluations" - expanding discussion of the use of technology and external service providers - use of management's reporting controls 38
  • 39. © Grant Thornton LLP. All rights reserved. Additional Considerations for Implementation  PCAOB Practice Alert #11  Results of Latest PCAOB Inspection Reports  Discussions with External Audit Firm  Business Risk Manual Produced by AICPA, ACFE and IIA. 39
  • 40. © Grant Thornton LLP. All rights reserved. Thank You Michael P. Rose, CPA, CIA, CCSA, CRMA, CISA, CISM, CGEIT, CRISC, CITP Partner Northeast Region GRC Practice Leader michael.rose@us.gt.com 40
  • 41. Agenda 41 COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
  • 42. BlackLine Modern Finance The world’s most trusted solution for Finance Controls and Automation
  • 43.
  • 44. COMMON CHALLENGES AROUND THE NEW COSO FRAMEWORK Documenting your controls Mapping your controls to the applicable Points of Focus/Principles Organizing the supporting documentation Assigning roles and responsibilities Providing evidence of managements’ testing of internal controls
  • 45. COSO Framework: 5 Components & 17 Principles CONTROL ENVIRONMENT 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority, and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability RISK ASSESSMENT 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change CONTROL ACTIVITIES 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures INFORMATION & COMMUNICATION 13. Uses relevant information 14. Communicates internally 15. Communicates externally MONITORING 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies Optional: COSO Points of Focus 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 Public Company Internal Control Activities Map them to COSO Framework Department Control # Control Activity Accounts Payable CA 053 All postings to the General Ledger are run and validated to ensure that the GL and subledger are in balance. Systems CA 054 Segregation of Duties is maintained throughout all systems and all roles and responsibilities are reviewed by management on an annual basis Systems CA 055 Requests for access to systems and associated responsibilities/functionality is reviewed and approved by management. General Ledger CA 056 All balance sheet reconciliations are prepared and reviewed by management on a monthly basis. All reconciliation exceptions are addressed on a timely basis. General Ledger CA 057 All reconciliations deemed as critical (as per Corp. Policy 146) are completed and approved by workday 6. Step2: Step1: Map Control Activities Add additional control activities Remediate any exceptions/deficiencies Annually assess Step3: Evaluate and assess compliance of Internal Control Activities to COSO Framework
  • 46. Polling Question #4 What tools are you using to currently manage your SOX compliance documentation? A. Using spreadsheets, flowcharts B. Using internally developed software C. Using a third party software
  • 47. BLACKLINE’S SOLUTION TO MANAGING THE NEW COSO FRAMEWORK
  • 48.
  • 49. Task Dependency Use the task dependency functionality to align those control activities with either the Points of Focus and/or the Principles as appropriate Use the COSO import template to bring in just the 17 COSO Principles or the Principles and the 87 Points of Focus into the BlackLine Task Module (can also bring in approximately 90 basic control activities) and two certification checklists COSO Import Template Features
  • 50. Control Activities Add your own control activities as additional tasks Create a certification checklist around internal controls at the COSO principle level and/or the individual points of focus which includes the necessary documentation of overall analysis and any acceptable level of risk. Certification Checklist Features
  • 51. Certification checklist to indicate: The Principle is present The Principle is functioning Major deficiencies exist Add documentation to provide: • Summary of Controls for Points of Focus/Principles • Evaluation of Deficiencies within the Principle Add comments to indicate: • Any identified deficiencies • Compensating controls for the deficiencies • Impact on any of the other Principles Additional Features
  • 52. Manage COSO Compliance Costs: Track time spent at the individual control points and at the COSO principle levels Certification Details: Full audit trail tracks and timestamps all certification events for all control point assessments and COSO reviews Built-In Workflow: • Ensure that there is clear ownership around the control activities Real-time Reporting and Dashboards: • Management can easily report on their COSO compliance activities Additional Features
  • 54. QUESTIONS? 54 Robert B. Hirth, Jr. Chairman Committee of Sponsoring Organizations of the Treadway Commission Office: 415.402.3621 www.coso.org Susan Parcells, CPA, CGMA Director, Finance Transformation & Product Expert BlackLine Office: 818.223.9008 https://www.blackline.com Michael P. Rose Partner, Northeast Region Advisory Services Grant Thornton Office: http://www.grantthornton.com FEI http://www.financialexecutives.org