Introductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework.

Size: px
Start display at page:

Download "Introductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework."

Transcription

1 An Overview of the 2013 COSO Framework An Overview of the COSO 2013 Framework August 8, 2013 Introductions Christian Peo Sharon Todd Marc Wittenberg Module Name/SL/1 firms

2 Course Objectives By the end of this course, participants will understand: The key changes from the 1992 Framework to the 2013 Framework, including the reasons for the changes The 17 principles that support each of the five (5) COSO components, including the related points of focus for each principle The timeline and begin to consider the implications of an organization s transition to the 2013 Framework in connection with management s assessment of the effectiveness of internal controls over financial reporting for regulatory purposes 3 Polling Question 1 Has your organization started assessing what impact COSO 2013 might have on its system of internal controls? A. Yes B. No 4 Module Name/SL/2 firms

3 Agenda Introduction to the COSO 2013 Framework Components, Principles and Points of Focus Control Environment Risk Assessment Control Activities Information and Communications Monitoring Activities Major Deficiency and Material Weakness Additional Considerations Transition: Timeline and Effort Appendix A Accompanying Guidance to the Framework: Illustrative Tools for Assessing Effectiveness of a System of Internal Control Internal Control Over External Financial Reporting: A Compendium of Approaches and Examples 5 Introduction to the COSO 2013 Framework Module Name/SL/3 firms

4 Introduction to COSO 2013 Updated Internal Control Integrated Framework (2013 Framework) issued on May 14, 2013 Companion documents: Internal Control Integrated Framework: Executive Summary Illustrative Tools for Assessing Effectiveness of a System of Internal Control Internal Control over External Financial Reporting: A Compendium of Approaches and Examples COSO 1992 Framework will be available until December 15, 2014, then superseded 7 Polling Question 2 By what date is your organization planning on having COSO 2013 adopted? A. December 15, 2013 B. December 15, 2014 C. After December 15, Module Name/SL/4 firms

5 COSO 2013 Framework Summary of Changes What is not changing... Core definition of internal control Three categories of objectives and five components of internal control Each of the five components of internal control are required for effective internal control Important role of judgment in designing, implementing and conducting internal control, and in assessing its effectiveness What is changing... Updated for changes in business and operating environments Expanded operations and reporting objectives Implicit fundamental concepts underlying five components codified as 17 principles Updated for increased relevance and dependence on IT Addresses fraud risk assessment and response 9 Categories of Objectives Objectives 2013 COSO Framework Operations Relate to the effectiveness and efficiency of the entity s operations, including: Operational and financial performance goals Safeguarding of assets against loss Reporting Relate to internal and external, and financial and non-financial reporting, including: Reliability, timeliness, transparency, or other terms as set forth by regulators, standard setters or the entity s policies Compliance Relate to adherence to laws and regulations and standards to which the entity is subject 10 Module Name/SL/5 firms

6 Definition of Internal Control Over Financial Reporting Regulation 13a-15(f) defines Internal control over financial reporting as: A process... to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles... Includes policies and procedures that: 1. Maintain records in reasonable detail that accurately and fairly reflect the transactions and dispositions of the assets of the issuer 2. Ensures receipts and expenditures of the issuer are made only in accordance with authorizations of management and directors, and 3. Provide reasonable assurance regarding prevention or timely detection of the unauthorized acquisition, use or disposition of the issuer's assets that could have a material effect on the financial statements 11 Knowledge Check 1 Which of the following is NOT one of the three categories of objectives under the 2013 Framework? A. Control objectives B. Operations objectives C. Reporting objectives D. Compliance objectives 12 Module Name/SL/6 firms

7 Knowledge Check 1 Debrief Answer A is correct Control objectives are not one of the three categories of objectives under the 2013 Framework. The three categories of objectives under the 2013 Framework are Operations objectives, Reporting objectives, and Compliance objectives, similar to the 1992 Framework. B. Incorrect. Operations objectives are one of the three objectives under the COSO 2013 Framework and relate to the effectiveness and efficiency of the entity s operations, including operational and financial performance goals. C. Incorrect. Reporting objectives are one of the three objectives under the 2013 Framework and relate to internal and external financial and nonfinancial reporting to stakeholders. D. Incorrect. Compliance objectives es are one of the three objectives es under the 2013 Framework and relate to adhering to laws and regulations that the entity must follow. 13 COSO Components and Principles Module Name/SL/7 firms

8 COSO Components and Principles For effective internal control: Each of the five components and 17 principles must be present and functioning The five components must operate together in an integrated manner Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability Risk Assessment Control Activities Information and Communication Monitoring Activities 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10.Selects and develops control activities 11.Selects and develops general controls over technology 12.Deploys through policies and procedures 13.Uses relevant information 14.Communicates internally 15.Communicates externally 16.Conducts ongoing and/or separate evaluations 17.Evaluates and communicates deficiencies 15 Knowledge Check 2 Which of the following statements is true regarding the COSO components under the 2013 Framework? A. The five COSO components have been eliminated under the 2013 Framework and replaced by 17 principles that were implicit in the 1992 Framework. B. The five COSO components are the same under the 2013 and 1992 Frameworks, but have been expanded under the 2013 Framework to address certain broad-based changes. C. The five 1992 COSO components have been replaced with new COSO components under the 2013 Framework due to changes in information technology over the past twenty years. D. The five COSO components are the same under the 2013 and 1992 Frameworks but entities are given the option to comply with either the COSO components or COSO objectives. 16 Module Name/SL/8 firms

9 Knowledge Check 2 Debrief Answer B is correct The five COSO components are the same under the 2013 and 1992 Frameworks, but have been expanded under the 2013 Framework to address certain broad-based changes. A. Incorrect. The COSO components have not been eliminated and replaced with the 17 principles. Rather, the 17 principles support the five components. C. Incorrect. The COSO components are the same under the 2013 and 1992 Framework they have not been replaced with new components but have rather been expanded under the 2013 Framework to address certain broad-based changes. D. Incorrect. The COSO components and COSO objectives are both part of the COSO Framework and need to be complied with by management. Entities are not given the option to follow one or the other. 17 Control Environment Control Environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. Management reinforces expectations at the various levels of the organization. The control environment comprises the integrity and ethical values of the organization; the parameters enabling the board of directors to carry out its governance oversight responsibilities; the organizational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around performance measures, incentives, and rewards to drive accountability for performance. The resulting control environment has a pervasive impact on the overall system of internal control. Control Environment 2013 Framework Changes Captures seven (7) factors in 1992 Framework into five (5) principles Explains that Control Environment is the foundation for a sound system of internal control Expands and clarifies guidance on: Governance roles in an organization, recognizing differences in structures, requirements, and challenges across different jurisdictions, sectors, and types of entities Expectations of integrity and ethical values Risk oversight and strengthening the linkages between risk and performance to help allocate resources to support internal control The need to consider internal control across the expanded organization resulting from different business models, the use of outsourced service providers and other external partners 18 Module Name/SL/9 firms

10 Control Environment: Principle #1 and Points of Focus 1. The organization demonstrates a commitment to integrity and ethical values. Points of Focus Sets the Tone at the Top Board of Directors and management at all levels demonstrate through directives, actions and behavior the importance of integrity and ethical values to support functioning system of internal control Establishes Standards of Conduct The expectation of the Board of Directors and senior management concerning integrity and ethical values are defined in Standards of Conduct and understood throughout the organization and by outsourced service providers and business partners Evaluates adherence to Standards of Conduct Processes are in place to evaluate the performance of individuals and teams against the Standards of Conduct Addresses deviations in a timely manner Deviations in Standards of Conduct are identified and remedied in a timely consistent manner 19 Control Environment: Principle #2 and Points of Focus 2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Points of Focus Establishes oversight responsibilities The Board of Directors (BoD) identifies and accepts its oversight responsibilities in relation to the established requirements and expectations Applies relevant expertise The BoD defines, maintains and periodically evaluate the skills and expertise needed to enable them to ask probing questions of senior management and take commensurate actions Operates independently The BoD has sufficient independent members and is objective in evaluations and decision making Provides oversight for the system of internal control The BoD retains oversight responsibilities for management s design, implementation and conduct of internal control 20 Module Name/SL/10 firms

11 Control Environment: Principle #3 and Points of Focus 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. Points of Focus Considers all structures of the entity Management and the BoD considers multiple structures (including operating units, legal entities, geographic distribution, and outsourced service providers) to support the achievement of objectives Establishes reporting lines Management designs and evaluates lines of reporting for each entity structure to enable execution of authorities and responsibilities and the flow of information to manage the activities of the entity Defines, assigns, and limits authorities and responsibilities Management and the BoD delegate authority, define responsibilities and use appropriate processes and technology to assign responsibility and segregate duties at various levels of the organization (e.g., the Board; senior executives; management; personnel; outsourced service providers). 21 Control Environment: Principle #4 and Points of Focus 4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. Points of Focus Establishes policies and practices Policies and practices reflect expectations of competence necessary to support the objectives Evaluates competence and addresses shortcomings The Board of Directors and management evaluate competence across the organization and at outsourced service providers in relation to established policies and practices and act as necessary to address shortcomings Attracts, develops, and retains individuals The organization mentors and trains to attract, develop, and retain sufficient and competent personnel and outsourced service providers to support the achievement of objectives Plans and prepares for succession Senior management and the Board of Directors develop contingency plans for assignment of responsibility important for internal control 22 Module Name/SL/11 firms

12 Control Environment: Principle #5 and Points of Focus 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. Points of Focus Enforces accountability through structures, authorities, and responsibilities Establishes the mechanisms to communicate and holds individuals accountable for internal control responsibilities across the organization and implement corrective action Establishes performance measures, incentives, and rewards.... appropriate for responsibilities at all levels of the entity, reflecting performance and Standards of Conduct, considering achievement of ST and LT objectives Evaluates performance measures, incentives, and rewards for ongoing performance Aligns incentives and rewards with the fulfillment of internal control responsibilities in the achievement of objectives Considers excessive pressures Evaluates and adjusts pressures associated with the achievement of objectives as they assign responsibilities, develop performance measures and evaluate performance Evaluates performance and rewards or disciplines individuals Evaluates performance of internal control responsibilities, including adherence to Standard of Conduct and expected competence; provides rewards or disciplinary action as appropriate 23 Knowledge Check 3 Which of the following COSO components is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization, and also considered the foundation for the other four components in a sound system of internal control? A. Control Environment B. Risk Assessment C. Information and Communication D. Monitoring Activities 24 Module Name/SL/12 firms

13 Knowledge Check 3 Debrief Answer A is correct The Control Environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. B. Incorrect. Risk Assessment is a dynamic and iterative process for identifying and analyzing risks to achieving the entity s objectives, forming a basis for determining how risks should be managed. C. Incorrect. Information is necessary for the entity to carry out internal control responsibilities in support of achievement of its objectives. Communication occurs both internally and externally and provides the organization with the information needed to carry out day-to-day internal control activities. D. Incorrect. Monitoring Activities ities are ongoing evaluations, ations separate evaluations, ations or some combination of the two that are used to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, is present and functioning. 25 Risk Assessment Risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Risks from across the entity are considered relative to established risk tolerances. Thus, risk assessment forms the basis for determining how risks will be managed. Management specifies objectives relating to operations, reporting, and compliance with sufficient clarity to be able to identify and analyze risks to those objectives. Risk assessment requires management to consider the impact of possible changes in the external environment and within its own business model that may render internal control ineffective. Risk Assessment 2013 Framework changes Clarifies that risk assessment includes processes for risk identification, risk analysis, and risk response Expands the discussion on Risk tolerances (acceptable risk levels) and risk can be managed through accepting, avoiding and sharing risks The risk severity beyond impact and likelihood to include such velocity and persistence The need to understand significant changes in internal and external factors and the impact on the system of internal control Includes specific assessment of fraud risk relating to material misstatement of reporting, inadequate safeguarding of assets, and corruption as part of the risk assessment process 26 Module Name/SL/13 firms

14 Risk Assessment: Principle #6 and Points of Focus 6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. Points of Focus Separately set out characteristics related to operations; external financial reporting; external non-financial reporting; internal reporting; compliance objectives External Financial Reporting Objectives Complies with applicable accounting standards Financial reporting objectives are consistent with accounting principles suitable and available for the entity Accounting principles selected are appropriate in the circumstances Considers Materiality Management considers materiality in financial statement presentation Reflects entity activities External reporting reflects the underlying transactions and events to show qualitative characteristics and assertions 27 Risk Assessment: Principle #7 and Points of Focus 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. Points of Focus Includes entity, subsidiary, division, operating unit, and functional levels The organization identifies and assesses risks at the entity, subsidiary, division, operating unit and functional levels relevant to the achievement of objectives Analyzes internal and external factors Risk identification considers both internal and external factors and their impact on the achievement of objectives Involves appropriate levels of management The organization puts into place effective risk assessment mechanisms that involve appropriate levels of management Estimates significance of risks identified Identified risks are analyzed through a process that includes estimating the potential significance of the risk Determines how to respond to risks Risk assessment includes considering how the risk should be managed and whether to accept, avoid, reduce or share the risk 28 Module Name/SL/14 firms

15 Risk Assessment: Principle #8 and Points of Focus 8. The organization considers the potential for fraud in assessing risks to the achievement of objectives. Points of Focus Considers various types of fraud The assessment of fraud considers fraudulent reporting, possible loss of assets, and corruption [and management override of controls] resulting from the various ways that fraud and misconduct can occur Assesses incentives and pressures The assessment of fraud risk considers incentives and pressures Assesses opportunities The assessment of fraud risk considers opportunities for unauthorized acquisition, use, or disposal of assets, altering of the entity s reporting records, or committing other inappropriate acts Assesses attitudes and rationalizations The assessment of fraud risk considers how management and other personnel might engage in or justify inappropriate actions 29 Risk Assessment: Principle #9 and Points of Focus 9. The organization identifies and assesses changes that could significantly impact the system of internal control. Points of Focus Assesses changes in the external environment The risk identification process considers changes in the regulatory, economic, and physical environment in which the entity operates Assesses changes in the business model The organization considers the potential impact of new business lines, dramatically altered compositions of existing lines, acquired or divested business operations on the system of internal control, rapid growth, changing reliance on foreign geographies and new technologies Assesses changes in leadership The organization considers changes in the management and respective attitudes and philosophies on the system of internal control 30 Module Name/SL/15 firms

16 Knowledge Check 4 The 2013 Framework includes a more extensive discussion about which of the following topics under the Risk Assessment component? A. Re-aggregation risk B. Management Review Controls C. General IT Controls D. Fraud Risk 31 Knowledge Check 4 Debrief Answer D is correct The 2013 Framework includes a more extensive discussion about the types of fraud and management override of controls and the organization s response to fraud risk. Principle #8 addresses the risk of fraud in the organization in the Risk Assessment component. A. Incorrect. Re-aggregation risk is the risk that a material weakness in ICOFR exists but is not detected for material non significant accounts. Re-aggregation risk is a KPMG concept and is not mentioned in the COSO 2013 Framework. B. Incorrect. The 2013 Framework distinguishes between a management review control as a control activity and a monitoring activity. C. Incorrect. The Control Activities component includes an expanded discussion of the relationship between een automated controls and GITCs and how they link to the business processes. 32 Module Name/SL/16 firms

17 Control Activities Control activities are the actions established through policies and procedures to mitigate risks to the achievement of objectives. Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated activities such as authorizations and approvals, verifications, reconciliations, and business performance reviews. Segregation of duties is typically built into the selection and development of control activities. Where segregation of duties is not practical, management selects and develops alternative control activities. Control Activities 2013 Framework changes Updates the evolution in technology since 1992 (e.g., replacing data center concepts with a more general discussion on the technology infrastructure) Addresses the linkage between business processes, automated control activities and GITCs Contrasts transaction-level controls from controls at other levels of the organization Updates GITC applicability (IT infrastructure; security management; technology acquisition, development and maintenance) across all technology platforms Clarifies that control activities are actions established by policies and procedures rather than being the policies and procedures themselves 33 Control Activities: Principle #10 and Points of Focus 10. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. Points of Focus Integrates with Risk Assessment Control activities help ensure that the risk responses that address and mitigate risks are carried out Considers entity-specific factors Management considers how the environment, complexity, nature and scope of its operations affect the selection and development of control activities Determines relevant business processes Management determines which relevant business processes require controls activities Evaluates a mix of control types Control activities include a range and variety of controls; considering both manual and automated controls, and preventative and detective controls Considers at what level controls are applied Management considers control activities at various levels of the organization Addresses segregation of duties Management segregates incompatible duties and where not practical, selects and develops alternative control activities 34 Module Name/SL/17 firms

18 Control Activities: Principle #11 and Points of Focus 11. The organization selects and develops general control activities over technology to support the achievement of objectives. Points of Focus Determines dependency between the use of technology in business processes and GITCs Management understands and determines dependency and linkage between business processes, automated controls activities and GITCs Establishes relevant Technology Infrastructure control activities... which are designed and implemented to help the completeness, accuracy and availability of technology processing Establishes relevant Security Management Process control activities... which are designed and implemented to restrict technology access rights to authorized users commensurate with their job responsibilities and to protect the entity s assets from external threats Establishes relevant Technology Acquisition, Development, and Maintenance Process control activities Management selects and develops control activities over the acquisition, development and maintenance of technology and its infrastructure to achieve objectives 35 Control Activities: Principle #12 and Points of Focus 12. The organization deploys control activities through policies that establish what is expected and in procedures that put policies into action. Points of Focus Establishes policies and procedures to support deployment of management s directives Controls are built into business processes through specific policies and procedures Establishes responsibility and accountability for executing policies and procedures Management assigns responsibility and accountability for the controls in the business unit or function where the risk resides Performs in a timely manner Responsible personnel perform controls in a timely manner Takes corrective action Responsible personnel investigate and act on matters identified as a result of executing the control Performs using competent personnel Competent personnel with sufficient authority perform controls with diligence and continuing focus Reassesses policies and procedures Management periodically reviews controls to determine their continued relevance and refreshes them when necessary 36 Module Name/SL/18 firms

19 Information and Communication Information is necessary for the entity to carry out internal control responsibilities to support the achievement of its objectives. Management obtains or generates and uses relevant and quality information from both internal and external sources to support the functioning of other components of internal control. Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. Internal communication is the means by which information is disseminated throughout the organization, flowing up, down, and across the entity. It enables personnel to receive a clear message from senior management that control responsibilities must be taken seriously. External communication is twofold: it enables inbound communication of relevant external information, and it provides information to external parties in response to requirements and expectations. Information & Communication 2013 Framework Changes Emphasizes importance of quality of information Including how the entity manages information from and communicates with third-party service providers and those that operate outside its legal and operational boundaries Expands the discussion on The impact of regulatory requirements on reliability and protection of information The volume and sources of information in light of increased complexity of business processes, greater interaction with external parties, and technology advances Reflects the impact of technology and other communication mechanisms on the speed, means, and quality of the flow of information 37 Information and Communication: Principle #13 and Points of Focus 13. The organization obtains or generates and uses relevant, quality information to support the functioning of other components of internal control. Points of Focus Identifies information requirements A process is in place to identify the information required and expected to be support the functioning of the other components and achievement of the entity s objectives Captures internal and external sources of data Information systems captures internal and external sources of data Processes relevant data into information Information systems process and transform relevant data into information Maintains quality throughout processing Information systems produce information that is timely, current, accurate, complete, accessible, protected and verifiable and retained. Information is reviewed to assess its relevance in supporting the components Considers costs and benefits The nature, quantity and precision of information communicated is commensurate with and support the achievement of objectives 38 Module Name/SL/19 firms

20 Information and Communication: Principle #14 and Points of Focus 14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control. Points of Focus Communicates internal control information A process is in place to communicate required information to enable all personnel to understand and carry out their internal control responsibilities Communicates with the Board of Directors Communication exists between management and BoD so that both have information needed to fulfill their roles Provides separate communication lines Separate communication channels, such as whistle blower hotlines, are in place and serve as fail-safe mechanisms to enable anonymous or confidential communication Selects relevant method of communication The method of communication considers the timing, audience and nature of the information 39 Information and Communication: Principle #15 and Points of Focus 15. The organization communicates with external parties regarding matters affecting the functioning of other components of internal control. Points of Focus Communicates to external parties Processes are in place to communicate relevant and timely information to shareholders, partners, regulators, customers, financial analysts and other parties Enables inbound communications Open communication channels allow management and BoD to receive relevant input from customers, consumers, suppliers, external auditors, regulators, financial analysts, and others Communicates with the Board of Directors Relevant information from assessments conducted by external parties is communicated to the BoD Provides separate communication lines Separate communication channels, such as whistle blower hotlines, are in place and serve as fail-safe mechanisms to enable anonymous or confidential communication Selects relevant method of communication The method of communication considers the timing, audience and nature of the communication and legal, regulatory, and fiduciary requirements and expectations 40 Module Name/SL/20 firms

21 Knowledge Check 5 Which of the following is NOT one of the principles related to Information and Communication? A. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. B. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. C. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. D. The organization communicates with external parties about matters affecting the functioning of internal control. 41 Knowledge Check 5 Debrief Answer C is correct The principle that states that The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning is a principle relating to Monitoring Activities. A. Incorrect. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control is a principle relating to Information and Communication. B. Incorrect. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control is a principle relating to Information and Communication. D. Incorrect. The organization communicates with external parties about matters affecting the functioning of internal control is a principle relating to Information and Communication. 42 Module Name/SL/21 firms

