SlideShare a Scribd company logo

COSO Implementation: Getting Real, Getting It Right

BlackLine
BlackLine

Join this webcast featuring senior-level financial executives with deep knowledge of the updated internal control framework released by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Hear first-hand how Pfizer, Raytheon and Dow have implemented the updated framework (which will supersede COSO’s original 1992 guidelines at the end of this year).

Software
1 of 48
Download to read offline
FEI - BlackLine Systems Webinar July 24, 2014 12 pm ET / 9am PT 1.5 CPE
Introduction This session will cover key areas to focus on when transitioning to COSO’s updated internal control framework, to make implementation most efficient and effective. Now that its mid-July, 2014, with COSO’s 2013 framework set to supersede the COSO’s 1992 framework less than six months from now (as announced by COSO, as of Dec. 15, 2014), it’s time for your COSO Implementation to “Get Real” and “Get it Right!”
Program Outline Housekeeping/CPE Capsule Overview of COSO 2013 Project Planning, Roles & Responsibilities Mapping from COSO ‘92 to COSO 2013 Working with Auditors; Sarbanes-Oxley Implementation issues; Fraud Assessment Q&A Benefits Closing Remarks
CPE Credits and Supplemental Information We are offering 1.5 CPE credits for this webinar To be eligible to receive these credits, please ensure you answer at least four (4) out of the five (5) polling questions You will receive the CPE certificate via e-mail approximately 4 weeks after the webinar date Register for the remaining webinars in this series hosted by BlackLine Systems in conjunction with FEI. Watch for announcements to be posted on: – FEI’s COSO Resources page, www.financialexecutives.org/coso ,and on – BlackLine’s webinars page https://www.blackline.com/news-events/webinars 4
WHY IS THE UPDATED COSO FRAMEWORK IMPORTANT Internal controls are critical yet companies don’t always update them for changes in the business, industry or environment Companies are now faced with new risks and opportunities that should be considered – Reliance on technologies – Increasing regulatory requirements and oversight – Social media – Outsourcing business functions – Emphasis on controls around non-financial reporting – More focus on fraud 5
Polling Question 1 How far along are you in completing your COSO 2013 implementation?  Haven’t started yet  Early stages  About mid-way  Mostly done  Management done, but we haven’t really consulted with our auditors yet as to the effectiveness of internal control under COSO 2013  Management done, and we know where we stand with our auditors on the effectiveness of internal control under COSO 2013  Not applicable (e.g. I don’t work for a company that has to implement COSO 2013)
SPEAKERS
SPEAKERS
Overview COSO’s Updated Internal Control Framework
Update considers changes in business and operating environments Changes in environments... Drive updates to the Framework... Expectations for governance oversight Globalization of markets and operations Changes and greater complexity in the business Demands and complexities in laws, rules, regulations, and standards Expectations for competencies and accountabilities Use of, and reliance on, evolving technologies Expectations relating to preventing and detecting fraud COSO Cube
What is not changing... What is changing... 1. Retain core definition of internal control 2. Retain five components of internal control 3. Retain requirement of five components for an effective of system of internal control 4. Retain important role of judgment in designing, implementing, and conducting internal control, and in assessing effectiveness of internal control 1. Articulate fundamental concepts underlying the five components as principles 2. Consider changes in business and operating environments 3. Expand operations and reporting objectives 4. Provide additional approaches and examples relevant to operations, compliance, and non-financial reporting objectives Update intends to ease use and application
Requirements for Effective Internal Control Effective internal control requires that: – Each of the five components of internal control and relevant principles are present and functioning – The five components are operating together in an integrated manner When a component or relevant principle is deemed not present and functioning or when components are deemed not operating together, a “major deficiency” exists When a major deficiency exists, the entity cannot conclude that it has met the requirements for effective internal control
Requirements for Effective Internal Control Components operate together when: – Components are present and functioning – Internal control deficiencies aggregated across components do not result in one or more major deficiencies – An internal control deficiency or combination of deficiencies that severely reduces the likelihood that the entity can achieve its objectives is a major deficiency – A major deficiency exists when management determines that a component and relevant principle is not present or functioning or components are not operating together – Management uses only relevant criteria (as established by regulators, standard- setting bodies, and other relevant third parties) for defining severity of, evaluating, and reporting internal control deficiencies
The Five Components of Internal Control Control Environment Risk Assessment Control Activities Information & Communication Monitoring Components of Internal Control Remain Unchanged from COSO’s 1992 Framework
Update articulates principles of effective internal control (continued) Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. 2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.
Update articulates principles of effective internal control (continued) Risk Assessment 6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 8. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control.
Update articulates principles of effective internal control (continued) Control Activities 10. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 11. The organization selects and develops general control activities over technology to support the achievement of objectives. 12. The organization deploys control activities through policies that establish what is expected and procedures that put policies into place.
Update articulates principles of effective internal control (continued) Information & Communication 13. The organization obtains or generates and uses relevant, quality information to support the functioning of other components of internal control. 14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control. 15. The organization communicates with external parties regarding matters affecting the functioning of other components of internal control.
Update articulates principles of effective internal control (continued) Monitoring Activities 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. 17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
Points of Focus The Framework describes points of focus that are important characteristics of the principles – Some points of focus may not relevant, and others may be identified based on specific circumstances – The points of focus may facilitate designing, implementing, and conducting internal control and assessing its effectiveness There is no requirement to separately assess whether points of focus are in place
Transition Timing May 2013 – Paul Beswick, SEC Chief Accountant: – SEC staff plans to monitor the transition for issuers using the 1992 framework to evaluate whether and if any staff or Commission actions become necessary or appropriate at some point in the future. However, at this time, I’ll simply refer users of the COSO framework to the statements COSO has made about their new framework and their thoughts about transition” September 2013 – Center for Audit Quality, SEC Regulations Committee meeting highlights: – [SEC Staff] indicated that the longer issuers continue to use the 1992 framework, the more likely they are to receive questions from the staff about whether the issuer’s use of the 1992 framework satisfies the SEC’s requirement to use a suitable, recognized framework
Draft Disclosure A key part of your disclosure will be to identify which version of the COSO Framework you have used: COSO 1992 or COSO 2013.
Possible Impact Does your organization apply and interpret the narrative included in the 1992 Framework in the same manner as the COSO Board? Does your system of internal control cover all 17 principles? Does your SOX program include the documentation and evaluation of all 5 components, or only of Control Activities? Does your risk assessment give enough consideration to fraud risk? Do your controls extend to processes that have been outsourced? Have you documented and evaluated your Board’s oversight of the system of internal controls? How will you use the framework – for SOX only, or also for other reporting, operating, or compliance objectives?
Recap The framework hasn’t really changed much at all – Same definition of internal control / 5 components – Still follow SEC guidance in determining severity of deficiencies – Areas of emphasis: • Considering fraud in the risk assessment • Controls over outsourced processes • Role of Board in oversight of the system of internal controls All relevant principles must be present and functioning (Points of Focus are not required). Are all of the principles covered in your SOX 404 program? – Do you have the gaps in control, documentation, or monitoring? – Your evaluation of the system of IC at the end of the year will need to address all relevant principles.
Polling Question 2 What is required under COSO 2013 for Internal Control to be deemed “effective”?  All 17 Principles have to be Present and Functioning  The 5 core components of internal control have to operate together  The 87 Points of Focus have to map to your Entity-Level Controls  All of the above  Just the first two points above
Project Management, Roles and Responsibilities
Dow’s COSO 2013 Transition: Project Planning Dow will transition to COSO 2013 during 2014 Focused on Internal Control over External Financial Reporting Project managed by the Internal Control Compliance Group Broad awareness and communication – Key functions engaged (Finance, IT, HR, etc.) – Coordinated with Internal Audit Audit Committee oversight External auditor engagement Consideration of ICEFR “hot topics”
Polling Question 3 Which of the following most closely describes your company’s approach to mapping for COSO 2013?  We are mapping our existing controls to COSO 2013’s 17 Principles, but not to the 87 points of focus.  We are mapping our existing controls to COSO 2013’s 17 Principles AND all 87 points of focus, because of strong pressure from our auditors to do so.  We are mapping our existing controls to COSO’s 17 principles and most or all of COSO’s 87 points of focus voluntarily because we found it helpful to do so.  We are mapping our existing controls to COSO’s 17 principles and most or all of COSO’s 87 points of focus voluntarily, because we believe it will reduce the work and cost of our external auditor engaging in the same activity by enabling them to review our having done that exercise.  Don’t know
Mapping Your Controls To COSO 2013
Mapping Analysis Background Internal Control is not a new concept COSO’s 5 core components are not “new” Sarbanes-Oxley Section 404 is not “new” Judgment is still required in designing, implementing, and assessing internal control Transition from COSO 1992 to COSO 2013 considered by many, as a practical matter, a “mapping” exercise
Gap Analysis “Mapping” or Alternative Method of Gap Analysis Will Vary Degree of documentation and effort will vary, company by company based on … – Current state of internal control – Degree to which current controls have kept up with change – Quality and quantity of existing documentation – Size and complexity of the business
