COSO Internal Control Integrated Framework Proposed Update

Similar documents
9/17/2017. An Overview of COSO s New Framework and Implementation Guidance SPEAKER. Laura Harden, CPA History

An Overview of the 2013 COSO Framework. August 2013

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

Introductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework.

Internal Control Integrated Framework. An IAASB Overview September 2016

Internal Control Integrated Framework. An IAASB Overview September 2016

Fraud Detection and Prevention

Internal Control Integrated Framework. May 2013

20 Years in the Making. Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework. Dr. Sandra Richtermeyer COSO Board Member

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

The New COSO Framework: Avoiding Deficiencies and Driving Change

2013 COSO Internal Control Framework Update. September 5, 2013

COSO Framework Update Webcast. May 23, 2013

FDICIA Reporting for Financial Institutions. Reporting Changes Under Part 363 and SAS 130

Central Florida Expressway Authority

Heads Up. Control Integrated Framework. COSO Enhances Its Internal. In This Issue: Enhancements in the 2013 Framework

AGA Gulf Region PDT COSO and the Green Book: An Enhanced Internal Control Framework

COSO 2013: Updated internal control framework

COSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions

A Discussion About Internal Controls February 2016

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

Community Bankers Conference

AUDITING. Auditing PAGE 1

Washington Metropolitan Area Transit Authority Board Action/Information Summary

Standards for Internal Control in New York State Government 2016 Update

The Updated COSO Internal Control Framework

SAMPLE BEC SuperfastCPA Review Notes

FINANCIAL INSTITUTIONS AUDIT COMMITTEE GUIDE FOR FINANCIAL INSTITUTIONS

DECISION. mb a5 EFSA Internal Control Framework. Internal Control Framework of the European Food Safety Authority. Decision No.

716 West Ave Austin, TX USA

38 Years of Excellent Client Service New COSO Model and How Internal Controls Help to Reduce Opportunity for Fraud

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017

Audit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Internal Control Questionnaire and Assessment

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

Auditing and Attestation (AUD) - Content Outline Effective January 2014

What Are Your Auditors Doing? Presented by Carrie Kennedy, Partner Travis Smith, Partner Moss Adams LLP

Session 7: Corporate Governance

Non-SEC Regulated Charter. Organization. Statement of Policy. Responsibilities

1. Definition & Mission

2013 New COSO 2013 Framework and Current Trends in Risk Management

Self Assessment Workbook

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

CABOT OIL & GAS CORPORATION AUDIT COMMITTEE CHARTER

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:

See your auditor clearly. Transparency report: How we perform quality audit engagements

John F. Buyce, CPA, CIA, CFE, CGFM Audit Director NYS OSC - State Government Accountability

Government Auditing Standards

Effective implementation of COSO s new anti-fraud guidance

Agenda 11/26/13. Updated COSO Framework

Internal Control Questionnaire and Assessment

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

An Update of COSO s Internal Control Integrated Framework. December 2011

EFFICIENT USE OF AUDIT COMMITTEES

Implementation Guides

What s happening at COSO & The importance of Tone at the Top

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF DROPBOX, INC.

COSO Internal Control Integrated Framework update. INTOSAI Subcommittee on Internal Control Standards

Group Internal Audit Charter

Understanding Internal Controls. Federal Highway Administration New Mexico Division

AMERICAN EXPRESS COMPANY AUDIT AND COMPLIANCE COMMITTEE CHARTER (as amended and restated as of September 26, 2017)

GATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

Is your ERP ready for COSO 2013?

PERFORMANCE REVIEW INTERNAL CONTROL REVIEW OF THE PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD S OFFICE OF CHIEF AUDITOR (IOPA )

B U S I N E S S R I S K M A N A G E M E N T L T D

Navigating the PCAOB s and SEC s internal control expectations A discussion. June 2015

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

EY Center for Board Matters. Leading practices for audit committees

Financial Internal Controls Initiative. Martha Kerner Assistant Vice Chancellor for Business Services

White Paper. Effective and Practical Deployment of COSO: Entity Level Control and Lessons Learned. July 10, 2008 THE ROBERTS COMPANY, LLC

The Ins and Outs: Audits Under FDICIA. Jennifer Gureckis and Kaylyn Landry BerryDunn February 27, 2018

CHARTER OF THE AUDIT COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION

Creating Business Value Through Optimized Compliance Practices

The most commonly applied model for designing and auditing internal

Internal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016

Internal Control at OSU COSO & Enterprise Risk Management. Oregon State University Board of Trustees Executive & Audit Committee Educational Session

BEST BUY CO., INC. AUDIT COMMITTEE CHARTER

Present and functioning: Fine-tuning your ICFR using the COSO update

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

Internal Control Program

The Bulletin. The Updated COSO Internal Control Framework: Frequently Asked Questions. Volume 5, Issue 3. What Hasn t Changed? So Why Change?

REPORT 2016/033 INTERNAL AUDIT DIVISION

LIQUEFIED NATURAL GAS LIMITED

Chapter 6 Field Work Standards for Performance Audits

METROPOLITAN TRANSPORTATION AUTHORITY

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Changes to The IIA Standards: What Board Members and Executive Management Need to Know

Self Assessment Workbook

Single Audit Update: Internal Control over Compliance and the GAO s Green Book. MSBO s 80 th Annual Conference April 19, 2018

FEDERAL HOME LOAN BANK OF INDIANAPOLIS CHARTER FOR THE AUDIT COMMITTEE

IAASB Main Agenda (July 2007) Page Agenda Item

Chatham-Kent Health Alliance. Internal Control Framework Assessment - Executive Summary

Transcription:

COSO Internal Control Integrated Framework Proposed Update Presented by: Dustin Birashk September 20, 2012 1

DISCLOSURE STATEMENT The material appearing in this presentation is for informational purposes only and is not legal or accounting advice. Communication of this information is not intended to create, and receipt does not constitute, a legal relationship, including, but not limited to, an accountant-client relationship. Although these materials may have been prepared by professionals, they should not be used as a substitute for professional services. If legal, accounting, or other professional advice is required, the services of a professional should be sought. 2

ABOUT MOSS ADAMS LLP Full-service public accounting firm with assurance, tax, and consulting services for middle-market public and private companies One of the 15 largest accounting firms in the U.S. and largest firm headquartered on the West Coast 22 offices in Arizona, California, Kansas, New Mexico, Oregon, and Washington Founded in 1913 and headquartered in Seattle, Washington Founding member of Praxity, a global alliance of accounting firms 3

PRESENTER Dustin Birashk, CPA Dustin has been in public accounting since 1999 and specializes in audits of financial institutions and financial services companies. Dustin is proficient in serving financial institutions. He is actively involved in the firm s Financial Services Group and is a frequent speaker at the firm s annual conferences and Moss Adams hosted webinars, and authors articles for MA Now and industry publications. Dustin received his BA in Business Administration from the University of Washington, and completes continuing education annually. He is a member of the Washington Society of Certified Public Accountants and the American Institute of Certified Public Accountants. 4

WHAT I DO WHEN I M NOT COUNTING BEANS 5

PRESENTATION OBJECTIVES Providing context Understanding why COSO is updating the framework Noting the key changes Reviewing the new proposed principles and points of focus Reviewing the timeline for the final framework and the current status 6

PRESENTATION OBJECTIVES Assuming that most of the revised framework stays the same, how might this impact your organization? How might this impact the way auditors approach your organization? What you can do to effect change? 7

COSO FRAMEWORK Who is familiar with the original COSO Framework from 1992? 8

PROVIDING SOME CONTEXT Article on the downfall of Washington Mutual as a backdrop for our discussion today Take a few minutes to read the article provided about the reasons for the collapse of Washington Mutual and identify/highlight some of the key control failures noted throughout the article 9

WHY THE CHANGE? COSO set out to update its nearly 20-year-old framework for new technology demands and capabilities, in addition to globalization Updated framework doesn t change core objectives or definitions, but specifies 17 guiding principles divided among the 5 components of internal control COSO believes that the updates will result in a more flexible, reliable, and cost-effective approach to controls 10

WHY THE CHANGE? COSO chair calls the updated framework a refresh Context is changed to recognize the current environment compared with 1992 o Governance much more important o Audit committees more important o Compensation committees more important o Technology is much different. No internet or prevalent email in 1992 o Business models have changed more complex Joint ventures Outsourcing 11

WHY THE CHANGE? COSO is also issuing new guidance in the form of the Internal Control Over External Financial Reporting Approaches and Examples o Exposure draft expected late 2012 or early 2013 o The focus of this will be to focus on internal controls specific to financial reporting objectives o Hot of the press update next slide Regulators were involved in this initiative o Representatives from the FDIC, GAO, IFAC, PCAOB, and SEC were invited as observers 12

HOT OF THE PRESS! COSO released their updated version of the proposed Internal Control Integrated Framework on September 18. COSO also released their exposure draft of Internal Control over External Financial Reporting: A Compendium The comment period for both items above ends November 20, 2012 13

WHAT ARE THE MAJOR CHANGES IN THE PROPOSED REFRESH? Adoption of a principles and points of focus approach in the framework to provide more detailed guidance for designing and assessing the effectiveness of internal control Clarifies the role of objective setting Reflects the increased relevance of technology Enhances governance concepts Recognizes that reporting extends far beyond just financial reporting Emphasizes the importance of compliance and operations objectives 14

WHAT ARE THE MAJOR CHANGES IN THE PROPOSED REFRESH? Enhances consideration of anti-fraud expectations More recognition that operations, compliance, reporting, and the need for internal control often cross boundaries of organizations and countries More detailed guidance of alternative ways in which an organization might implement a component of internal control and thus accomplish effective internal control Considers different business models and organizational structures Other changes at the component level that will be discussed later 15

WHAT ARE INTERNAL CONTROLS? NO CHANGE TO THE DEFINITION OF INTERNAL CONTROL Internal controls are policies and procedures that an entity puts in place to help ensure the entity meets its goals and objectives Controls relate to these areas: Operations Effective and Efficient Use of Resources Compliance Compliance with laws and regulations Reporting Preparation of Reporting 16 16

17 NEW PRINCIPLES Control Environment 5 principles Risk Assessment 4 principles Control Activities 3 principles Information and Communication 3 principles Monitoring Activities 2 principles 17

CONTROL ENVIRONMENT Commitment to integrity and ethics Oversight for internal control by the board of directors, independent of management Structures, reporting lines, and appropriate responsibilities in the pursuit of objectives established by management and overseen by the board A commitment to attract, develop, and retain competent individuals in alignment with objectives Holding individuals accountable for their internal control responsibilities in pursuit of objectives 18

COMMITMENT TO INTEGRITY AND ETHICS Board and management set the tone at the top Establishment of standards of conduct Evaluation of adherence to standards of conduct Address deviations in a timely manner 19

OVERSIGHT BY INDEPENDENT BOARD Establish Board of Directors oversight responsibilities Board retains or delegates oversight responsibilities Board applies relevant expertise Board operates independently Board guides, directs, and reviews the development and performance of the system of internal control 20

ESTABLISHES STRUCTURE, AUTHORITY, AND RESPONSIBILITY Considers all structures of the entity (operating units, legal entities, outsourced service providers) Establishes reporting lines Defines, assigns, and limits authorities and responsibilities 21

DEMONSTRATES COMMITMENT TO COMPETENCE Establishes policies and procedures Attracts, develops, and retains individuals Evaluates competence and addresses shortcomings Plans and prepares for succession 22

ENFORCES ACCOUNTABILITY Enforces accountability through structures, authorities, and responsibilities Establishes performance measures, incentives, and rewards Evaluates performance measures, incentives, and rewards for ongoing relevance Considers excessive pressures Evaluates performance and rewards or disciplines individuals 23

RISK ASSESSMENT Specifying objectives clearly enough for risks to be identified and assessed Identifying and analyzing risks to determine how they should be managed Considering the potential of fraud Identifying and assessing changes that could significantly impact the system of internal control 24

SPECIFYING CLEAR OBJECTIVES Considers tolerance for risk Reflects management s choices (structure, industry concentrations, etc.) Includes operations and financial performance goals Forms basis for committing of resources Complies with externally established standards, laws, and regulations Reflects the entity s activities 25

IDENTIFIES AND ANALYZES RISKS Involves appropriate levels and management Includes entity, subsidiary, division, operating unit, and functional level consider CUSOs Analyzes internal and external factors Estimates significance of risks identified Determines how to respond to risks 26

ASSESSES FRAUD RISK Considers various ways that fraud can occur Considers fraud risk factors Assesses incentives and pressures Assesses opportunities Assesses attitudes and rationalizations 27

IDENTIFIES AND ANALYZES SIGNIFICANT CHANGE Assesses changes in the external environment Assesses changes in the business model Assesses changes in leadership 28

CONTROL ACTIVITIES Selecting and developing controls that help mitigate risks to an acceptable level Selecting and developing general control activities over technology Deploying control activities as specified in policies and relevant procedures 29

SELECTING AND DEVELOPING CONTROL ACTIVITIES Integrates with risk assessment Determines relevant business processes Considers entity-specific factors Evaluates a mix of control activity types Considers at what level activities are applied Addresses segregation of duties 30

SELECTS AND DEVELOPS GENERAL CONTROLS OVER TECHNOLOGY Determines dependency between the use of technology in business processes and technology general controls Establishes relevant technology infrastructure control activities Establishes relevant security management process control activities Establishes relevant technology acquisition, development, and maintenance process control activities 31

DEPLOYS THROUGH POLICIES AND PROCEDURES Establishes policies and procedures to support deployment of management s directives Establishes responsibility and accountability for executing policies and procedures Performs using competent personnel Performs in a timely manner Takes corrective action Reassesses policies and procedures 32

INFORMATION AND COMMUNICATION Obtaining or generating relevant, high-quality information to support internal control Internally communicating information, including objectives and responsibilities, necessary to support the other components of internal control Communicating relevant internal control matters to external parties 33

USES RELEVANT INFORMATION Identifies information requirements Captures internal and external sources of data Processes relevant data into information Maintains quality throughout processing Considers costs and benefits 34

COMMUNICATES INTERNALLY Communicates internal control information with personnel Communicates with the Board of Directors Provides separate communication lines Selects relevant method of communication 35

COMMUNICATES EXTERNALLY Communicates to external parties Enables inbound communications Provides separate communication lines (think whistleblower) Communicates with the Board of Directors Selects relevant method of communication 36

MONITORING ACTIVITIES Selecting, developing and performing ongoing or separate evaluations of the components of internal control Evaluating and communicating deficiencies to those responsible for corrective action, including senior management and the Board of Directors, where appropriate 37

CONDUCTS ONGOING AND/OR SEPARATE EVALUATIONS Considers a mix of ongoing and separate evaluations Establishes baseline understanding Considers rate of change Uses knowledgeable personnel Integrates with business processes Objectively evaluates Adjusts scope and frequency 38

EVALUATES AND COMMUNICATES DEFICIENCIES Assesses results Communicates deficiencies to management Reports deficiencies to senior management and the Board of Directors Monitors corrective actions 39

FROM THE COSO BOARD What will preparers need to do differently under the updated framework? o Continue to look at their control structure and see if it lines up with the updated framework o May be some slight nuances and changes to make in order to line up with the 17 new principles, and in some cases some additional testing 40

FROM THE COSO BOARD What will boards and committees need to do differently? o Understand that internal control is not simply a compliance activity o Internal control is about achieving business and other objectives in an efficient and effective manner o May not just be financial reporting items o Think in terms of all of the 17 new principles 41

FROM THE COSO BOARD What will auditors need to do differently under the updated framework? o Attestation standards and their language may need to adapt to the new principles o Approach may need to be modified to ensure it aligns with new principles 42

WHY HAS THE REPORTING OBJECTIVE CHANGED? Reporting still encompasses financial reporting, but it now also encompasses nonfinancial reporting Covers both internal and external reporting There is a significant increase in reporting beyond just the numbers, and controls need to cover all aspects of reporting 43

TIMELINE Originally, COSO expected to release the updated framework in late 2012. Based on the amount of comments and feedback on the exposure draft, and concerns about possible implications for 2012 reporting, the release of the updated framework is expected in the first quarter of 2013. 44

TIMELINE How much feedback was received? o 97 comment letters o More than 100 responses to the online survey o Hundreds of additional ideas for consideration How does this impact you? o Parts of the updated framework will change from the exposure draft o Important to understand the exposure draft, but not go too far down the path of making any changes 45

SUMMARY OF REVISIONS IN REVISED DRAFT ISSUED SEPTEMBER 18, 2012 * OBTAINED FROM COSO POWERPOINT PRESENTATION FROM COSO WEBSITE 46

SUMMARY OF OTHER CONSIDERATIONS BASED ON COMMENT LETTERS * OBTAINED FROM COSO POWERPOINT PRESENTATION FROM COSO WEBSITE 47

SUMMARY OF OTHER CONSIDERATIONS BASED ON COMMENT LETTERS * OBTAINED FROM COSO POWERPOINT PRESENTATION FROM COSO WEBSITE 48

OVERVIEW OF EXAMPLE TOOLS FOR INTERNAL CONTROL * OBTAINED FROM COSO POWERPOINT PRESENTATION FROM COSO WEBSITE 49

ICEFR COMPENDIUM EXPOSURE DRAFT ISSUED SEPTEMBER 18, 2012 Types of financial reports Suitable objectives Judgment Overlapping objectives Deficiencies in internal control Smaller entities Approaches and examples 50

WHAT S MORE FUN THAN LISTENING TO A PRESENTATION ON INTERNAL CONTROLS? RIDING IN A WAGON, OF COURSE! 51

THANK YOU COSO Internal Control Integrated Framework Proposed Update Presented by: Dustin Birashk September 20, 2012 52

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback