COSO Internal Control Integrated Framework update. INTOSAI Subcommittee on Internal Control Standards

Similar documents
COSO s ICIF Update. Discussion with PCAOB s Standing Advisory Group. March 24, 2011

An Update of COSO s Internal Control Integrated Framework. December 2011

Internal Control Integrated Framework. An IAASB Overview September 2016

COSO 2013: Updated internal control framework

Internal Control Integrated Framework. May 2013

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

A Discussion About Internal Controls February 2016

The Updated COSO Internal Control Framework

STANDING ADVISORY GROUP MEETING

2013 COSO Internal Control Framework Update. September 5, 2013

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017

The IPPF in How changes to The IIA s guidance framework can benefit internal auditors and SAIs

COSO Framework Update Webcast. May 23, 2013

Fraud Risk Management

COSO Internal Control Integrated Framework Proposed Update

AUDITING. Auditing PAGE 1

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

Conducting an Audit Committee Self-Evaluation: Guidelines and Questions

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

The 2013 COSO Framework & SOX Compliance

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update

summary summary summary summary

Brink's Modern Internal Auditing

The New COSO Framework: Avoiding Deficiencies and Driving Change

Protecting Fixed Assets: Internal Controls for Non Profits

That Was Then, This Is Now. COSO Updates its 1992 Classic Internal Control-Integrated Framework

Strengthening Control and integrity: A Checklist for government Managers

June 2016 Issue 05/2016

SOX FOR NPO S Focus on Control. Stephen L. Kuptz, CPA

EFFICIENT USE OF AUDIT COMMITTEES

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Including International Financial Reporting Standards (IFRS)

COSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions

Enterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.

IIA 2015 Worldwide survey of 15,000 internal auditors

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

REPORT 2016/033 INTERNAL AUDIT DIVISION

DeVry Approach to ERM

Terms of Reference Governance Committee

Informal Consultation on Oversight Matters. September 2017

COMPLIANCE AT LARGER INSTITUTIONS. November 11 13, Robert F. Roach Chief Compliance Officer New York University

Session 7: Corporate Governance

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.

Tools & Techniques II: Lead Auditor

Effective implementation of COSO s new anti-fraud guidance

For the first time in the history of corporate financial reporting and. Management Reporting on Internal Control. Use of COSO 1992 in.

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards

METROPOLITAN TRANSPORTATION AUTHORITY

Corporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14

Should boards and CEOs care about COSO ERM 2017? By Tim J. Leech

World Anti Corruption Forum

Business Context of ISO conform Internal Financial Control Assessment

White Paper. Effective and Practical Deployment of COSO: Entity Level Control and Lessons Learned. July 10, 2008 THE ROBERTS COMPANY, LLC

What We Will Cover Today

Heads Up. Control Integrated Framework. COSO Enhances Its Internal. In This Issue: Enhancements in the 2013 Framework

Changes in the IIA Standards: New Requirements for Internal Audit Functions

From Dubai to Beijing

2012 IIA Standards Update

Quality Assessments what you need to know

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

ECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme

Charter for Enterprise Risk Management

Changes in the IIA Standards: New Requirements for Internal Audit Functions

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Enterprise Risk Management 2016

Group Internal Audit Charter

An Overview of the 2013 COSO Framework. August 2013

[RELEASE NOS ; ; FR-77; File No. S ]

This elective module on internal auditing aims to provide students with an in-depth understanding of internal auditing in organisations.

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Present and functioning: Fine-tuning your ICFR using the COSO update

SIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure

CHAPTER 15: ENTERPRISE RISK MANAGEMENT - SUPPLEMENTAL MATERIAL

PART 6 - INTERNAL CONTROL

COSO Internal Control Integrated Framework Public Exposure Feedback Questions, December 2011

August 14, Dear Ms. Gula:

Corporate Governance and Financial Markets

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

Practice Advisory : Quality Assurance and Improvement Program

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

a GAO G GAO Government Auditing Standards July 2007 Revision By the Comptroller General of the United States

Policy and Procedures Date: November 5, 2017

1. Definition & Mission

Adding Value by Proactively Managing Departmental Risks

IT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams

NYSARC/CP Compliance Seminar: Risk Assessments. May 2, 2016 Robert Hussar and Melissa Zambri

Self Assessment Workbook

Managing the Business Risk of Fraud: A Practical Guide

The Future of Internal Auditing:

Audit of Entity Level Controls

External Quality Assessment of the Internal Audit Activity at. County of Orange. April County of Orange Final Report: June 13,

SAS Teleconference

Independent Formative Evaluation of the World Health Organization

Dena Jansen, CPA Partner Maxwell Locke & Ritter LLP

INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

IFAC Ethics Committee Meeting Agenda Item 6 February 2005 New York, United States

Transcription:

COSO Internal Control Integrated Framework update INTOSAI Subcommittee on Internal Control Standards Cees Klumper RA MBA CIA Member of the COSO Advisory Council Chief Risk Officer of the Global Fund to Fight AIDS, Tuberculosis and Malaria Director Internal Audit of the Global Alliance for Vaccines and Immunisation About COSO Formed in 1985 to sponsor a Commission to examine fraudulent financial reporting A joint initiative of five private sector organizations Sponsors: American Accounting Association (AAA) American Institute of Certified Public Accountants Financial Executives International Institute of Management Accountants The Institute of Internal Auditors 2

Mission To provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations. 3 4 COSO s Fundamental Principle Good risk management and internal control are necessary for long term success of all organizations 4

Timeline 1987: Treadway Commission Report 1996: Internal Control Issues in Derivatives 2004: Enterprise Risk Management Framework 2010: Fraud StudyII- Fraudulent Financial Reporting: 1998-2007 2009: Guidance on Monitoring Internal Control Systems 1985 1990 1995 2000 2005 2010 1992: Internal Control Framework 1999: Fraud StudyI- Fraudulent Financial Reporting: 1987-1997 2006: Guidance for Smaller BusinessesonInternal Control over Financial Reporting 2010-2011: Recent ERM thought papers on current issues 5 COSO Internal Control Framework First published in 1992 Gained wide acceptance following financial control failures of early 2000 s Most widely used framework in the US Also widely used around the world Monitoring Control Activities Risk Assessment Information and Communication Control Environment 6

Key Concepts Timeless A process, effected by people that provides reasonable assurance about achievement of objectives Five components: 1. Control environment 2. Risk assessment 3. Control Activities 4. Monitoring 5. Information and communication 7 The update -who is involved COSO Board of Directors PricewaterhouseCoopers Project Team COSO Advisory Council AICPA AAA IIA FEI IMA Regulatory Observers Public Accounting Firms Others (IFAC, GAVI Alliance, ISACA) Companies & Other Stakeholders Industry Associations Academia Not-for-profit, Governmental Agencies Professional Associations Risk Management Professionals Lawyers Regulators Other rule-makers 8

Overview of Project Plan & Timetable 2010 2011 2012 Sept Jan Feb - Oct Dec -March Jan - Oct Assess and Envision Design & Build Public Exposure Finalize 9 Obtaining Input: ICIF Survey of Stakeholders Over 700 responses From a wide range of organizations and individuals Large, small and non-profit organizations well represented 1 in 4 respondents from outside the United States (27%) Most respondents have been using the Framework for over 5 years Overall, a large majority of respondents support updating, but not a major overhaul in the Framework 10

Areas of ICIF Update Key Themes 1. Reflect implication of increased use of technology and greater complexity of operational environment 2. Incorporate lessons learned from SOX and cost/benefit considerations 3. Capture increased ethics, compliance and anti-fraud expectations 4. Broaden the scope of reporting beyond external financial reporting 5. Enhance the concept of risk oversight and role of risk assessment 6. Reflect expanded governance roles in organizations 11 Areas of ICIF Update Envisioned (cont.) Key Themes 7. Clarify and simplify language 8. Apply a more principles-based approach and provide basis for evaluating control effectiveness 9. Increase practical guidance to supplement the conceptual framework 10. Balance discussion of financial reporting with operations and compliance 11. Discuss performance management and incentives 12. Reduce US-centric perception of the Framework 12

Making it easy to apply in practice 5 Components 1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information & Communication 17 Principles 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Establishes accountability 6. Specifies relevant objectives 7. Identifies and assesses risk 8. Identifies and assesses significant change 9. Assesses fraud risk 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Generates relevant information 14. Communicates internally 15. Communicates externally 82 Attributes 21 19 16 15 5. Monitoring Activities 16. Conducts ongoing and, possibly, separate evaluations 17. Evaluates and communicates deficiencies 11 13 In addition to the Internal Control Integrated Framework Compendium of Approaches and Examples for Internal Control over Financial Reporting (2013) ICIF Evaluation Tools (2013) Monitoring Guidance (2009) ERM Framework (2004) 14

Food for thought INTOSAI comment letter submitted last month Decision not to combine ERM and Internal Control frameworks A good framework is getting better but what about the application in practice? What would ideal cooperation with COSO look like? 15

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback