2014 Integrated Internal Control Plan. FRCC Spring Compliance Workshop April 8-10, 2014
|
|
- Randell Armstrong
- 6 years ago
- Views:
Transcription
1 2014 Integrated Internal Control Plan
2 Contents Definitions Integrated Components of COSO Internal Control Framework The COSO Internal Control Framework and Seminole Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities Effective Internal Control: Present and Functioning Summary 2
3 Questions to Consider What are the benefits of adopting an Internal Control Framework? What are the functions of the Framework components? How do we know that an internal control program is Present and Functioning? 3
4 Introduction Basis of Seminole s 2014 Integrated Control Plan The Committee of Sponsoring Organizations of the Treadway Commissions (COSO) Internal Control Integrated Framework, 2013 version Provides direction for formation, implementation, and maintenance of an internal control program Enables organizations to effectively and efficiently develop and maintain systems of internal control Enhances likelihood of achieving entity objectives and to adapt to changes in business and operating environments 4
5 Introduction NERC Reliability Assurance Initiative (RAI) Purpose: Identify and implement, where appropriate, changes that enhance effectiveness of NERC CMEP Goal: Establishment of a risk based compliance monitoring policy and a mature CMEP by 2016 Benefit: Move away from zero-defect compliance audits Seminole Internal Control Plan is formalizing NERC RAI by adhering to: Current NERC RAI compliance principles Risk management framework Internal control best practices Goal: To complete implementation of internal control plan by end 2014 Be audit-ready under RAI for 2015 CIP and O&P audits 5
6 Definitions Internal Control (in context of NERC compliance) A method, affected by Seminole s Board of Trustees, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance Framework (from Merriam-Webster) The basic structure of something; a set of ideas or facts that provide support for something 6
7 Integrated Components of COSO Framework Principles-based approach to internal control composed of five integrated components Control Environment Monitoring Optimal Internal Control Risk Assessment Information and Communication Control Activities 7
8 Integrated Components of COSO Framework (cont d) Control Environment A set of standards, processes, management support, and structures that provide the basis for carrying out internal control Risk Assessment Involves a dynamic, iterative process for identifying and assessing risks to the BES and the achievement of compliance objectives Control Activities Actions established through technology, people, policies, and procedures that help ensure the implementation of management directives to mitigate risks (achieve compliance objectives) 8
9 Integrated Components of COSO Framework (cont d) Information and Communication Essential to carry out internal control responsibilities Management obtains or generates, and uses, relevant and quality information from both internal and external sources to support the functioning of other components of internal control Monitoring Activities Ongoing, periodic, or a combination of evaluation types used to determine whether each component of internal control is present, functioning, and integrative Ongoing internal control evaluations, built into business processes and work teams at different levels of Seminole, provide timely information as feedback 9
10 Integrated Components of COSO Framework (cont d) ENTERPRISE COMPLIANCE RISK MANAGEMENT ENVIRONMENT, SUPPORT AND MISSION 1. NERC STANDARD 7. ALL STANDARD AND REQUIREMENT-SPECIFIC INTERNAL CONTROLS 9. HUMAN ERROR PREVENTION INTERNAL CONTROL 12. ENTITY, ERO, RRO EXPERIENCE AND FEEDBACK 13. RSAW AUDIT NOTES AND ALL OTHER COMPLIANCE GUIDANCE 10. SITUATIONAL AWARENESS INTERNAL CONTROL 2. COMPLIANCE DOCUMENT MASTER INTERNAL CONTROL (CORPORATE COMPLIANCE) 3. PROCEDURES, PLANS PRACTICES, GUIDES, WORK INSTRUCTIONS (DOCUMENTED INTERNAL CONTROLS) (CORPORATE / DEPARTMENTS) 4. WORK ACTIVITIES, FUNCTIONS, TASKS 8. INTERNAL CONTROL IMPLEMENTATION, MONITORING, ANALYSIS AND EVALUATION SYSTEM (CONTROL OF CONTROLS) EXAMPLE: Role of Internal Controls Committee to review, analyze and evaluate. 11. TRAINING PROGRAM INTERNAL CONTROL 5. WORK ACTIVITIES, FUNCTIONS, TASKS: UNWANTED EVENT 6. EVENT REVIEW AND ROOT CAUSE ANALYSIS INTERNAL CONTROL 10
11 The COSO Internal Control Framework and Seminole For Seminole s management and the Board of Trustees, the COSO Framework provides the following: A consistent way to apply risk-based internal control to Seminole A principles-based approach providing flexibility and allowing for judgment in designing, implementing, and conducting internal control The requirements for an effective system of internal control A means to identify and analyze risks, and to develop and manage appropriate responses to risks A means to expand the application of internal control beyond financial reporting to other forms of reporting, operations, and compliance objectives A way to analyze and eliminate ineffective, redundant, or inefficient controls that provide minimal value in reducing risks 11
12 Control Environment Definition: A set of standards, processes, management support, and structures providing basis for carrying out internal control across Seminole Board of Trustees and senior management establish tone at the top Establish importance of internal control, including expected standards of conduct, with management reinforcement at various levels within Seminole Comprises several aspects Integrity and ethical values of Seminole Parameters that enable Board of Trustees to carry out governance oversight Organizational structure, with assignment of authority and responsibility Process for attracting, developing, and retaining competent individuals; and Rigor surrounding performance measures, incentives, and rewards to drive accountability for performance 12
13 Control Environment (continued) Control environment is governed by support from the top Establish comprehensive, board-approved Enterprise Risk & Compliance Policy Provide high-level direction for compliance and internal control activities Develop broadly representative advisory Internal Controls Committee as a periodic training and learning opportunity Should be composed of all compliance stakeholders, including Corporate Compliance Department staff and departmental compliance coordinators Should hold annual or semi-annual meetings, including Employee Information Meetings or Lunch and Learn presentations sponsored by the Corporate Compliance Department Should be presented with a periodic Corporate Compliance Department management update, with the use of Compliance Metric Dashboard Resulting control environment has a pervasive, enabling impact on overall system of internal control 13
14 Risk Assessment Definition: A dynamic and iterative process for identifying and assessing risks to the achievement of compliance objectives Risks are relative to established risk tolerances Risk assessment forms the basis for determining how risks will be managed Precondition to risk assessment: establishment of objectives Management specifies compliance objectives to enable identification and analysis of risks Management must consider how internal and external changes may cause internal control to be weak or ineffective 14
15 Risk Assessment (continued) Three categories of Risk severity Low Risk: Reserved for standard requirements with the least risk Frequency of review: Annually. As a minimum internal control, this level should require at least annual compliance reviews Criteria Violation or potential violation in previous audit, but mitigation is satisfactory with very little chance of recurrence New standard or requirement Developed, effective and verified internal controls Risk reduction - from High or Medium Risk 15
16 Risk Assessment (continued) Medium Risk: Reserved for more exceptional standard requirements where Seminole has low familiarity, demonstrated a control or compliance weakness, or the standard has a high violation profile in the industry Frequency of Review: Semi-annual compliance reviews Criteria New or significantly revised standard within the last audit period Violation in previous audit Potential violation in previous audit (Dismissed or FFT) Undeveloped or Ineffective internal controls Internal control failure, e.g., identified by event review Identified compliance degradation or improvement - moved from High or Low Risk 16
17 Risk Assessment (continued) High Risk: Reserved for the most exceptional standard requirements that might include a record of Seminole violation in a previous audit or as a result of internal control analyses indicating a weak internal control framework, thereby increasing risk to the BES Frequency of Review: Quarterly. The increased check-point periodicity augments in-depth review, but also guides Seminole into a higher degree of assurance that it can comply with the standard requirements Criteria New, or significantly revised, standard within the last audit period Violation in previous audit Potential violation in previous audit (Dismissed or FFT) No internal controls Undeveloped or Ineffective internal controls Internal control failure, e.g., identified by event review 17
18 Risk Assessment (continued) Relationship between Risk Assessment and Internal Controls Risk Assessment Approach and Results indicative directive consistent prioritizing iterative defining risk objective independent Internal Controls identified responsive coordinated systematic method dynamic mitigating risk objective dependent 18
19 Control Activities Definition: Actions established through technology, people, policies, and procedures that help ensure the implementation of management directives to mitigate risks (achieve compliance objectives) May encompass a range of manual and automated activities Compliance reviews Authorizations and approvals Verifications Reconciliations Process performance reviews 19
20 Control Activities (continued) Three types of controls Preventive Detective Corrective 20
21 Control Activities (continued) Preventive Control Proactive control designed to discourage noncompliance with Reliability Standards Example: Documented process requiring development and maintenance of training schedule Process would include all required training, and would be scheduled to ensure completion prior to dates required by the applicable reliability standard May be implemented by use of automated training tracking tool (notifies individual of scheduled training, reminds them to complete training, and notifies management to take action if training is not completed prior to the deadline) 21
22 Control Activities (continued) Detective Control Designed to find errors or irregularities and support effective compliance Example: Documented process requiring periodic review to identify any required training not completed as scheduled, as well as training not completed per reliability standard requirements Quarterly review of completed training records to identify individuals who have not completed training by the required deadline Documentation and utilization of an event review and root cause analysis process to determine cause and effects surrounding an unwanted event 22
23 Control Activities (continued) Corrective Control Designed to assess instances of noncompliance and return to a state of compliance Example: Automation of an Automatic Voltage Regulator (AVR) status indication Would cause an alarm in the Transmission Operator s Control Center indicating an AVR status change from Automatic to Manual on a particular generating unit Would provide notification to the TOP of an AVR status change within 30 minutes as required by VAR
24 Information and Communication Information is essential to carry out internal control responsibilities Management obtains or generates, and uses, relevant and quality information from both internal and external sources to support the functioning of other components of internal control Communication is the continual, iterative process of providing, sharing, and obtaining necessary information Internal: Enables personnel to receive clear message from senior management that control responsibilities must be taken seriously External: Enables inbound communication of relevant external information; also provides information to external parties in response to requirements and expectations 24
25 Information and Communication (continued) Enhancing information and communication Periodic evaluations of Seminole Corporate Compliance Department solicits feedback from compliance and internal control stakeholders within Seminole Information gained from training, combined with results of evaluations, adds substance to periodic self-assessments and potential corrective action plans Builds on components of Compliance Program Assessment Worksheet (CPAW) 25
26 Monitoring Activities Definition: Ongoing, periodic, or a combination of evaluation types used to determine whether each component of internal control is present, functioning, and integrative Ongoing internal control evaluations, built into business processes and work teams at different levels of Seminole, provide timely information as feedback Periodic evaluations Vary in scope and frequency depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations Results Evaluate findings against criteria established by Corporate Compliance Department, management, and Board of Trustees Communicate deficiencies to management / Board of Trustees as appropriate 26
27 Monitoring Activities (continued) Accomplish internal control monitoring through a standing Internal Controls Committee Review internal control program, processes, and outcomes every quarter (formally and continuously) Identify what works and where potential gaps might exist within the five integrated components Encourage informal feedback from management and subject matter experts Perform planned and periodic compliance reviews of NERC standard requirements Determine compliance with reliability standards Evaluate effectiveness of primary internal controls applied to each requirement 27
28 Monitoring Activities (continued) Develop a high-level document summarizing risk and controls Contains information for each reliability-related process Applicable NERC standard Description of risks and associated controls Description of plans for testing controls 28
29 Residual Risk (L, M, H) Control Function (Manual, Automatic) Frequency (Continuou s, Periodic) The COSO Internal Control Framework and Seminole: Monitoring Activities (continued) Process ID Reliability- Related Process Applicable NERC Standards Risk Descriptions Control Descriptions Control Type (Preventive, Detective, Corrective) Test Plans Test Assignment and Activity Record Date Due Date Performed Cross- Reference Generating Capacity Deficiency (Emergency Operations) EOP (Emergency Operations Planning), all requirements; EOP (Capacity and Energy Emergencies), all requirements 1.0 Failure to reduce electrical demand as necessitated by a regional generating capacity deficiency. 1.1 System Operations has a generating capacity deficiency plan which provides procedures to follow in the event of a capacity deficiency. 1.2 System Operations utilizes a formal root cause analysis (RCA) procedure in the event that an unwanted event occurs. Outcomes of the RCA can provide corrective controls. L P / D / C M P Corporate Compliance Department (CCD) verifies the annual review of System Operations Capacity Deficiency Plan. This includes adequacy and accuracy with respect to applicable NERC Standard Requirements CCD requests outcomes of RCA and verifies implementation of any corrective controls. Dr. Marc Lamoureux Flow Chart; Master List; Other work product 2.0 Failure to adequately respond to a generating capacity deficiency. 3.0 Failure to ensure that communications and associated actions with Member Systems are effectively coordinated during SECI's response to a generating capacity deficiency. 4.0 Appropriate actions not taken by SECI in coordination with its Member Systems. 2.1 Annual EOP Training is required for every System Coordinator which provides procedural review and simulated response to a capacity deficiency. 3.1 Annual EOP Training is required which provides procedural review and simulated response to a capacity deficiency. 3.2 Additionally, SECI and Member Systems conduct an annual capacity deficiency drill that provides a simulated response. Both training and annual drill activity provide formal assessments that can provide corrective controls. 4.1 Annual EOP Training is required which provides procedural review and simulated response to a capacity deficiency. 4.2 Additionally, SECI and Member Systems conduct an annual capacity deficiency drill that provides a simulated response. Both training and annual drill activity provide formal assessments that can provide corrective controls. L P M P CCD verifies that capacity deficiency training was conducted at least annually. L P / D / C M P CCD verifies that capacity deficiency training was conducted at least annually CCD reviews and verifies the application of any corrective controls identified in training or drill assessments. L P / D / C M P CCD verifies that capacity deficiency training was conducted at least annually CCD reviews and verifies the application of any corrective controls identified in training or drill assessments. Dr. Marc Lamoureux Dr. Marc Lamoureux Dr. Marc Lamoureux 29
30 Monitoring Activities (continued) Identifying processes, risks, controls, and refinement Business Need (E.g., Practice, Procedure) Business Process Workflow Risk Assessment Internal Controls NERC Standard Requirements Audit Approach Mature Workflow Compliance Document (e.g. Memo) Why we pass 30
31 Effective Internal Control: Present and Functioning Effective system of internal control reduces, to an acceptable level, the risk of not achieving a Seminole compliance objective Each of the five components and relevant principles of internal control must be present and functioning Present: components and relevant principles exist in the design and implementation of the system of internal control Functioning: components and relevant principles continue to exist in the operations and conduct of the system of internal control The five components of internal control operate together in an integrated and integrative manner 31
32 Effective Internal Control: Present and Functioning (continued) COSO Framework requires judgment Designing, implementing, and conducting internal control and assessing its effectiveness Use of judgment, within legal and regulatory boundaries, enhances management s ability to make better decisions about internal control Judgment cannot guarantee perfect outcomes 32
33 Summary of Seminole s Internal Control Plan Based on COSO Implements NERC RAI Implements the five integrated components of COSO and internal control Control Environment Risk Assessment (High, Medium, Low levels of risk severity) Control Activities (Preventive, Detective, Corrective) Information and Communication Monitoring Activities Goal: To complete implementation of internal control plan by end 2014 Be audit-ready under RAI for 2015 CIP and O&P audits 33
34 Links to additional resources NERC RAI Site The Committee of Sponsoring Organizations of the Treadway Commission (COSO) COSO Internal Control Executive Summary 34
35 Questions? 35
In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015
In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal
More informationPART 6 - INTERNAL CONTROL
PART 6 - INTERNAL CONTROL INTRODUCTION The A-102 Common Rule and OMB Circular A-110 (2 CFR part 215) require that non-federal entities receiving Federal awards (i.e., auditee management) establish and
More informationReliability Assurance Initiative. Sonia Mendonca, Associate General Counsel and Senior Director of Enforcement
Reliability Assurance Initiative Sonia Mendonca, Associate General Counsel and Senior Director of Enforcement Agenda Reliability Assurance Initiative (RAI) Overview 2015 ERO CMEP Implementation Plan Inherent
More informationCompliance Monitoring and Enforcement Program Implementation Plan. Version 1.7
Compliance Monitoring and Enforcement Program Table of Contents TABLE OF CONTENTS NERC Compliance Monitoring and Enforcement Program... 1 Introduction... 2 NERC Compliance Monitoring and Enforcement Program
More informationAssessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive
Assessment of the Design Effectiveness of Entity Level Controls Office of the Chief Audit Executive February 2017 Cette publication est également disponible en français. This publication is available in
More informationMETROPOLITAN TRANSPORTATION AUTHORITY
ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation
More informationREPORT 2016/033 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS
More informationAUDITING. Auditing PAGE 1
AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal
More informationBUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017
For Exams Scheduled After March 31, 2017 CPA EXAM REVIEW BUSINESS UPDATES AND ACADEMIC HELP Click on Community and Support at www.becker.com/cpa CUSTOMER SERVICE AND TECHNICAL SUPPORT Call 1-877-CPA-EXAM
More informationOPERATIONAL EXCELLENCE ACROSS THE ERO ENTERPRISE: Adding Value to the Compliance Monitoring and Enforcement Program
OPERATIONAL EXCELLENCE ACROSS THE ERO ENTERPRISE: Adding Value to the Compliance Monitoring and Enforcement Program A Discussion Paper By the Midwest Reliability Organization I. INTRODUCTION This discussion
More informationA Discussion About Internal Controls February 2016
A Discussion About Internal Controls February 2016 What we will cover today 001 Introductions 002 Defining Internal Controls 003 COSO Internal Controls Integrated Framework 004 Approach to Designing Internal
More informationSarbanes-Oxley Act of 2002 Can private businesses benefit from it?
Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? As used in this document, Deloitte means Deloitte Tax LLP, which provides tax services; Deloitte & Touche LLP, which provides assurance
More informationGATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA
GATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA Definition of Internal Controls COSO Internal Control Framework Internal Controls (2 CFR 200.303) Grantee responsibilities Awarding state agency
More informationCOSO 2013: Updated internal control framework
COSO 2013: Updated internal control framework Athens, 10 October 2013 Background COSO's structure and mission COSO 1 is a joint initiative of five sponsoring organizations - American Accounting Association
More informationEvaluating Internal Controls
A SSURANCE AND A DVISORY BUSINESS S ERVICES Fourth in the Series!@# Evaluating Internal Controls Evaluating Overall Effectiveness, Identifying Matters for Improvement, and Ongoing Assessment of Controls
More informationInternal Controls: Need Them, Have Them, Love Them
Internal Controls: Need Them, Have Them, Love Them Tiffany R. Winters, Esquire twinters@bruman.com Brustein & Manasevit Fall Forum 2010 Why Do We Have Internal Controls? The Federal Managers Financial
More informationAudit Project Process Overview 1/18/ Compliance and Audit Symposium. Agenda. How to Kick-start your. Audit Planning and Risk Assessment
2013 Compliance and Audit Symposium How to Kick-start your Audit Planning and Risk Assessment Jaime Jue, Associate Director, UC Berkeley David Meier, Manager Campus Audits, UC San Diego January 2013 Agenda
More informationStrengthening Your Enterprise Risk Management Process
Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise
More informationReview of Duke Energy Florida, LLC Internal Audit Function
Review of Duke Energy Florida, LLC Internal Audit Function MAY 2017 B Y A U T H O R I T Y O F The Florida Public Service Commission Office of Auditing and Performance Analysis Review of Duke Energy Florida,
More informationCOSO Internal Control Integrated Framework Proposed Update
COSO Internal Control Integrated Framework Proposed Update Presented by: Dustin Birashk September 20, 2012 1 DISCLOSURE STATEMENT The material appearing in this presentation is for informational purposes
More informationFraud Risk Management
Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization follow a specific risk management model? If so, which
More informationBP Wind Energy s Perspective on Internal Controls. Carla Holly, Regulatory Compliance Manager October 8, 2013
BP Wind Energy s Perspective on Internal Controls Carla Holly, Regulatory Compliance Manager October 8, 2013 BP Wind Energy BP Wind Energy is a principal owner and operator of wind power facilities with
More informationCompany LOGO C B T. An Educational Computer Based Training Program
C B T An Educational Computer Based Training Program The University of Texas at Dallas Compliance Training Effectively Controlling Risks Company Effectively Controlling Risks What is the purpose of this
More informationCOSO Updates and Expectations. IIA San Diego Chapter January 8, 2014
COSO Updates and Expectations IIA San Diego Chapter January 8, 2014 Agenda Overview of 2013 Internal Control-Integrated Framework and Companion Guidance 2013 Framework General Enhancements by Component
More information2013 COSO Internal Control Framework Update. September 5, 2013
2013 COSO Internal Control Framework Update September 5, 2013 Agenda 2013 COSO IC Framework Topic Minutes The update process 5 What is not changing / What is changing 5 The 17 principles and changes to
More informationInternal Control Questionnaire and Assessment
Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 30, 2017 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org
More informationThis charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.
CORPORATE AUDIT DEPARTMENT CHARTER PURPOSE This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department. The Institute of Internal Auditors
More informationAudit of Entity Level Controls
Unclassified Internal Audit Services Branch Audit of Entity Level Controls February 2014 SP-606-03-14E You can download this publication by going online: http://www12.hrsdc.gc.ca This document is available
More informationInternal Control Questionnaire and Assessment
Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 15, 2016 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org
More informationTABLE OF CONTENTS 1.0 INTRODUCTION...
Advisory Circular Subject: Quality Assurance Programs Issuing Office: Civil Aviation, Standards Document No.: AC QUA-001 File Classification No.: Z 5000-34 Issue No.: 01 RDIMS No.: 9376810-V14 Effective
More informationStrengthening Control and integrity: A Checklist for government Managers
Forum: Analytics and Risk Management Tools for Making Better Decisions Strengthening Control and integrity: A Checklist for government Managers By James A. Bailey The next contribution is based on a Center
More informationDeveloping an Integrated Anti-Fraud, Compliance, and Ethics Program
Developing an Integrated Anti-Fraud, Compliance, and Ethics Program Introduction Eric Feldman, CFE, CIG Affiliated Monitors, Inc. 2018 Association of Certified Fraud Examiners, Inc. CPE Information 2018
More informationInternal Audit Appendix: IIA Standards
Accountability Modules Internal Audit Appendix: IIA Standards Return to Table of ontents The following section provides additional detailed steps to examine when evaluating an internal audit function.
More informationInternal Control Systems
Internal Control Systems What are Internal Controls? Internal Controls are a set of rules, policies, and procedures a municipality can implement to provide reasonable assurances that: its financial reports
More informationIT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams
IT Audit at Brown A collaboration between the Information Technology and Internal Audit Teams Page 1 Agenda Objective Risk Management Overview Internal Audit at Brown IT Audit at Brown Frequently Asked
More informationUPMC POLICY AND PROCEDURE MANUAL. Links to policies referenced within this policy can be found in Section V.
UPMC POLICY AND PROCEDURE MANUAL POLICY: INDEX TITLE: HS-EC1800 Ethics & Compliance SUBJECT: Corporate Ethics & Compliance Program DATE: April 1, 2016 I. STATEMENT OF PURPOSE It is the policy of UPMC to
More informationCatching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010
Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29, 2010 1 Session Objectives Fraud Facts (2008 Association of Certified
More informationSOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT
RSA ARCHER AUDIT MANAGEMENT INTRODUCTION Internal audit departments are struggling to deliver strategic leadership, coordinated assurance and other services their stakeholders need, but this task isn t
More informationERM: Risk Maps and Registers. Performing an ISO Risk Assessment
ERM: Risk Maps and Registers Performing an ISO 31000 Risk Assessment Agenda Following a Standard? Framework First Performing a Risk Assessment Assigning Risk Ownership Data Management Questions? Following
More informationA. Introduction. B. Requirements. Standard PER System Personnel Training
A. Introduction 1. Title: System Personnel Training 2. Number: PER-005-1 3. Purpose: To ensure that System Operators performing real-time, reliability-related tasks on the North American Bulk Electric
More informationDeveloping an Integrated Anti-Fraud, Compliance, and Ethics Program
Developing an Integrated Anti-Fraud, Compliance, and Ethics Program Establishing an Effective Anti-Fraud, Compliance, and Ethics Function 2018 Association of Certified Fraud Examiners, Inc. Discussion
More informationHeads Up. Control Integrated Framework. COSO Enhances Its Internal. In This Issue: Enhancements in the 2013 Framework
June 10, 2013 Volume 20, Issue 17 Heads Up In This Issue: Enhancements in the 2013 Framework Effective Systems of Internal Control COSO Transition Guidance and Impact on Other COSO Documents Internal Control
More informationUsing the COSO Map. Unpublished Article By Larry Hubbard
Unpublished Article By Larry Hubbard Internal Control Integrated Framework published by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission How many times have we read articles
More informationEnterprise Risk Management: Developing a Model for Organizational Success. White Paper
Enterprise Risk Management: Developing a Model for Organizational Success White Paper January 2009 Overview Less than a decade ago, Enterprise Risk Management (ERM) was an unfamiliar concept. Today, the
More informationTop 35 Reasons You Need Contact Center Performance Management
Top 35 Reasons You Need Contact Center Performance Management February 2014 Sponsored by: - 1 - DMG Consulting LLC Table of Contents Introduction... 1 Real-Time and Historical CCPM... 1 Top Reasons to
More informationTransparency in the Workforce System Establishing Firewalls & Internal Controls
Transparency in the Workforce System Establishing Firewalls & Internal Controls Presented by the Today s Objectives Define internal controls Identify components of an internal control structure Discuss
More informationGulfstream Flight Test Safety Management System. Evaluation Tool Guidance
Gulfstream Flight Test Safety Management System Evaluation Tool Guidance Flight test presents unique hazards and elevated risk levels during the development and certification of aircraft and new systems.
More informationPART THREE: Work Plan and IV&V Methodology (RFP 5.3.3)
PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3) 3.1 IV&V Methodology and Work Plan 3.1.1 NTT DATA IV&V Framework We believe that successful IV&V is more than just verification that the processes
More informationHong Kong Deposit Protection Board
Hong Kong Deposit Protection Board Independent Assessment Program and Self-Declaration for Compliance with the Guideline on Information Required for Determining and Paying Compensation ( Program Guide
More information1/12/2016. Standards for Internal Control in the Federal Government. Standards for Internal Control in the Government
Standards for Internal Control in the Federal Government Internal Control through the Years Standards for Internal Control in the Government GAO s Revised Green Book 1 2 Why the Green Book? What s in the
More informationInternal Audit Report. Toll Operations Contract Management TxDOT Office of Internal Audit
Internal Audit Report Toll Operations Contract Management TxDOT Office of Internal Audit Objective To determine whether the Toll Operations Division (TOD) contract management structure is designed and
More informationStandard EOP Load Shedding Plans
A. Introduction 1. Title: Load Shedding Plans 2. Number: EOP-003-2 3. Purpose: A Balancing Authority and Transmission Operator operating with insufficient generation or transmission capacity must have
More informationInternal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC
Internal controls over Financial Reporting Key concepts Presentation by Jayesh Gandhi at WIRC Page 1 ICFR Key Concepts WIRC 28 May 2016 Agenda Scope and requirements Overview of internal controls as per
More informationAUDIT UNDP ENTERPRISE RISK MANAGEMENT SYSTEM. Report No Issue Date: 4 April 2014
UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNDP ENTERPRISE RISK MANAGEMENT SYSTEM Report No. 1181 Issue Date: 4 April 2014 Table of Contents Executive Summary i I. The ERM system in UNDP 1 II. Detailed
More informationSession 7: Corporate Governance
Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
More informationUNIVERSITY OF COLORADO DEPARTMENT OF INTERNAL AUDIT 2018 AUDIT PLAN As of June 1, 2017
UNIVERSITY OF COLORADO DEPARTMENT OF INTERNAL AUDIT 2018 AUDIT PLAN As of June 1, 2017 Table of Contents I. Purpose 1 II. Internal Audit s Role, Objectives and Operational Strategy 1 III. Challenges and
More informationInternal Audit Policy and Procedures Internal Audit Charter
Mission Statement Internal Audit Policy and Procedures Internal Audit Charter The mission of the Internal Audit Department is to provide independent and objective reviews and assessments of the business
More informationInternal Control Integrated Framework. May 2013
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
More informationMRO s CMEP Approach Ten-Year Retrospective and A Bright Future
MRO s CMEP Approach Ten-Year Retrospective and A Bright Future Sara Patrick, MRO Vice President, Compliance Monitoring and Regulatory Affairs Joint Standards and Compliance Committees Meeting August 3,
More informationInternal Audit Report. Contract Administration: 601CT Contracts TxDOT Internal Audit Division
Internal Audit Report Contract Administration: 601CT Contracts TxDOT Internal Audit Division Objective Review contract administration and governance of 601CT contracts for structural compliance with laws
More informationPresent and functioning: Fine-tuning your ICFR using the COSO update
Present and functioning: Fine-tuning your ICFR using the COSO update November 2014 With the COSO s 1992 Control Framework being superseded by the 2013 updated edition on December 15, 2014, now is the time
More informationEFFICIENT USE OF AUDIT COMMITTEES
AGENDA EFFICIENT USE OF AUDIT COMMITTEES BRENT YOUNG, CPA JERRY GAITHER, CPA Best practices related to: Audit Committee Process Internal Audit Risk Management 2 AUDIT COMMITTEE PROCESS AND PROCEDURES Audit
More informationERO Enterprise Inherent Risk Assessment Guide
ERO Enterprise Inherent Risk Assessment Guide October 2014 I Table of Contents Introduction... ii Revision History... ii 1.0 IRA Introduction...1 1.1 IRA Role within the Overall Risk-Based Compliance Oversight
More informationAN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org PRELIMINARY STAFF VIEWS AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL
More information26th Annual Health Sciences Tax Conference
26th Annual Health Sciences Tax Conference Driving greater tax function effectiveness and December 5, 2016 Disclaimer EY refers to the global organization, and may refer to one or more, of the member firms
More informationWORK PLAN AND IV&V METHODOLOGY Information Technology - Independent Verification and Validation RFP No IVV-B
1. Work Plan & IV&V Methodology 1.1 Compass Solutions IV&V Approach The Compass Solutions Independent Verification and Validation approach is based on the Enterprise Performance Life Cycle (EPLC) framework
More informationInternal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016
New perspectives as per Companies Act 2013 and CARO 2016 1 Contents: Background Meaning of IFC IFC on Financial Reporting Why IFC? Regulatory mandate Role of various authorities Components of IFC IFC under
More information15 Benefits of a Revenue Assurance Solution
Achieving Sarbanes-Oxley Compliance: 15 Benefits of a Revenue Assurance Solution A WeDo Technologies white paper Contents Contents... 2 1 References... 4 2 Introduction... 5 3 Sarbanes-Oxley... 5 4 Key
More informationProtecting Fixed Assets: Internal Controls for Non Profits
Protecting Fixed Assets: Internal Controls for Non Profits 25 September 2012 Community Sector Council Newfoundland and Labrador (CSC) Darlene Scott, Senior Program Associate darlenescott@cscnl.ca www.communitysector.nl.ca
More informationWhite Paper. Effective and Practical Deployment of COSO: Entity Level Control and Lessons Learned. July 10, 2008 THE ROBERTS COMPANY, LLC
THE ROBERTS COMPANY, LLC Compliance Services: IT and Business Processes 3394 Holly Oak Lane, Escondido, CA 92027 TEL: 760.550.2160 * FAX 760.839.2160 E-mail: robertputrus@therobertsglobal.com http://www.therobertsglobal.com/
More informationGuidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )
More informationComparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)
Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining) Topic AS No. 5 AS No. 2 Objective of ICFR Audit Planning the ICFR Audit Integration
More informationBrent Read Compliance Engineer - Enforcement. NERC PER Standards January 29, 2013 Compliance User Group
Brent Read Compliance Engineer - Enforcement NERC PER Standards January 29, 2013 Compliance User Group 2 Personnel, Training, and Qualifications System Operators are single handedly the most important
More informationPeriodic Review Template INT Implementation of Interchange
INT-009-2.1 Implementation of Interchange Executive Summary The Subject Matter Expert (SME) stakeholder team completed an initial comprehensive review of INT- 009-2.1 Implementation of Interchange. The
More information[RELEASE NOS ; ; FR-77; File No. S ]
SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting
More information2018 ERO Enterprise Compliance Monitoring and Enforcement Implementation Plan
2018 ERO Enterprise Compliance Monitoring and Enforcement Implementation Plan Version 2.0 November 2017 NERC Report Title Report Date I Table of Contents Revision History... iv Preface... v Introduction...
More informationECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme
ECQA Certified Profession Governance SPICE Model used by the Internal Financial Control Assessor Training Programme Contact: János Ivanyos Memolux Ltd. +36 1 467403 ivanyos@memolux.hu www.training.ia-manager.org
More informationInternal Audit Charter
Internal Audit Charter September 2017 1. Policy The EIF function responsible for the performance of internal audit ( Internal Audit or IA ) shall perform internal audit services pursuant to the terms of
More informationCompliance Monitoring and Enforcement Program Standards and Guidance
Compliance Monitoring and Enforcement Program Standards and Guidance This document is based on the standards found in the Yellow Book of the United States Government Accountability Office, produced by
More informationStandard EOP System Restoration from Blackstart Resources
A. Introduction 1. Title: System Restoration from Blackstart Resources 2. Number: EOP-005-2 3. Purpose: Ensure plans, Facilities, and personnel are prepared to enable System restoration from Blackstart
More informationBank of Botswana Internal Audit Charter March 18, 2013 INTERNAL AUDIT CHARTER BANK OF BOTSWANA
INTERNAL AUDIT CHARTER BANK OF BOTSWANA 1 CONTENTS PAGE 1. PURPOSE OF THE INTERNAL AUDIT CHARTER 3 2. PURPOSE OF THE INTERNAL AUDIT DIVISION 3 3. POLICY STATEMENTS 3 3.1 Establishment of the Internal Audit
More informationCITY OF CORPUS CHRISTI
CITY OF CORPUS CHRISTI CITY AUDITOR S OFFICE Audit of Purchasing Program Project No. AU12-004 September 20, 2012 City Auditor Celia Gaona, CIA CISA CFE Auditor Nora Lozano, CIA CISA Executive Summary In
More informationPrince William County Public Schools Annual Audit Plan
Prince William County Public Schools 2011 Annual Audit Plan Office of Internal Audit Vivian Calkins-McGettigan, MBA, CPA, CPFO Chief Internal Auditor Table of Contents Foreword 3 Introduction to the Office
More informationEnterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.
Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, 2017 3:45 p.m. 4:45 p.m. Presented by: Marc Winkler Director P&G Associates 646 Highway 18 East Brunswick, NJ 08816 P: 877-651-1700
More informationBeyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404
Beyond Compliance Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404 Note to Readers Regarding This First Edition April 2003: This document was published
More informationDepartment of Navy Audit Update
Department of Navy Audit Update Northern Virginia Chapter Association of Government Accountants April 28, 2017 Victoria Crouse, Chief Strategy Officer Agenda What We ve Done Journey to Date: Key Milestones
More informationOrganizational Governance: Guidance for Internal Auditors. - July
Position Paper Organizational Governance: Guidance for Internal Auditors - July 2006 - The Institute of Internal Auditors, 247 Maitland Avenue, Altamonte Springs, Florida 32701-4102, USA http://www.theiia.org
More informationQuality Assurance and Improvement Program (QAIP)
Quality Assurance and Improvement Program (QAIP) Presenters: Lori Carmichael, CPA Rafael Guijarro, CPA Florida Michigan North Carolina Texas Insight. Oversight. Foresight. Class Overview Overview- QAIP
More informationInternal Audit of Compensation and Benefits
Internal Audit of Compensation and Benefits Office of the Chief Audit and Evaluation Executive Audit and Assurance Services Directorate June 2010 Cette publication est également disponible en français.
More informationIMPLEMENT A PIPELINE SMS
GROUP HOW TO IMPLEMENT A PIPELINE SMS AN INTRODUCTORY GUIDE WITH IMPLEMENTATION SUGGESTIONS AND STRATEGIES 3 2 YOUR GUIDE TO IMPLEMENTATION. An Introductory Guide on How to Implement Pipeline SMS Implementing
More informationAudit of the Management of Projects within Employment and Social Development Canada
Unclassified Internal Audit Services Branch Audit of the Management of Projects within Employment and Social Development Canada February 2014 SP-607-03-14E Internal Audit Services Branch (IASB) You can
More informationEffective implementation of COSO s new anti-fraud guidance
Effective implementation of COSO s new anti-fraud guidance In September 2016, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a new Fraud Risk Management Guide (Anti-fraud
More information1. Definition & Mission
1. Definition & Mission 1.1 Internal Auditing is an independent, objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of. 1.2 Group Internal
More informationCIP Cyber Security - Supply Chain Risk Management. A. Introduction
A. Introduction 1. Title: Cyber Security - Supply Chain Risk Management 2. Number: CIP-013-1 3. Purpose: To mitigate s to the reliable operation of the Bulk Electric System (BES) by implementing security
More informationNYSARC/CP Compliance Seminar: Risk Assessments. May 2, 2016 Robert Hussar and Melissa Zambri
NYSARC/CP Compliance Seminar: Risk Assessments May 2, 2016 Robert Hussar and Melissa Zambri rhussar@barclaydamon.com mzambri@barclaydamon.com Agenda Introductions Compliance Risk Assessment Process OMIG
More informationARCHIVED Audit of Risk Management
NATIONAL RESEARCH COUNCIL CANADA ARCHIVED Audit of Risk Management This PDF file has been archived on the Web. Archived content Information identified as archived on the Web is for reference, research
More informationPractice Guide ASSESSING ORGANIZATIONAL GOVERNANCE IN THE PUBLIC SECTOR
Practice Guide ASSESSING ORGANIZATIONAL GOVERNANCE IN THE PUBLIC SECTOR OCTOBER 2014 Table of Contents Executive Summary... 1 Introduction... 1 Public Sector Characteristics... 4 Public Sector Structure...
More informationFREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING
FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING Nature and Timing of the Reporting Requirement When must registrants begin to report on internal control over financial reporting?
More informationCIP Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-5 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and
More informationERO Enterprise Compliance Auditor Manual & Handbook Florida Reliability Coordinating Council, Inc. Spring Workshop April 8-10, 2014
ERO Enterprise Compliance Auditor Manual & Handbook Florida Reliability Coordinating Council, Inc. Spring Workshop April 8-10, 2014 1 Presentation Team Andrew Williamson, FRCC Adina Mineo, NERC Agenda
More information