Mapping Analysis: Raytheon’s Approach We started with the COSO Excel templates available when Framework purchased We modified the COSO standard templates to map our key controls to the points of focus for each of the 17 principles – Explanations for each assignment were documented to serve as a record of why the control met the point of focus The mapping exercise identified the level of coverage for the points of focus within each principle and allowed us to: – Assess if all points of focus were covered – Assess strength/weakness of coverage
Mapping Analysis: Lessons we Learned Took longer than expected to complete COSO material was helpful throughout the process Focused on the impact to Internal Control Over Financial Reporting to ensure completion in 2014 Project timeline was helpful to ensure communication with stakeholders, including internal and external auditors Required documentation enhancements in selected areas
Dow’s COSO 2013 Transition: Controls Mapping & Gap Assessment Performed a robust gap assessment – Mapped existing controls to Points of Focus and Principles Will not result in a significant change to Dow’s SOX compliance process or controls – Expanded documentation of specific attributes of certain controls – Will need to obtain specific evidence of operating effectiveness – Enhanced controls in a few areas
Polling Question 4 How confident are you that Chief Executive Officers and the Boards of Directors that oversee them are up to speed about the changes to the COSO internal control framework and how it plays into the CEOs and CFOs Sarbanes-Oxley assertions for calendar-year-end companies beginning this year-end?  Very confident  Confident  Not very confident
Working with the Auditors Management’s Perspective Since 2004, our SOX programs have evolved and improved. Most of us have robust systems of controls and have developed thorough and efficient programs for monitoring our controls and evaluating effectiveness. Our auditors have audited our controls and have given their opinions year after year. COSO 2013 is not a major change to the 1992 Framework. So, the transition project should not be a major effort. We shouldn’t be starting over on SOX, with a blank sheet of paper and a top-to-bottom documentation exercise.
Working with the Auditors Auditors Perspective Since 2004/2007, audits of internal controls have been based on AS2/AS5, and have been influenced by PCAOB inspections. COSO 2013’s 17 principles and 60 or so Points of Focus are new elements in the internal controls audit. The PCAOB alert issued in November included several areas in the audit of internal controls that auditors are going to focus on this year, in addition to COSO (e.g.; management review controls). The PCAOB will be looking for documentation on all of the above, so the Auditors will be cascading these requirements on their clients. The firms have developed templates for collecting the documentation; the comprehensive nature of these templates can potentially generate more work than the minor tweaks to the framework might suggest would be necessary.
Suggestions: We have engaged with our auditors early and often, sharing our plans and early assessments, and seeking their feedback. Our project plan includes reviews with them at each step along the way: – Preliminary Assessment – Project Plan Review – Mapping Exercise – Documentation / Remediation – Testing and Evaluation We have segregated the COSO project from work related to other PCAOB-highlighted topics. We have tried wherever possible to use our auditors templates, in the interest of overall efficiency, but we have discussed the need to limit the amount of detail we are trying to collect in these forms.
Benefits The COSO board firmly believes that the principles in the COSO framework can help companies be more successful.
Risk Assessment One of the most significant updates to COSO’s framework, from management’s perspective, is Principle 8, which requires Management to perform a Fraud Risk Assessment.
Dow’s COSO 2013 Transition: Consideration of Fraud Risk Internal Control Compliance Group conducts formal ICFR fraud risk assessment annually Input from a multiple groups across the organization Identify & document fraud schemes specific to ICFR Consider what groups could commit the fraud and how Identify controls in place to detect and mitigate each fraud risk Consideration of fraud risks at Outsourced Service Providers Audit Committee oversight Fraud awareness training and communication Ongoing monitoring activities
Polling Question 5 Who leads your COSO Project Planning Team at your company?  Internal Audit  Sarbanes-Oxley Group in Corp. Compliance Dept.  Sarbanes-Oxley Group in Corporate Controllers  Internal Control/Financial Control Group in Corporate Compliance  Internal Control/Financial Control Group in Corporate Controllers  Finance/Corporate Controllers Dept – Other  Other
ABOUT BLACKLINE Global headquarters in Los Angeles with regional main offices in London and Sydney More than 850 clients (many in the Fortune 500/Global 1000) Over 100,000 users worldwide in 100+ countries First to market and offer software to automate the entire financial close process BlackLine Certified Implementation Professionals all around the world
USERS OFFICES CERTIFIED PARTNERS 100+ COUNTRIES 100,000+ USERS GLOBAL DEPLOYMENT
About COSO For more information about COSO, go to www.coso.org When ordering the COSO Internal Control Framework, FEI members use Discount Code FEIIC Visit www.financialexecutives.org/coso
About FEI / FERF For more information about COSO, internal controls, Governance Risk and Compliance and topics of interest to senior-level financial executives, audit committee members, and academics, visit Financial Executives International (FEI), Financial Executives Research Foundation (FERF) and FEI Daily. www.financialexecutives.org www.ferf.org daily.financialexecutives.org www.financialexecutives.org/coso
48 Join FEI before August 31 and pay $399. Join online and enter discount code COSO714 during check-out. www.financialexecutives.org/join Questions? Contact FEI’s Member Services Dept. 973.765.1000 | 877.359.10710 | membership@financialexecutives.org Become FEI’s Newest Member!

Recommended

Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Amit Bhargava
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Auditijazurrehman
 
COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to knowjennyhollingworth
 
COSO Update DTF
COSO Update DTFCOSO Update DTF
COSO Update DTFDavid Fernandes
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Frameworkhyesue
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 

Recommended

Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Amit Bhargava
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Auditijazurrehman
 
COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to knowjennyhollingworth
 
COSO Update DTF
COSO Update DTFCOSO Update DTF
COSO Update DTFDavid Fernandes
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Frameworkhyesue
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The AuditorCorporate Compliance Seminars
 
COSO ERM
COSO ERMCOSO ERM
COSO ERMSophia Abigayle
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Frameworksbyearly
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsCorporate Compliance Seminars
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessmentManoj Agarwal
 
Internal controls & ai ss
Internal controls & ai ssInternal controls & ai ss
Internal controls & ai ssKashif Rana ACCA
 
Professional opportunities in Internal Audit
Professional opportunities in Internal AuditProfessional opportunities in Internal Audit
Professional opportunities in Internal AuditManoj Agarwal
 
Coso illustrative tool
Coso illustrative toolCoso illustrative tool
Coso illustrative toolSARVJEET KAUSHAL
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkAziz Fataliyev, Internal Audit Practitioner
 
Model i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaModel i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaRajeswaran Muthu Venkatachalam
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...The Business Council of Mongolia
 
INTERNAL CONTROL SYSTEM -QUESTIONNAIRE
INTERNAL CONTROL SYSTEM -QUESTIONNAIREINTERNAL CONTROL SYSTEM -QUESTIONNAIRE
INTERNAL CONTROL SYSTEM -QUESTIONNAIRESREENIVAS IYER
 
A COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkA COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkJhurt7103
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationInternational Federation of Accountants
 
Turning risk into opportunities
Turning risk into opportunitiesTurning risk into opportunities
Turning risk into opportunitiesManoj Agarwal
 
Audit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementAudit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementManoj Agarwal
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsInternational Federation of Accountants
 
Sarbanes Oxleys Impact On The Coso Cube
Sarbanes Oxleys Impact On The Coso CubeSarbanes Oxleys Impact On The Coso Cube
Sarbanes Oxleys Impact On The Coso CubeDwayne Jorgensen
 
Process Assessment Example
Process Assessment ExampleProcess Assessment Example
Process Assessment ExampleSourcing Sage
 

More Related Content

What's hot

Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Frameworksbyearly
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsCorporate Compliance Seminars
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessmentManoj Agarwal
 
Professional opportunities in Internal Audit
Professional opportunities in Internal AuditProfessional opportunities in Internal Audit
Professional opportunities in Internal AuditManoj Agarwal
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...The Business Council of Mongolia
 
INTERNAL CONTROL SYSTEM -QUESTIONNAIRE
INTERNAL CONTROL SYSTEM -QUESTIONNAIREINTERNAL CONTROL SYSTEM -QUESTIONNAIRE
INTERNAL CONTROL SYSTEM -QUESTIONNAIRESREENIVAS IYER
 
A COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkA COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkJhurt7103
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationInternational Federation of Accountants
 
Turning risk into opportunities
Turning risk into opportunitiesTurning risk into opportunities
Turning risk into opportunitiesManoj Agarwal
 
Audit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementAudit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementManoj Agarwal
 

What's hot (19)

COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
 
Coso framework
Coso frameworkCoso framework
Coso framework
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Framework
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance Seminars
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessment
 
Internal controls & ai ss
Internal controls & ai ssInternal controls & ai ss
Internal controls & ai ss
 
Professional opportunities in Internal Audit
Professional opportunities in Internal AuditProfessional opportunities in Internal Audit
Professional opportunities in Internal Audit
 
Coso illustrative tool
Coso illustrative toolCoso illustrative tool
Coso illustrative tool
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated Framework
 
Model i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaModel i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for ia
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
 
INTERNAL CONTROL SYSTEM -QUESTIONNAIRE
INTERNAL CONTROL SYSTEM -QUESTIONNAIREINTERNAL CONTROL SYSTEM -QUESTIONNAIRE
INTERNAL CONTROL SYSTEM -QUESTIONNAIRE
 
A COSO Based Risk & Control Framework
A COSO Based Risk & Control FrameworkA COSO Based Risk & Control Framework
A COSO Based Risk & Control Framework
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your Organization
 
Turning risk into opportunities
Turning risk into opportunitiesTurning risk into opportunities
Turning risk into opportunities
 
Audit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementAudit Audit Commite And Risk Management
Audit Audit Commite And Risk Management
 

Viewers also liked

Sarbanes Oxleys Impact On The Coso Cube
Sarbanes Oxleys Impact On The Coso CubeSarbanes Oxleys Impact On The Coso Cube
Sarbanes Oxleys Impact On The Coso CubeDwayne Jorgensen
 
Process Assessment Example
Process Assessment ExampleProcess Assessment Example
Process Assessment ExampleSourcing Sage
 
Part three cia_with_ answers
Part three cia_with_ answersPart three cia_with_ answers
Part three cia_with_ answersDeloitte
 
Corruption Risk Assessment
Corruption Risk AssessmentCorruption Risk Assessment
Corruption Risk AssessmentJasmeet Wadehra
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarAviva Spectrum™
 
Introduction cyber securite 2016
Introduction cyber securite 2016Introduction cyber securite 2016
Introduction cyber securite 2016PRONETIS
 
Cours de Gestion des risques
Cours de Gestion des risquesCours de Gestion des risques
Cours de Gestion des risquesRémi Bachelet
 
Gestion des risques SSI : Approche globale ou individuelle ?
Gestion des risques SSI : Approche globale ou individuelle ?Gestion des risques SSI : Approche globale ou individuelle ?
Gestion des risques SSI : Approche globale ou individuelle ?BPMSinfo
 
Audit Documentation Presentation
Audit Documentation PresentationAudit Documentation Presentation
Audit Documentation PresentationKarim70
 