22 Monitoring Activities Ongoing evaluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, is present and functioning. Ongoing evaluations, built into business processes at different levels of the entity, provide timely information. Separate evaluations, conducted periodically, will vary in scope and frequency depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations. Findings are evaluated against criteria established by regulators, recognized standard-setting bodies or management and the board of directors, and deficiencies are communicated to management and the board of directors as appropriate. Monitoring Activities 2013 Framework changes Refines the terminology, where the two main categories of monitoring activities are now referred to as ongoing evaluations and separate evaluations Added the need for a baseline understanding in establishing and evaluating ongoing and separate evaluations Expanded discussion of the use of technology and external service providers 43 Monitoring Activities: Principle #16 and Points of Focus 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. Points of Focus Considers a mix of ongoing and separate evaluations Considers rate of change Management considers the rate of change in business and business processes when selecting and developing ongoing and separate evaluations Establishes baseline understanding The design and current state of an internal control system are used to establish a baseline for ongoing and separate evaluations Uses knowledgeable personnel Evaluators performing ongoing and separate evaluations have sufficient knowledge to understand what is being evaluated Integrates with business processes Ongoing evaluations are built into the business process and adjust to changing conditions Adjusts scope and frequency Management varies the scope and frequency of separate evaluations depending on risk Objectively evaluates Separate evaluations are performed periodically to provide objective feedback 44 Module Name/SL/22 firms

23 Monitoring Activities: Principle #17 and Points of Focus 17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. Points of Focus Assesses results Management and the BoD assess the results of ongoing and separate evaluations Communicates deficiencies Deficiencies are communicated to the parties responsible for taking corrective action and to senior management and BoDs, as appropriate Monitors corrective actions Management tracks whether deficiencies are remediated on a timely basis 45 Knowledge Check 6 Which of the following statements is true regarding the 2013 Framework? A. The 2013 Framework revises the definition of internal control and the COSO cube to divide the cube into 17 sections, one for each of the principles in the Framework. B. The 2013 Framework requires that each of the five components and 17 principles be present and functioning and the five components must operate together in an integrated manner. C. The 2013 Framework provides a basis for assessing the effectiveness of internal controls over internal financial and non-financial reporting only, and may not be used for external reporting purposes. D. The 2013 Framework acknowledges that the criteria for defining and classifying the severity of internal control deficiencies established by the SEC and PCAOB should be revised and updated to rely on the 2013 Framework s definition of deficiencies. 46 Module Name/SL/23 firms

24 Knowledge Check 6 Debrief Answer B is correct The 2013 Framework requires that each of the 5 components and 17 principles be present and functioning and the five components must operate together in an integrated manner. A. Incorrect. The definition of internal control and the COSO cube have remained the same under the 2013 Framework. C. Incorrect. The 2013 Framework could be used to assess internal and external, financial and non-financial reporting objectives. D. Incorrect. The criteria for defining and classifying the severity of internal control deficiencies established by the standard setting bodies such as the SEC and PCAOB should continue to be used when reporting under those regulations or standards. 47 Major Deficiency and Material Weakness Module Name/SL/24 firms

25 Major Deficiency and Material Weakness COSO 2013 An effective system of internal control requires that: Each of the five components and relevant principles are present and functioning and, The five components operate together in an integrated manner A major deficiency exists if the organization cannot conclude that these are met. Major deficiency in one component or principle cannot be mitigated to an acceptable low level by the presence and functioning of another component or principle Look across components and principles for mitigating controls to reduce the severity Concept of material misstatement does not exist SEC/PCAOB Material weakness: a deficiency, or a combination of deficiencies, in ICOFR, such that there is a reasonable possibility that a material misstatement of the company s annual or interim financial statements will not be prevented or detected on a timely basis. Considers magnitude and likelihood of misstatement Follow SEC and PCAOB criteria for defining and classifying the severity of deficiencies when reporting under those regulations or standards Cannot conclude that internal controls are effective under the 2013 Framework if a MW exists Look for mitigating controls to reduce the severity 49 Knowledge Check 7 Which of the following statements about major deficiencies under the COSO 2013 Framework is true? A. An entity may conclude that its system of internal control is effective even if a material weakness exists for purposes of SEC and PCAOB reporting. B. A control deficiency in one component and related principle cannot be mitigated to an acceptable level by the presence and functioning of a control operating in another component and related principle. C. A major deficiency in one component or principle can be mitigated to an acceptable level by the presence and functioning of another component or principle. D. A major deficiency exists when management determines that a component and one or more relevant principles are not present and functioning or that components are not operating together. 50 Module Name/SL/25 firms

26 Knowledge Check 7 Debrief Answer D is correct A major deficiency exists when management determines that a component and one or more relevant principles are not present and functioning or that components are not operating together. A. Incorrect. Any internal control deficiency that results in a system of internal control not being effective for regulatory purposes also would preclude the organization from concluding that its internal controls were effective under the 2013 Framework. B. Incorrect. A control deficiency in one component can be mitigated to an acceptable level by the presence and functioning of a control operating in another component and principle since controls can affect several principles and components. C. Incorrect. A major deficiency presumes that there are no other controls in the organization that can effectively mitigate the risk of achieving the objective to an acceptable level; accordingly, a major deficiency in one principle or component cannot be mitigated to an acceptable level by the presence and functioning of controls operating in other components or principles. 51 Additional Considerations Module Name/SL/26 firms

27 Additional Considerations Judgment Framework does not prescribe the specific controls; it sets out the principles Controls are the function of management s and the Board s judgments Organizational boundaries Management retains responsibility for objectives; managing risks; selecting, developing and deploying effective controls over third-party service providers Increased importance of information and communication Large vs. smaller entities Principles are applicable to all entities Different risks and different advantages to be considered Benefits and costs of internal control 53 Documentation Effective documentation of the organization s system of internal control is necessary to: Provide evidence of its effectiveness Enable proper monitoring i Effective documentation is also useful: For assigning responsibility and accountability to employees Training new and experienced employees who implement and monitor the controls Promoting consistency across the organization Retaining organizational knowledge Higher level of documentation necessary when management asserts effectiveness of internal controls to regulators, shareholders and other third-parties Document support for design and operating effectiveness of controls to auditors Sufficiency of testing and judgments 54 Module Name/SL/27 firms

28 Limitations of Internal Control An effective system of internal control provides reasonable assurance, not absolute assurance, due to: Suitability of objectives established as a precondition to internal control Human judgment can be faulty and subject to bias Breakdowns due to human failures Management override of internal control Circumvention of internal control through collusion Events beyond organization s control 55 Transition: Timeline and Effort Module Name/SL/28 firms

29 Transition: Timeline and Effort COSO determined the 2013 Framework will supersede 1992 Framework effective December 15, 2014 Pending SEC monitoring of the transition phase Assess the implications of the 2013 Framework as soon as feasible Impact of adopting the updated Framework will vary by entity Organizations should disclose whether the 1992 or 2013 version of the Framework was used during the transition period Opportunity to take a fresh look At the efficiency and effectiveness of business processes, risk assessments, and controls responsive to the risks At the ICFR assessment prepared under the 1992 Framework Treat 2013 assessment as a Dress Rehearsal! 57 Transition: Timeline and Effort (continued) Develop an effective Transition Plan to ensure that the organization benefit s from the adoption of the 2013 Framework COSO published The 2013 COSO Framework & SOX Compliance One Approach to An Effective Transition by Stephen McNally (Campbell Soup) The article discusses a five-step transition process: 1. Develop awareness, expertise and alignment 2. Conduct a preliminary impact assessment 3. Facilitate broad awareness, training and comprehensive assessment 4. Develop and execute a COSO transition plan for ICFR assessment 5. Drive continuous improvement Article is available on KPMG professionals are available to assist 58 Module Name/SL/29 firms

30 Knowledge Check 8 Not considering the recent feedback by the SEC, the COSO Board announced that it will continue to make the 1992 Framework available until which of the following dates, at which point it will be superseded by the 2013 Framework? A. May 14, 2013 B. December 15, 2013 C. December 31, 2013 D. December 15, Knowledge Check 8 Debrief Answer D is correct The COSO Board announced it will continue to make the original 1992 Framework available until December 15, After that date, COSO will consider the 1992 Framework superseded. A. Incorrect. May 14, 2013 is the date that the 2013 Framework was released. B. Incorrect. December 15, 2013 is one year too early and is during the transition period. Entities have until December 15, 2014 to transition to the 2013 Framework. C. Incorrect. December 31, 2013 is the end of this calendar year. Entities have until December 15, 2014 to transition to the 2013 Framework. 60 Module Name/SL/30 firms

31 Next Steps Get familiar with COSO 2013 Educate your Board, Audit Committee and company management Plan how you will transition your organization 61 Contact Information Christian Peo Sharon Todd Marc Wittenberg Financial Reporting Network: KPMG Learning Executive Education: 62 Module Name/SL/31 firms

32 Thank you! Appendix A Accompanying Guidance to the Framework Module Name/SL/32 firms

33 Accompanying Guidance to the Framework 2013 Framework also includes the following companion documents: Illustrative Tools for Assessing Effectiveness of a System of Internal Control Internal Control over External Financial Reporting: A Compendium of Approaches and Examples 65 Illustrative Tools for Assessing Effectiveness of a System of Internal Control Tools include collection of templates and scenarios that can assist users when assessing the effectiveness of a system of internal control based on the requirements set forth in the updated Framework. Templates help management present a summary of assessment results and its determination of whether components and principles are present and functioning Scenarios illustrate how templates can be used to support an assessment of effectiveness of a system of internal control, including: Is a component and relevant principles present and functioning? Are the five components present, functioning and operating together in an integrated manner? Illustrative tools do not replace or modify the updated Framework 66 Module Name/SL/33 firms

34 Internal Control Over External Financial Reporting: A Compendium of Approaches and Examples Illustrates through approaches and examples how the principles apply to external financial reporting objectives ICFR Website postings, press releases, AGMs, etc. Approaches illustrate how the organization would design, implement or conduct certain aspects of ICEFR Approaches apply to any size or type of entity Approaches included in the Compendium are NOT a comprehensive or authoritative list Points of Focus are used to demonstrate t the linkage between the example activities and the characteristics of a principle Examples are based on actual experiences Examples are NOT intended to be best practices or sufficient to demonstrate that a principle is effective KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International. Printed in the U.S.A. Module Name/SL/34 firms

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015 In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal

More information

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014 COSO Updates and Expectations IIA San Diego Chapter January 8, 2014 Agenda Overview of 2013 Internal Control-Integrated Framework and Companion Guidance 2013 Framework General Enhancements by Component

More information

Heads Up. Control Integrated Framework. COSO Enhances Its Internal. In This Issue: Enhancements in the 2013 Framework

Heads Up. Control Integrated Framework. COSO Enhances Its Internal. In This Issue: Enhancements in the 2013 Framework June 10, 2013 Volume 20, Issue 17 Heads Up In This Issue: Enhancements in the 2013 Framework Effective Systems of Internal Control COSO Transition Guidance and Impact on Other COSO Documents Internal Control

More information

2013 COSO Internal Control Framework Update. September 5, 2013

2013 COSO Internal Control Framework Update. September 5, 2013 2013 COSO Internal Control Framework Update September 5, 2013 Agenda 2013 COSO IC Framework Topic Minutes The update process 5 What is not changing / What is changing 5 The 17 principles and changes to

More information

COSO Internal Control Integrated Framework Proposed Update

COSO Internal Control Integrated Framework Proposed Update COSO Internal Control Integrated Framework Proposed Update Presented by: Dustin Birashk September 20, 2012 1 DISCLOSURE STATEMENT The material appearing in this presentation is for informational purposes

More information

Internal Control Integrated Framework. May 2013

Internal Control Integrated Framework. May 2013 Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of

More information

Internal Control Questionnaire and Assessment

Internal Control Questionnaire and Assessment Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 15, 2016 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org

More information

Present and functioning: Fine-tuning your ICFR using the COSO update

Present and functioning: Fine-tuning your ICFR using the COSO update Present and functioning: Fine-tuning your ICFR using the COSO update November 2014 With the COSO s 1992 Control Framework being superseded by the 2013 updated edition on December 15, 2014, now is the time

More information

A Discussion About Internal Controls February 2016

A Discussion About Internal Controls February 2016 A Discussion About Internal Controls February 2016 What we will cover today 001 Introductions 002 Defining Internal Controls 003 COSO Internal Controls Integrated Framework 004 Approach to Designing Internal

More information

Internal Control Questionnaire and Assessment

Internal Control Questionnaire and Assessment Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 30, 2017 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org

More information

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING Nature and Timing of the Reporting Requirement When must registrants begin to report on internal control over financial reporting?

More information

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining) Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining) Topic AS No. 5 AS No. 2 Objective of ICFR Audit Planning the ICFR Audit Integration

More information

Auditing Standards and Practices Council

Auditing Standards and Practices Council Auditing Standards and Practices Council PHILIPPINE STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT PHILIPPINE STANDARD ON AUDITING

More information

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013 B S R & Co. LLP Reporting on Internal Controls over Financial Reporting An Overview Sarbanes Oxley Act (SOX) 28 December 2013 Agenda Sarbanes Oxley Key Sections COSO Framework Management Approach to ICOFR

More information

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT (Effective for audits of financial statements for periods beginning

More information

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org PRELIMINARY STAFF VIEWS AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL

More information

IAASB Main Agenda (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1

IAASB Main Agenda (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1 Agenda Item 3-A Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1 Objectives of the IAASB Discussion The objective of this agenda item are to: (a) Present initial background

More information

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC Internal controls over Financial Reporting Key concepts Presentation by Jayesh Gandhi at WIRC Page 1 ICFR Key Concepts WIRC 28 May 2016 Agenda Scope and requirements Overview of internal controls as per

More information

AUDITING. Auditing PAGE 1

AUDITING. Auditing PAGE 1 AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal

More information

The New COSO Framework: Avoiding Deficiencies and Driving Change

The New COSO Framework: Avoiding Deficiencies and Driving Change The New COSO Framework: Avoiding Deficiencies and Driving Change Session #308 Speaker Introductions Kimberley Mobley, CPA, CISA Ryan Isbell, CPA Greg Daniel, CISA, CRMA Partner Controller Manager Johnson

More information

Evaluating Internal Controls

Evaluating Internal Controls A SSURANCE AND A DVISORY BUSINESS S ERVICES Fourth in the Series!@# Evaluating Internal Controls Evaluating Overall Effectiveness, Identifying Matters for Improvement, and Ongoing Assessment of Controls

More information

[RELEASE NOS ; ; FR-77; File No. S ]

[RELEASE NOS ; ; FR-77; File No. S ] SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting

More information

PART 6 - INTERNAL CONTROL

PART 6 - INTERNAL CONTROL PART 6 - INTERNAL CONTROL INTRODUCTION The A-102 Common Rule and OMB Circular A-110 (2 CFR part 215) require that non-federal entities receiving Federal awards (i.e., auditee management) establish and

More information

FINANCIAL INSTITUTIONS AUDIT COMMITTEE GUIDE FOR FINANCIAL INSTITUTIONS

FINANCIAL INSTITUTIONS AUDIT COMMITTEE GUIDE FOR FINANCIAL INSTITUTIONS FINANCIAL INSTITUTIONS AUDIT COMMITTEE GUIDE FOR FINANCIAL INSTITUTIONS Dear clients and friends of the firm, Corporate governance is a significant area of focus for stakeholders of financial institutions.

More information

COSO 2013: Updated internal control framework

COSO 2013: Updated internal control framework COSO 2013: Updated internal control framework Athens, 10 October 2013 Background COSO's structure and mission COSO 1 is a joint initiative of five sponsoring organizations - American Accounting Association

More information

Internal Financial Controls (IFC) ICAI Seminar October 8, 2016

Internal Financial Controls (IFC) ICAI Seminar October 8, 2016 Internal Financial Controls (IFC) 1 ICAI Seminar October 8, 2016 Financial Reporting Assertions 3 Effective Internal Controls over Financial Reporting All Significant Accounts considered Minor or few internal

More information

Audit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization

Audit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization Audit Training-of-Trainers Workshop, 18-19 November 2014, Vienna Components of internal control within organization Andrei Busuioc, Senior Financial Management Specialist, CFRR Session objectives The session

More information

IAASB CAG Public Session (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1

IAASB CAG Public Session (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1 Agenda Item C.1 Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1 Objectives of the IAASB CAG Discussion The objective of this agenda item are to: (a) Present initial background

More information

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive Assessment of the Design Effectiveness of Entity Level Controls Office of the Chief Audit Executive February 2017 Cette publication est également disponible en français. This publication is available in

More information

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017 For Exams Scheduled After March 31, 2017 CPA EXAM REVIEW BUSINESS UPDATES AND ACADEMIC HELP Click on Community and Support at www.becker.com/cpa CUSTOMER SERVICE AND TECHNICAL SUPPORT Call 1-877-CPA-EXAM

More information

FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A)

FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A) Page 136 of 174 FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A) RECOGNIZING RISK FACTORS THAT SHOULD GET YOUR ATTENTION How to use the checklist: 1. Review this checklist towards

More information

Internal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016

Internal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016 New perspectives as per Companies Act 2013 and CARO 2016 1 Contents: Background Meaning of IFC IFC on Financial Reporting Why IFC? Regulatory mandate Role of various authorities Components of IFC IFC under

More information

REPORT 2016/033 INTERNAL AUDIT DIVISION

REPORT 2016/033 INTERNAL AUDIT DIVISION INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS

More information

See your auditor clearly. Transparency report: How we perform quality audit engagements

See your auditor clearly. Transparency report: How we perform quality audit engagements See your auditor clearly. Transparency report: How we perform quality audit engagements February 2014 Table of contents 1) A message from the CEO and Managing Partner Assurance 2 2) Quality control policies

More information

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for

More information

Report on Inspection of KPMG AG Wirtschaftspruefungsgesellschaft (Headquartered in Berlin, Federal Republic of Germany)

Report on Inspection of KPMG AG Wirtschaftspruefungsgesellschaft (Headquartered in Berlin, Federal Republic of Germany) 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2016 (Headquartered in Berlin, Federal Republic of Germany) Issued by the Public Company

More information

Corporate Governance Update. SOX 404 and Internal Controls

Corporate Governance Update. SOX 404 and Internal Controls Corporate Governance Update SOX 404 and Internal Controls Speakers Barbara Borden bborden@cooley.com 858.550.6243 Brad Peck bpeck@cooley.com 858.550.6012 Steven Spector (858) 453-7200 x229 sspector@arenapharm.com

More information

2014 Integrated Internal Control Plan. FRCC Spring Compliance Workshop April 8-10, 2014

2014 Integrated Internal Control Plan. FRCC Spring Compliance Workshop April 8-10, 2014 2014 Integrated Internal Control Plan Contents Definitions Integrated Components of COSO Internal Control Framework The COSO Internal Control Framework and Seminole Control Environment Risk Assessment

More information

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? As used in this document, Deloitte means Deloitte Tax LLP, which provides tax services; Deloitte & Touche LLP, which provides assurance

More information

and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment IFACIAAS Board IAASB Main Agenda (April 2013) Agenda Iten 5-D Final Pronouncement March 2012 International Standard on Auditing ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement

More information

Speech by SEC Staff: Remarks before the 2007 AICPA National Conference on Current SEC and PCAOB Developments

Speech by SEC Staff: Remarks before the 2007 AICPA National Conference on Current SEC and PCAOB Developments Home Previous Page Speech by SEC Staff: Remarks before the 2007 AICPA National Conference on Current SEC and PCAOB Developments by Josh Jones Professional Accounting Fellow, Office of the Chief Accountant

More information

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2014 (Headquartered in Toronto, Canada) Issued by the Public Company Accounting Oversight

More information

Session 7: Corporate Governance

Session 7: Corporate Governance Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

More information

Report on Inspection of PricewaterhouseCoopers Audit (Headquartered in Neuilly-Sur-Seine, French Republic)

Report on Inspection of PricewaterhouseCoopers Audit (Headquartered in Neuilly-Sur-Seine, French Republic) 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2015 (Headquartered in Neuilly-Sur-Seine, French Republic) Issued by the Public Company

More information

Auditing Standard 16

Auditing Standard 16 Certified Sarbanes-Oxley Expert Official Prep Course Part K Sarbanes Oxley Compliance Professionals Association (SOXCPA) The largest association of Sarbanes Oxley Professionals in the world Auditing Standard

More information

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by: IPO Readiness Sarbanes-Oxley Compliance & Other Considerations Presented by: IPO Readiness Enhanced Financial / Legal compliance SEC / Stock Exchange Compliance Entity Structure / Registration Filing Requirements

More information

BERMUDA MONETARY AUTHORITY

BERMUDA MONETARY AUTHORITY BERMUDA MONETARY AUTHORITY CORPORATE GOVERNANCE POLICY FOR TRUST (REGULATION OF TRUST BUSINESS) ACT 2001 INVESTMENT BUSINESS ACT 2003 INVESTMENT FUNDS ACT 2006 JANUARY 2014 TABLE OF CONTENTS I. INTRODUCTION...

More information

Report on Inspection of KPMG Auditores Consultores Ltda. (Headquartered in Santiago, Republic of Chile)

Report on Inspection of KPMG Auditores Consultores Ltda. (Headquartered in Santiago, Republic of Chile) 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2016 (Headquartered in Santiago, Republic of Chile) Issued by the Public Company Accounting

More information

Short, engaging headline

Short, engaging headline Short, engaging headline Internal controls over financial reporting Designing a healthy program that evolves to meet changing needs kpmg.ca In this series of white papers, KPMG s Risk Consulting practice

More information

A FRAMEWORK FOR AUDIT QUALITY. KEY ELEMENTS THAT CREATE AN ENVIRONMENT FOR AUDIT QUALITY February 2014

A FRAMEWORK FOR AUDIT QUALITY. KEY ELEMENTS THAT CREATE AN ENVIRONMENT FOR AUDIT QUALITY February 2014 A FRAMEWORK FOR AUDIT QUALITY KEY ELEMENTS THAT CREATE AN ENVIRONMENT FOR AUDIT QUALITY February 2014 This document was developed and approved by the International Auditing and Assurance Standards Board

More information

Using the COSO Map. Unpublished Article By Larry Hubbard

Using the COSO Map. Unpublished Article By Larry Hubbard Unpublished Article By Larry Hubbard Internal Control Integrated Framework published by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission How many times have we read articles

More information

Audit and Advisory Services Integrity, Innovation and Quality. Audit of Internal Controls over Financial Reporting

Audit and Advisory Services Integrity, Innovation and Quality. Audit of Internal Controls over Financial Reporting Audit and Advisory Services Integrity, Innovation and Quality Audit of Internal Controls over Financial Reporting October 2015 Table of Contents i Audit of Internal Controls over Financial Reporting EXECUTIVE

More information

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS Introduction INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE (Effective for audits of financial statements for periods beginning on or after December 15, 2009) +

More information

Report on Inspection of KAP Purwantono, Sungkoro & Surja (Headquartered in Jakarta, Republic of Indonesia)

Report on Inspection of KAP Purwantono, Sungkoro & Surja (Headquartered in Jakarta, Republic of Indonesia) 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2015 Inspection of KAP Purwantono, (Headquartered in Jakarta, Republic of Indonesia)

More information

IAASB Main Agenda (December 2011) Agenda Item

IAASB Main Agenda (December 2011) Agenda Item Engagement Level Audit Quality Exhibiting appropriate values, ethics and attitudes; Agenda Item 6-B 1. An audit of an entity s financial statements involves independent auditors gathering sufficient appropriate

More information

Report on. Issued by the. Public Company Accounting Oversight Board. June 16, 2016 THIS IS A PUBLIC VERSION OF A PCAOB INSPECTION REPORT

Report on. Issued by the. Public Company Accounting Oversight Board. June 16, 2016 THIS IS A PUBLIC VERSION OF A PCAOB INSPECTION REPORT 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2015 Inspection of Paredes, Zaldívar, Burga & Asociados Sociedad Civil de (Headquartered

More information

THE NEW AND REVISED INTERPRETATIONS CONTAINED IN THIS DOCUMENT ARE EFFECTIVE ON AUGUST 31, 2017 UNLESS OTHERWISE NOTED.

THE NEW AND REVISED INTERPRETATIONS CONTAINED IN THIS DOCUMENT ARE EFFECTIVE ON AUGUST 31, 2017 UNLESS OTHERWISE NOTED. THE NEW AND REVISED INTERPRETATIONS CONTAINED IN THIS DOCUMENT ARE EFFECTIVE ON AUGUST 31, 2017 UNLESS OTHERWISE NOTED. Ethics interpretations are promulgated by the executive committee of the Professional

More information

Report on Inspection of Deloitte & Associes (Headquartered in Neuilly-sur-Seine, French Republic) Public Company Accounting Oversight Board

Report on Inspection of Deloitte & Associes (Headquartered in Neuilly-sur-Seine, French Republic) Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2015 (Headquartered in Neuilly-sur-Seine, French Republic) Issued by the Public Company

More information

1. Definition & Mission

1. Definition & Mission 1. Definition & Mission 1.1 Internal Auditing is an independent, objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of. 1.2 Group Internal

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Introduction Bethmara Kessler, CFE, CISA Campbell Soup Company 2017 Association of Certified Fraud Examiners, Inc. CPE Information 2017 Association of Certified Fraud Examiners, Inc.

More information

BERMUDA MONETARY AUTHORITY

BERMUDA MONETARY AUTHORITY BERMUDA MONETARY AUTHORITY CONSULTATION PAPER CORPORATE GOVERNANCE POLICY TRUST (REGULATION OF TRUST BUSINESS) ACT 2001 INVESTMENT BUSINESS ACT 2003 INVESTMENT FUNDS ACT 2006 DECEMBER 2012 Table of Contents

More information

On the Revision of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal Control

On the Revision of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal Control (Provisional translation) On the Revision of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) Released on

More information

King lll Principle Comments on application in 2016 Reference Chapter 1: Ethical leadership and corporate citizenship Principle 1.

King lll Principle Comments on application in 2016 Reference Chapter 1: Ethical leadership and corporate citizenship Principle 1. Clicks Group Application of King III Principles 2016 APPLICATION OF King III PrincipleS 2016 This document has been prepared in terms of the JSE Listings Requirements and sets out the application of King

More information

Key Elements of Antifraud Programs and Controls

Key Elements of Antifraud Programs and Controls Key Elements of Antifraud Programs and Controls A White Paper This white paper provides general or summary information about aspects of the Sarbanes-Oxley Act of 2002 and current and proposed rules, regulations

More information

Chapter 7. Auditing Internal Control over Financial Reporting. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 7. Auditing Internal Control over Financial Reporting. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved. Management Responsibilities under Section 404 Management

More information

SAS Teleconference

SAS Teleconference SAS 104-111 Teleconference Jan. 15, 2009 Craig Funkhouser, Crowe Horwath LLP craig.funkhouser@crowehorwath.com Ken Goldmann, J.H. Cohn kgoldmann@jhcohn.com 1 Today s Program Historical Background, Review

More information

Internal Financial Controls (IFC) - An Overview

Internal Financial Controls (IFC) - An Overview Internal Financial Controls (IFC) - An Overview Increased responsibilities of the Board: Companies Act 2013 Board s responsibility extended to ensure Legal compliances to all applicable statutes. The increasingly

More information

Public Company Accounting Oversight Board

Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2008 (Headquartered in New York, New York) Issued by the Public Company Accounting

More information

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS MISSION To contribute to Ireland having a strong regulatory environment in which to do business by supervising and

More information

Internal Audit Policy and Procedures Internal Audit Charter

Internal Audit Policy and Procedures Internal Audit Charter Mission Statement Internal Audit Policy and Procedures Internal Audit Charter The mission of the Internal Audit Department is to provide independent and objective reviews and assessments of the business

More information

Drafting conventions for Auditing Guidelines and key terms for public-sector auditing

Drafting conventions for Auditing Guidelines and key terms for public-sector auditing PSC INTOSAI Professional Standards Committee Drafting conventions for Auditing Guidelines and key terms for public-sector auditing Introduction These drafting conventions were developed by the ISSAI Harmonisation

More information

Section 404 of the Sarbanes-Oxley

Section 404 of the Sarbanes-Oxley M A N A G E M E N T management tools Assessing the Control Environment Using a Balanced Scorecard Approach By Joseph H. Callaghan, Arline Savage, and Steven Mintz Section 404 of the Sarbanes-Oxley Act

More information

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems BOM/BSD 2/November 1994 BANK OF MAURITIUS Guideline on Maintenance of Accounting and other Records and Internal Control Systems November 1994 Revised November 2013 Revised December 2017 TABLE OF CONTENTS

More information

Policy and Procedures Date: November 5, 2017

Policy and Procedures Date: November 5, 2017 Virginia Polytechnic Institute and State University No. 3350 Rev.: 8 Policy and Procedures Date: November 5, 2017 Subject: Charter for the Office of Audit, Risk, and Compliance 1. Purpose... 1 2. Policy...

More information

White Paper. Effective and Practical Deployment of COSO: Entity Level Control and Lessons Learned. July 10, 2008 THE ROBERTS COMPANY, LLC

White Paper. Effective and Practical Deployment of COSO: Entity Level Control and Lessons Learned. July 10, 2008 THE ROBERTS COMPANY, LLC THE ROBERTS COMPANY, LLC Compliance Services: IT and Business Processes 3394 Holly Oak Lane, Escondido, CA 92027 TEL: 760.550.2160 * FAX 760.839.2160 E-mail: robertputrus@therobertsglobal.com http://www.therobertsglobal.com/

More information

AICPA STANDARDS FOR PERFORMING AND REPORTING ON PEER REVIEWS. Effective for Peer Reviews Commencing on or After January 1, 2009

AICPA STANDARDS FOR PERFORMING AND REPORTING ON PEER REVIEWS. Effective for Peer Reviews Commencing on or After January 1, 2009 AICPA STANDARDS FOR PERFORMING AND REPORTING ON PEER REVIEWS Effective for Peer Reviews Commencing on or After January 1, 2009 Guidance for Performing and Reporting on Peer Reviews Copyright 2008 by American

More information

Statement on February 2014 Auditing Standards 128. Using the Work of Internal Auditors

Statement on February 2014 Auditing Standards 128. Using the Work of Internal Auditors Statement on February 2014 Auditing Standards 128 Issued by the Auditing Standards Board Using the Work of Internal Auditors (Supersedes Statement on Auditing Standards [SAS] No. 65, The Auditor's Consideration

More information

EFFICIENT USE OF AUDIT COMMITTEES

EFFICIENT USE OF AUDIT COMMITTEES AGENDA EFFICIENT USE OF AUDIT COMMITTEES BRENT YOUNG, CPA JERRY GAITHER, CPA Best practices related to: Audit Committee Process Internal Audit Risk Management 2 AUDIT COMMITTEE PROCESS AND PROCEDURES Audit

More information

AUDIT COMMITTEE CHARTER

AUDIT COMMITTEE CHARTER AUDIT COMMITTEE CHARTER ORGANIZATION AND PURPOSE The Board of Directors (the Board ) of Nabors Industries Ltd. (the Company ) has established the Audit Committee of the Board to carry out the duties and

More information

Increasing External Auditor Reliance

Increasing External Auditor Reliance Increasing External Auditor Reliance Guiding Internal Auditors to realize the benefits of raising the bar on External Auditor Reliance. SOX Software Made Simple Table of Contents 1 Introduction 3 Factors

More information

METROPOLITAN TRANSPORTATION AUTHORITY

METROPOLITAN TRANSPORTATION AUTHORITY ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation

More information

Entity level controls Design/implementation 530 Page 1 of 9

Entity level controls Design/implementation 530 Page 1 of 9 Page 1 of 9 Entity Period ended Objective: To document the design and implementation of the following elements of internal control: Environment Assessment Financial Reporting (part of information systems)

More information

International Forum of Independent Audit Regulators Report on 2013 Survey of Inspection Findings April 10, 2014

International Forum of Independent Audit Regulators Report on 2013 Survey of Inspection Findings April 10, 2014 Executive Summary International Forum of Independent Audit Regulators Report on 2013 Survey of Inspection Findings April 10, 2014 This report summarizes the results of the second survey conducted by the

More information

4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.

4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents. Commitment to Good Corporate Governance 1. Ownership structure. Please provide a chart setting out the important shareholdings, holding companies, affiliates and subsidiaries of the company. If the company

More information

Third Party Risk Management ( TPRM ) Transformation

Third Party Risk Management ( TPRM ) Transformation Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement

More information

SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017

SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017 SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017 Pat Mitchell Managing Director Internal Audit, Risk, Business & Technology Consulting CHANGES IN THE COST AND SCOPE OF SOX COMPLIANCE

More information

Oversight of external auditors by the audit committee

Oversight of external auditors by the audit committee Oversight of external auditors by the audit committee MCCG Intended Outcome 8.0 There is an effective and independent Audit Committee. The board is able to objectively review the Audit Committee s findings

More information

Corporate Governor. Providing vision and advice for management, boards of directors and audit committees Winter 2015

Corporate Governor. Providing vision and advice for management, boards of directors and audit committees Winter 2015 Corporate Governor Providing vision and advice for management, boards of directors and audit committees Winter 2015 COSO 2013 framework boosts fraud risk assessment and prevention Fraud is among the most

More information

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE Committee of Sponsoring Organizations of the Treadway Commission Governance and Internal Control LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE By The Institute of Internal Auditors Douglas J. Anderson

More information

Internal Controls Integrating COSO

Internal Controls Integrating COSO Community Action Partnership 2016 Annual Convention August 30 September 2, 2016 Austin, TX J.W. Marriott Austin Internal Controls Integrating COSO Thursday, September 1, 2016 9:15 am 10:45 am Presented

More information

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively.

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively. CORPORATE GOVERNANCE- KING III COMPLIANCE Analysis of the application as at 24 June 2015 by Master Drilling Group Limited (the Company) of the 75 corporate governance principles as recommended by the King

More information

KING III COMPLIANCE ANALYSIS

KING III COMPLIANCE ANALYSIS Principle element No Application method or explanation This document has been prepared in terms of the JSE Listings Requirements and sets out the application of the 75 Principles of the King III Report

More information

The New 404 Balancing Act

The New 404 Balancing Act The New 404 Balancing Act Assessing Choices and Making the Right Decisions E Q S e c t i o n 1 Highlights of SEC Management Guidance On May 23, 2007, the Securities and Exchange Commission (SEC) unanimously

More information

February 23, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

February 23, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C. McGladrey & Pullen LLP Third Floor 3600 American Blvd West Bloomington, MN 55431 O 952.835.9930 February 23, 2007 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington,

More information

AGS 10. Joint Audits AUDIT GUIDANCE STATEMENT

AGS 10. Joint Audits AUDIT GUIDANCE STATEMENT AUDIT GUIDANCE STATEMENT AGS 10 Joint Audits This Audit Guidance Statement was approved by the Council of the Institute of Singapore Chartered Accountants (formerly known as Institute of Certified Public

More information

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010 Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29, 2010 1 Session Objectives Fraud Facts (2008 Association of Certified

More information

Audit Committee Annual Evaluation of the External Auditor

Audit Committee Annual Evaluation of the External Auditor Association of Audit Committee Members, Inc. Center for Audit Quality Corporate Board Member/NYSE Euronext Independent Directors Council Mutual Fund Directors Forum National Association of Corporate Directors

More information

PRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions

PRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions PRACTICE GUIDE Formulating and Expressing Internal Audit Opinions 2 of 23 Table of Contents 1. Executive Summary... 1 2. Introduction... 2 3. Planning the Expression of an Opinion... 3 3.1 Expressing an

More information

Internal controls over financial reporting

Internal controls over financial reporting Internal controls over financial reporting Outlining a program that meets stakeholder expectations kpmg.com After showing why a company s internal controls over financial reporting (ICOFR) program may

More information

ECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme

ECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme ECQA Certified Profession Governance SPICE Model used by the Internal Financial Control Assessor Training Programme Contact: János Ivanyos Memolux Ltd. +36 1 467403 ivanyos@memolux.hu www.training.ia-manager.org

More information