Présentation BPM CBOK V3
Présentation BPM CBOK V3Présentation BPM CBOK V3
Présentation BPM CBOK V3BPMSinfo
 
What is Electronic Records Management?
What is Electronic Records Management?What is Electronic Records Management?
What is Electronic Records Management?Atle Skjekkeland
 

Viewers also liked (20)

Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
 
Sarbanes Oxleys Impact On The Coso Cube
Sarbanes Oxleys Impact On The Coso CubeSarbanes Oxleys Impact On The Coso Cube
Sarbanes Oxleys Impact On The Coso Cube
 
Process Assessment Example
Process Assessment ExampleProcess Assessment Example
Process Assessment Example
 
How to prepare for and pass the CIA exam?
How to prepare for and pass the CIA exam? How to prepare for and pass the CIA exam?
How to prepare for and pass the CIA exam?
 
Part three cia_with_ answers
Part three cia_with_ answersPart three cia_with_ answers
Part three cia_with_ answers
 
Corruption Risk Assessment
Corruption Risk AssessmentCorruption Risk Assessment
Corruption Risk Assessment
 
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationUpgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
 
Audit working-papers
Audit working-papersAudit working-papers
Audit working-papers
 
Introduction cyber securite 2016
Introduction cyber securite 2016Introduction cyber securite 2016
Introduction cyber securite 2016
 
Cours de Gestion des risques
Cours de Gestion des risquesCours de Gestion des risques
Cours de Gestion des risques
 
Gestion des risques SSI : Approche globale ou individuelle ?
Gestion des risques SSI : Approche globale ou individuelle ?Gestion des risques SSI : Approche globale ou individuelle ?
Gestion des risques SSI : Approche globale ou individuelle ?
 
What is Cobit
What is CobitWhat is Cobit
What is Cobit
 
Audit Documentation Presentation
Audit Documentation PresentationAudit Documentation Presentation
Audit Documentation Presentation
 
Présentation BPM CBOK V3
Présentation BPM CBOK V3Présentation BPM CBOK V3
Présentation BPM CBOK V3
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
 
Hoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO ConferenceHoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO Conference
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
What is Electronic Records Management?
What is Electronic Records Management?What is Electronic Records Management?
What is Electronic Records Management?
 

Similar to COSO Implementation: Getting Real, Getting It Right

COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkCOSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkBlackLine
 
COSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfCOSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfAliehaDhea
 
IFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxIFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxSejalJain178980
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007Danial Khan
 
IFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial controlIFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial controlajayinvestrade
 
Prepare for the 2013 COSO Internal Control Framework—Start Now
Prepare for the 2013 COSO Internal Control Framework—Start NowPrepare for the 2013 COSO Internal Control Framework—Start Now
Prepare for the 2013 COSO Internal Control Framework—Start NowBrown Smith Wallace
 
Audit and regulatory compliance
Audit and regulatory complianceAudit and regulatory compliance
Audit and regulatory complianceArchana Chavhan
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Habib Ullah Qamar
 
KPMG-New-COSO-2013-Framework-WHITEPAPER-V4
KPMG-New-COSO-2013-Framework-WHITEPAPER-V4KPMG-New-COSO-2013-Framework-WHITEPAPER-V4
KPMG-New-COSO-2013-Framework-WHITEPAPER-V4Brad Bennett
 
Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013SARVJEET KAUSHAL
 
990025 p executive-summary-final-may20
990025 p executive-summary-final-may20990025 p executive-summary-final-may20
990025 p executive-summary-final-may20Thoriq Rivaldi
 
Final_Compliance Program _Internal Audit
Final_Compliance Program _Internal AuditFinal_Compliance Program _Internal Audit
Final_Compliance Program _Internal AuditLindsay DiFazio
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summaryErwin Morales
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summaryKatherine Reyes V.
 
Mastering SOC 2 Compliance: A Comprehensive Guide
Mastering SOC 2 Compliance: A Comprehensive GuideMastering SOC 2 Compliance: A Comprehensive Guide
Mastering SOC 2 Compliance: A Comprehensive GuideShyamMishra72
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachMohammad Reda Katby
 

Similar to COSO Implementation: Getting Real, Getting It Right (20)

COSO Deck
COSO DeckCOSO Deck
COSO Deck
 
COSO.pptx
COSO.pptxCOSO.pptx
COSO.pptx
 
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkCOSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
 
COSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfCOSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdf
 
IFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxIFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptx
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
 
IFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial controlIFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial control
 
Prepare for the 2013 COSO Internal Control Framework—Start Now
Prepare for the 2013 COSO Internal Control Framework—Start NowPrepare for the 2013 COSO Internal Control Framework—Start Now
Prepare for the 2013 COSO Internal Control Framework—Start Now
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - Templates
 
Audit and regulatory compliance
Audit and regulatory complianceAudit and regulatory compliance
Audit and regulatory compliance
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3
 
KPMG-New-COSO-2013-Framework-WHITEPAPER-V4
KPMG-New-COSO-2013-Framework-WHITEPAPER-V4KPMG-New-COSO-2013-Framework-WHITEPAPER-V4
KPMG-New-COSO-2013-Framework-WHITEPAPER-V4
 
Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013
 
990025 p executive-summary-final-may20
990025 p executive-summary-final-may20990025 p executive-summary-final-may20
990025 p executive-summary-final-may20
 
Final_Compliance Program _Internal Audit
Final_Compliance Program _Internal AuditFinal_Compliance Program _Internal Audit
Final_Compliance Program _Internal Audit
 
WIRC-IFC.pdf
WIRC-IFC.pdfWIRC-IFC.pdf
WIRC-IFC.pdf
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summary
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summary
 
Mastering SOC 2 Compliance: A Comprehensive Guide
Mastering SOC 2 Compliance: A Comprehensive GuideMastering SOC 2 Compliance: A Comprehensive Guide
Mastering SOC 2 Compliance: A Comprehensive Guide
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic Approach
 

Recently uploaded

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 

Recently uploaded (20)

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 

COSO Implementation: Getting Real, Getting It Right

  • 1. FEI - BlackLine Systems Webinar July 24, 2014 12 pm ET / 9am PT 1.5 CPE
  • 2. Introduction This session will cover key areas to focus on when transitioning to COSO’s updated internal control framework, to make implementation most efficient and effective. Now that its mid-July, 2014, with COSO’s 2013 framework set to supersede the COSO’s 1992 framework less than six months from now (as announced by COSO, as of Dec. 15, 2014), it’s time for your COSO Implementation to “Get Real” and “Get it Right!”
  • 3. Program Outline Housekeeping/CPE Capsule Overview of COSO 2013 Project Planning, Roles & Responsibilities Mapping from COSO ‘92 to COSO 2013 Working with Auditors; Sarbanes-Oxley Implementation issues; Fraud Assessment Q&A Benefits Closing Remarks
  • 4. CPE Credits and Supplemental Information We are offering 1.5 CPE credits for this webinar To be eligible to receive these credits, please ensure you answer at least four (4) out of the five (5) polling questions You will receive the CPE certificate via e-mail approximately 4 weeks after the webinar date Register for the remaining webinars in this series hosted by BlackLine Systems in conjunction with FEI. Watch for announcements to be posted on: – FEI’s COSO Resources page, www.financialexecutives.org/coso ,and on – BlackLine’s webinars page https://www.blackline.com/news-events/webinars 4
  • 5. WHY IS THE UPDATED COSO FRAMEWORK IMPORTANT Internal controls are critical yet companies don’t always update them for changes in the business, industry or environment Companies are now faced with new risks and opportunities that should be considered – Reliance on technologies – Increasing regulatory requirements and oversight – Social media – Outsourcing business functions – Emphasis on controls around non-financial reporting – More focus on fraud 5
  • 6. Polling Question 1 How far along are you in completing your COSO 2013 implementation?  Haven’t started yet  Early stages  About mid-way  Mostly done  Management done, but we haven’t really consulted with our auditors yet as to the effectiveness of internal control under COSO 2013  Management done, and we know where we stand with our auditors on the effectiveness of internal control under COSO 2013  Not applicable (e.g. I don’t work for a company that has to implement COSO 2013)
  • 10. Update considers changes in business and operating environments Changes in environments... Drive updates to the Framework... Expectations for governance oversight Globalization of markets and operations Changes and greater complexity in the business Demands and complexities in laws, rules, regulations, and standards Expectations for competencies and accountabilities Use of, and reliance on, evolving technologies Expectations relating to preventing and detecting fraud COSO Cube
  • 11. What is not changing... What is changing... 1. Retain core definition of internal control 2. Retain five components of internal control 3. Retain requirement of five components for an effective of system of internal control 4. Retain important role of judgment in designing, implementing, and conducting internal control, and in assessing effectiveness of internal control 1. Articulate fundamental concepts underlying the five components as principles 2. Consider changes in business and operating environments 3. Expand operations and reporting objectives 4. Provide additional approaches and examples relevant to operations, compliance, and non-financial reporting objectives Update intends to ease use and application
  • 12. Requirements for Effective Internal Control Effective internal control requires that: – Each of the five components of internal control and relevant principles are present and functioning – The five components are operating together in an integrated manner When a component or relevant principle is deemed not present and functioning or when components are deemed not operating together, a “major deficiency” exists When a major deficiency exists, the entity cannot conclude that it has met the requirements for effective internal control
  • 13. Requirements for Effective Internal Control Components operate together when: – Components are present and functioning – Internal control deficiencies aggregated across components do not result in one or more major deficiencies – An internal control deficiency or combination of deficiencies that severely reduces the likelihood that the entity can achieve its objectives is a major deficiency – A major deficiency exists when management determines that a component and relevant principle is not present or functioning or components are not operating together – Management uses only relevant criteria (as established by regulators, standard- setting bodies, and other relevant third parties) for defining severity of, evaluating, and reporting internal control deficiencies
  • 14. The Five Components of Internal Control Control Environment Risk Assessment Control Activities Information & Communication Monitoring Components of Internal Control Remain Unchanged from COSO’s 1992 Framework
  • 15. Update articulates principles of effective internal control (continued) Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. 2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.
  • 16. Update articulates principles of effective internal control (continued) Risk Assessment 6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 8. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control.
  • 17. Update articulates principles of effective internal control (continued) Control Activities 10. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 11. The organization selects and develops general control activities over technology to support the achievement of objectives. 12. The organization deploys control activities through policies that establish what is expected and procedures that put policies into place.
  • 18. Update articulates principles of effective internal control (continued) Information & Communication 13. The organization obtains or generates and uses relevant, quality information to support the functioning of other components of internal control. 14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control. 15. The organization communicates with external parties regarding matters affecting the functioning of other components of internal control.
  • 19. Update articulates principles of effective internal control (continued) Monitoring Activities 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. 17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
  • 20. Points of Focus The Framework describes points of focus that are important characteristics of the principles – Some points of focus may not relevant, and others may be identified based on specific circumstances – The points of focus may facilitate designing, implementing, and conducting internal control and assessing its effectiveness There is no requirement to separately assess whether points of focus are in place
  • 21. Transition Timing May 2013 – Paul Beswick, SEC Chief Accountant: – SEC staff plans to monitor the transition for issuers using the 1992 framework to evaluate whether and if any staff or Commission actions become necessary or appropriate at some point in the future. However, at this time, I’ll simply refer users of the COSO framework to the statements COSO has made about their new framework and their thoughts about transition” September 2013 – Center for Audit Quality, SEC Regulations Committee meeting highlights: – [SEC Staff] indicated that the longer issuers continue to use the 1992 framework, the more likely they are to receive questions from the staff about whether the issuer’s use of the 1992 framework satisfies the SEC’s requirement to use a suitable, recognized framework
  • 22. Draft Disclosure A key part of your disclosure will be to identify which version of the COSO Framework you have used: COSO 1992 or COSO 2013.
  • 23. Possible Impact Does your organization apply and interpret the narrative included in the 1992 Framework in the same manner as the COSO Board? Does your system of internal control cover all 17 principles? Does your SOX program include the documentation and evaluation of all 5 components, or only of Control Activities? Does your risk assessment give enough consideration to fraud risk? Do your controls extend to processes that have been outsourced? Have you documented and evaluated your Board’s oversight of the system of internal controls? How will you use the framework – for SOX only, or also for other reporting, operating, or compliance objectives?
  • 24. Recap The framework hasn’t really changed much at all – Same definition of internal control / 5 components – Still follow SEC guidance in determining severity of deficiencies – Areas of emphasis: • Considering fraud in the risk assessment • Controls over outsourced processes • Role of Board in oversight of the system of internal controls All relevant principles must be present and functioning (Points of Focus are not required). Are all of the principles covered in your SOX 404 program? – Do you have the gaps in control, documentation, or monitoring? – Your evaluation of the system of IC at the end of the year will need to address all relevant principles.
  • 25. Polling Question 2 What is required under COSO 2013 for Internal Control to be deemed “effective”?  All 17 Principles have to be Present and Functioning  The 5 core components of internal control have to operate together  The 87 Points of Focus have to map to your Entity-Level Controls  All of the above  Just the first two points above
  • 26. Project Management, Roles and Responsibilities
  • 27. Dow’s COSO 2013 Transition: Project Planning Dow will transition to COSO 2013 during 2014 Focused on Internal Control over External Financial Reporting Project managed by the Internal Control Compliance Group Broad awareness and communication – Key functions engaged (Finance, IT, HR, etc.) – Coordinated with Internal Audit Audit Committee oversight External auditor engagement Consideration of ICEFR “hot topics”
  • 28. Polling Question 3 Which of the following most closely describes your company’s approach to mapping for COSO 2013?  We are mapping our existing controls to COSO 2013’s 17 Principles, but not to the 87 points of focus.  We are mapping our existing controls to COSO 2013’s 17 Principles AND all 87 points of focus, because of strong pressure from our auditors to do so.  We are mapping our existing controls to COSO’s 17 principles and most or all of COSO’s 87 points of focus voluntarily because we found it helpful to do so.  We are mapping our existing controls to COSO’s 17 principles and most or all of COSO’s 87 points of focus voluntarily, because we believe it will reduce the work and cost of our external auditor engaging in the same activity by enabling them to review our having done that exercise.  Don’t know
  • 29. Mapping Your Controls To COSO 2013
  • 30. Mapping Analysis Background Internal Control is not a new concept COSO’s 5 core components are not “new” Sarbanes-Oxley Section 404 is not “new” Judgment is still required in designing, implementing, and assessing internal control Transition from COSO 1992 to COSO 2013 considered by many, as a practical matter, a “mapping” exercise
  • 31. Gap Analysis “Mapping” or Alternative Method of Gap Analysis Will Vary Degree of documentation and effort will vary, company by company based on … – Current state of internal control – Degree to which current controls have kept up with change – Quality and quantity of existing documentation – Size and complexity of the business
  • 32. Mapping Analysis: Raytheon’s Approach We started with the COSO Excel templates available when Framework purchased We modified the COSO standard templates to map our key controls to the points of focus for each of the 17 principles – Explanations for each assignment were documented to serve as a record of why the control met the point of focus The mapping exercise identified the level of coverage for the points of focus within each principle and allowed us to: – Assess if all points of focus were covered – Assess strength/weakness of coverage
  • 33. Mapping Analysis: Lessons we Learned Took longer than expected to complete COSO material was helpful throughout the process Focused on the impact to Internal Control Over Financial Reporting to ensure completion in 2014 Project timeline was helpful to ensure communication with stakeholders, including internal and external auditors Required documentation enhancements in selected areas
  • 34. Dow’s COSO 2013 Transition: Controls Mapping & Gap Assessment Performed a robust gap assessment – Mapped existing controls to Points of Focus and Principles Will not result in a significant change to Dow’s SOX compliance process or controls – Expanded documentation of specific attributes of certain controls – Will need to obtain specific evidence of operating effectiveness – Enhanced controls in a few areas
  • 35. Polling Question 4 How confident are you that Chief Executive Officers and the Boards of Directors that oversee them are up to speed about the changes to the COSO internal control framework and how it plays into the CEOs and CFOs Sarbanes-Oxley assertions for calendar-year-end companies beginning this year-end?  Very confident  Confident  Not very confident
  • 36. Working with the Auditors Management’s Perspective Since 2004, our SOX programs have evolved and improved. Most of us have robust systems of controls and have developed thorough and efficient programs for monitoring our controls and evaluating effectiveness. Our auditors have audited our controls and have given their opinions year after year. COSO 2013 is not a major change to the 1992 Framework. So, the transition project should not be a major effort. We shouldn’t be starting over on SOX, with a blank sheet of paper and a top-to-bottom documentation exercise.
  • 37. Working with the Auditors Auditors Perspective Since 2004/2007, audits of internal controls have been based on AS2/AS5, and have been influenced by PCAOB inspections. COSO 2013’s 17 principles and 60 or so Points of Focus are new elements in the internal controls audit. The PCAOB alert issued in November included several areas in the audit of internal controls that auditors are going to focus on this year, in addition to COSO (e.g.; management review controls). The PCAOB will be looking for documentation on all of the above, so the Auditors will be cascading these requirements on their clients. The firms have developed templates for collecting the documentation; the comprehensive nature of these templates can potentially generate more work than the minor tweaks to the framework might suggest would be necessary.
  • 38. Suggestions: We have engaged with our auditors early and often, sharing our plans and early assessments, and seeking their feedback. Our project plan includes reviews with them at each step along the way: – Preliminary Assessment – Project Plan Review – Mapping Exercise – Documentation / Remediation – Testing and Evaluation We have segregated the COSO project from work related to other PCAOB-highlighted topics. We have tried wherever possible to use our auditors templates, in the interest of overall efficiency, but we have discussed the need to limit the amount of detail we are trying to collect in these forms.
  • 39. Benefits The COSO board firmly believes that the principles in the COSO framework can help companies be more successful.
  • 40. Risk Assessment One of the most significant updates to COSO’s framework, from management’s perspective, is Principle 8, which requires Management to perform a Fraud Risk Assessment.
  • 41. Dow’s COSO 2013 Transition: Consideration of Fraud Risk Internal Control Compliance Group conducts formal ICFR fraud risk assessment annually Input from a multiple groups across the organization Identify & document fraud schemes specific to ICFR Consider what groups could commit the fraud and how Identify controls in place to detect and mitigate each fraud risk Consideration of fraud risks at Outsourced Service Providers Audit Committee oversight Fraud awareness training and communication Ongoing monitoring activities
  • 42. Polling Question 5 Who leads your COSO Project Planning Team at your company?  Internal Audit  Sarbanes-Oxley Group in Corp. Compliance Dept.  Sarbanes-Oxley Group in Corporate Controllers  Internal Control/Financial Control Group in Corporate Compliance  Internal Control/Financial Control Group in Corporate Controllers  Finance/Corporate Controllers Dept – Other  Other
  • 43. ABOUT BLACKLINE Global headquarters in Los Angeles with regional main offices in London and Sydney More than 850 clients (many in the Fortune 500/Global 1000) Over 100,000 users worldwide in 100+ countries First to market and offer software to automate the entire financial close process BlackLine Certified Implementation Professionals all around the world
  • 44. USERS OFFICES CERTIFIED PARTNERS 100+ COUNTRIES 100,000+ USERS GLOBAL DEPLOYMENT
  • 45.
  • 46. About COSO For more information about COSO, go to www.coso.org When ordering the COSO Internal Control Framework, FEI members use Discount Code FEIIC Visit www.financialexecutives.org/coso
  • 47. About FEI / FERF For more information about COSO, internal controls, Governance Risk and Compliance and topics of interest to senior-level financial executives, audit committee members, and academics, visit Financial Executives International (FEI), Financial Executives Research Foundation (FERF) and FEI Daily. www.financialexecutives.org www.ferf.org daily.financialexecutives.org www.financialexecutives.org/coso
  • 48. 48 Join FEI before August 31 and pay $399. Join online and enter discount code COSO714 during check-out. www.financialexecutives.org/join Questions? Contact FEI’s Member Services Dept. 973.765.1000 | 877.359.10710 | membership@financialexecutives.org Become FEI’s Newest Member!