SlideShare une entreprise Scribd logo

Top 10 lessons learned from COSO 2013 Implementation

Amit Bhargava
Amit Bhargava

Please refer the TOP 10 lessons learned from COSO 2013 Implementation. I do hope that readers will find this stuff informative and enjoyable and implement the lessons learned in their respective Organizations. Thanks to Protiviti team !!!!!!

Technologie
1  sur  37
Télécharger pour lire hors ligne
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 1 Protiviti Webinar: Top Ten Lessons Learned From Implementing COSO 2013
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 2 Housekeeping Items… Following the webinar, all attendees will receive a link to a copy of the presentation and recording. If you are experiencing technical difficulties during the webcast, let us know by submitting a question within the webinar screen. Please provide your email address for a swift reply. If you are having trouble hearing the audio through the computer, separate phone lines are available. International +1 734 385 2579 United States +1 855 707 0664 Conference ID 26627554
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 3 We are issuing 1.5 CPE credit for this presentation. To be eligible to receive CPE credit, please: • Answer five (5) out of the six (6) polling questions throughout the duration of this webinar. • Qualifying participants will receive their CPE certificates via e-mail within 4 weeks of the webinar • In the resources area, you can access the following: • Download The Updated COSO Internal Control Framework: Frequently Asked Questions • Download The Bulletin: Top 10 Lessons Learned from Implementing COSO 2013 • Register for the May 21st webinar The New Revenue Recognition Rules: Systems, Data, Reporting and a Transparent Audit Trail Trouble hearing the audio through the computer? Dial in! Phone: +1 855 707 0664, Conference ID: 26627554 CPE Credits and Supplemental Information
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 4 Jim DeLoach is a Managing Director in Protiviti’s Houston office. He has served on the COSO Advisory Council with respect several COSO projects since 2002, the most recent project being the Internal Control – Integrated Framework Update. He has worked with, and delivered numerous presentations on risk management to, hundreds of companies and groups in 30 countries. He writes Protiviti’s Flash Reports, The Bulletin and Board Perspectives: Risk Oversight. In addition, he writes a monthly blog on the online magazine of the National Association of Corporate Directors and a monthly column for Corporate Compliance Insights. He also wrote all four editions of Guide to the Sarbanes- Oxley Act: Internal Control Reporting Requirements. E-mail: Jim.DeLoach@protiviti.com Jim DeLoach, Managing Director, Houston Today’s Speakers Trouble hearing the audio through the computer? Dial in! Phone: +1 855 707 0664, Conference ID: 26627554
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 5 Keith Kawashima is a Managing Director in Protiviti’s Silicon Valley office. Keith has over 25 years of experience in finance and accounting including 15+ years with Protiviti/Arthur Andersen’s Internal Audit practice and more than 10 years corporate experience in both Finance and Operations prior to joining Protiviti. He has been involved in all aspects of a company’s internal audit function from establishing a charter and developing a risk-based internal audit plan, to developing and executing work programs, through reporting at the audit committee and board level. E-mail: Keith.Kawashima@protiviti.com Keith Kawashima, Managing Director, Northern California Today’s Speakers Trouble hearing the audio through the computer? Dial in! Phone: +1 855 707 0664, Conference ID: 26627554
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 6 Shari Katz leads training and methodology development for Protiviti’s Internal Audit Solution and is based in Chicago. She develops curriculum and methodology, and facilitates knowledge management activities for the global internal audit practice. She has 20 years of experience in internal audit at Protiviti and Arthur Andersen. Her experience includes broad internal audit activity, from risk assessments and internal audit plan development to execution of audits and reporting of findings. It also includes Sarbanes Oxley compliance activities from establishing a first year project to supporting an ongoing program. She began her career in Andersen’s external audit practice. She is a CPA, CIA, CRMA and CGMA. E-mail: Shari.Katz@protiviti.com Shari Katz, Program Manager, Internal Audit Methodology and Training, Chicago Today’s Speakers Trouble hearing the audio through the computer? Dial in! Phone: +1 855 707 0664, Conference ID: 26627554
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 7 Grounding Concepts Additional Resources Top 10 Lessons Learned Today We Will Cover… Trouble hearing the audio through the computer? Dial in! Phone: +1 855 707 0664, Conference ID: 26627554
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 8 Grounding Concepts
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 9 COSO Internal Control - Integrated Framework COSO Cube (2013 Edition)* Source: Chapter 2 of COSO Internal Control: Integrated Framework (2013). • The COSO 2013 Framework is a suitable framework for evaluating the effectiveness of internal control over financial reporting (ICFR) • COSO no longer supports the 1992 Framework • The majority of 12/31 issuers have completed the transition from the 1992 Framework to the 2013 Framework
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 10 Importance of a Top-Down, Risk-Based Approach Still Applicable with the Implementation of the 2013 COSO Framework Important for Setting Scope and Objectives Not Employing this Approach Could Result in Going Overboard with Testing and Documentation
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 11 Top 10 Lessons Learned from Implementing COSO 2013
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 12 Lesson #1 Meet with Your Auditor Early and Often 2014 2015 Q1 Q2 Q3 Q4 Q1 Develop project plan & inventory existing documentation Perform COSO 2013 Mapping Update process documentation as necessary Document and/or design controls for COSO 2013 gaps Perform phase I testing of key controls Perform phase II testing of key controls Perform year end testing of key controls including annual controls. Final gap remediation assessment, including significance of open gaps (any warranting an MW or SD) Refresh Internal Audit infrastructure Perform / Execute Internal Audit Work program for selected Internal Audits Assess significance of remaining gaps, if applicable. Finalize prior year audit Discussions with management to evaluate prior year audit cycle and plan current year audit cycle Perform Phase I testing of key controls Perform Phase II testing of key controls External Audit will perform year end substantive audit procedures Discussions with management to evaluate prior year audit cycle and plan current year audit cycle Phase I – Planning and Scoping Phase II – Assess/Analyze Design Effectiveness Phase III – Implement/Assess Operational Effectiveness Phase IV – Monitoring/Testing/Remediation External Auditor Checkpoints Internal Auditor Oversight Checkpoints SOX IA CPA Firm
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 13 Lesson #1 (continued) Upfront Planning Discussions Significant changes to your company Current focus areas of external audit • Mergers/acquisitions • Discontinued operations • Changes to organization hierarchy • Key management judgments and accounting estimates • Accounting policies • Changes to internal controls • Changes to IT infrastructure • Changes in third party relationships • PCAOB inspection results • Areas of focus for the year • Peer review results • New accounting standards • Updated disclosure requirements • Changes in audit procedures / methodology • COSO 2013 transition
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 14 Lesson #1 (continued) Areas requiring review and agreement as part of effective planning: • COSO 2013 mapping approach and format • Scoping and materiality • Approach to: ‒ Multi-locations / site visits ‒ Inventory counts ‒ Review of out-sourced third party providers ‒ Application controls testing ‒ Controls over / validation of EAE / IPE ‒ One-time transactions ‒ Year-end cut-off and roll-forward procedures • Walkthrough performance • Deliverables • Reliance on the work of others (e.g. internal audit) • Use of specialists – areas of judgment • Areas requiring consultations
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 15 Lesson #2 Establish an Effective and Relevant Mapping Approach • Identify whether the point of focus applies to the organization • Identify the key controls at the top level that relate to the point of focus, and the control unit where they reside • Evaluate design effectiveness at two points – at the design of the control itself, and then overall design effectiveness at the principle level • Evaluate operating effectiveness • Track and manage deficiencies • Write a memo outlining the approach the company took Orientation Planning Assessment Remediation
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 16 Lesson #2 (Continued) There is no one-size-fits-all solution for mapping controls to the 17 principles. The size, complexity, risks and operating style of each organization will have an impact on the process. • Level of Effort depends on ‒ The level of depth of prior entity level documentation ‒ The extent of testing previously performed on entity level documentation ‒ The accuracy and robustness of the controls documented
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 17 Lesson #2 (Continued) Extent of Gaps include: • Some controls need to be more robust • Some controls exist but were not documented for SOX • Some controls need to be built to address a gap • Deficiencies in entity level controls have an indirect connection to ICEFR, but need to be remediated in order to prevent them evolving into larger issues
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 18 Lesson #3 • Ongoing risk assessments need to explicitly consider the risk of fraud • Anti-fraud controls need to be specifically identified and evaluated • The level of depth and rigor applied to fraud risks and controls will vary by organization Conduct a Substantive Fraud Risk Assessment To address Principle 8 of the framework:
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 19 Lesson #3 (Continued) Elements of a Fraud Risk Management Program Control Environment • Board / Audit Committee Oversight • Management roles and responsibilities • Code of Business Conduct • Conflicts of Interest Policy • Fraud Control Policy • Investigation Protocols / Policy • Ombudsman Program • Whistleblower Policy Risk Assessment • Fraud risk assessment (including corruption / bribery) Control Activities • Due diligence (employees and third parties) Information & Communication • Reporting mechanisms, including hotline • Ethics training • Fraud awareness training Monitoring Activities • Continuous monitoring (i.e., management) • Fraud/ ethics audit procedures (i.e., Internal Audit, Compliance) • Investigation / case management system • Discipline / remediation • Quality assurance review
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 20 Lesson #4 Take a Broader View of Outsourced Processes Beyond the Service Organization Control (SOC) Report • Scope in key controls over outsourced activities • Ensure risk assessments consider risks and controls relating to the integrity of data sent to and received from outsourced service providers • Use a systemic methodology to evaluate SOC 1 reports and management controls around outsourced service providers We expect outsourced processes to receive increased focus in 2015
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 21 Lesson #4 (continued) Evaluating a SOC Report Assess the Scope Map User Control Considerations (UCCs) Evaluate the Opinion and Exceptions Cover the Gap Period • Ensure all significant areas included • Assess the impact of those excluded • Determine if additional procedures are necessary • Evaluate all exceptions and include in deficiency list if they are key • If the opinion is qualified, determine if there are mitigating controls in place • Compare your actual controls to the UCCs and identify any gaps • Ensure you have controls to monitor the activities performed by the third party • Compare the “as of” or “period end” date on the report to your fiscal year end date • Perform additional procedures if necessary to cover the gap period
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 22 Lesson #5 Manage the Level of Depth When Testing Indirect Controls • Ensure they are commensurate with and relevant to financial reporting risks • Ensure they focus on the achievement of control objectives relating to financial reporting • Do not expand the scope to cover non-ICFR related risks and controls
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 23 Lesson #6 Understand and Document Control Precision • Ensure management review controls achieve a sufficient level of precision to detect material misstatements • If management review controls do not achieve the prescribed level of precision, consider shifting to transaction level controls
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 24 Inquire of both the control owner and reviewer and corroborate with others Observe the timely resolution/correction of unreconciled differences or errors identified by the reviewer Participate in review meetings and document those matters reviewed and questions asked that initiated follow-up Review draft versions of documents and items supporting the control Inspect email correspondence of follow-up procedures performed, if available Lesson #6 (continued) Evaluating Control Precision
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 25 Verify that all the outliers or exceptions that should have been identified were, in fact, identified by the individual performing the control Ensure all the outliers or exceptions were adequately followed up on and resolved Lesson #6 (continued) A lack of errors/exceptions may suggest that the control is not operating with sufficient precision. Evaluating Errors/Exceptions Identified
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 26 • Information used in the execution of key controls (IPE) should be evaluated for completeness and accuracy • The level of rigor required to validate IPE will vary from auditor to auditor and audit firm to audit firm Lesson #7 Evaluate the Adequacy of Information Produced by Entity (IPE) We expect further emphasis in the next round of PCAOB inspection reports on the reliance of key controls on IPE
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 27 Lesson #7 (continued) Factors to consider when evaluating the completeness and accuracy and frequency of testing key reports: Whether the report query logic has changed Whether the relevant IT general controls are effective Whether information that the report generates comes from multiple systems or databases, thereby increasing the risk to ICFR Whether the control is sensitive to other business factors that may have changed, such as new GL accounts or sub-accounts Whether the report is being used in a control with a higher risk of failure
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 28 Lesson #7 (continued) End-User Computing/Spreadsheets Controls Access Controls • Stored in files or directories where access is restricted. • Fields with formulas use cell protection to restrict the ability to make changes to formulas. Input Controls • Inputs are validated for accuracy and completeness when data is manually entered or imported. • Control totals are reconciled upon data extraction from the source system and uploaded to the spreadsheet. Calculation Controls • Automation of the configured calculations. • Fields with formulas use cell protection to restrict the ability to make changes to formulas. • Reviews are completed to validate the appropriate- ness of important formulas. Change Controls • Version controls to track changes and differentiate versions. • Require testing and approval of spreadsheet updates prior to deployment. Monitoring Controls • Use automated spreadsheet testing tools to evaluate the spreadsheet logic and input controls. • Output is compared to another source (which may include an independent expectation) to identify potential variations or errors.
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 29 Lesson #8 Expect an Increase in Deficiency Evaluation Efforts • More analysis is required to evaluate deficiencies identified, including compensating controls • Assess deficiencies in a systemic manner to determine if they have broader implications when aggregated • Internal control components “operate together” when they are “present and functioning” and internal control deficiencies, when aggregated, do not result in a major deficiency
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 30 Lesson #9 Adopt the Updated 2013 Framework “On Time” Given that the majority of organizations have transitioned successfully, the SEC staff will not likely provide a “free pass” for fiscal years ended after December 15, 2015
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 31 Lesson #10 Ask yourself – Is Limiting Your Focus on Applying the 2013 COSO Framework to SOX Compliance the Answer? • Most organizations have only used the COSO 2013 framework for SOX, but there are benefits to using the COSO framework for other objectives (e.g., operations, compliance and other reporting) • Other uses of the COSO 2013 framework should be segregated from SOX compliance
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 32 Meet with Your Auditor Early and Often Establish an Effective and Relevant Mapping Approach1 2 Conduct a Substantive Fraud Risk Assessment Take a Broader View of Outsourced Processes Beyond the Service Organization Control (SOC) Report 3 4 Manage the Level of Depth When Testing Indirect Controls Understand and Document Control Precision5 6 Evaluate the Adequacy of Information Produced by Entity (IPE) Expect an Increase in Deficiency Evaluation Efforts7 8 Adopt the Updated 2013 Framework “On Time” Ask yourself – Is Limiting Your Focus on Applying the 2013 COSO Framework to SOX Compliance the Answer? 9 10 10 Lessons Learned from Implementing the COSO 2013 Framework
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 33 Additional Resources
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 34 Resources on COSO 2013 2013 Internal Control – Integrated Framework - Executive Summary COSO Internal Control-Integrated Framework Frequently Asked Questions The 2013 COSO Framework & SOX Compliance – One Approach to an Effective Transition 1 2 3 Access COSO Guidance and Thought Papers at: www.coso.org and click on ‘guidance’
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 35 Protiviti Resources on COSO 2013 The Updated COSO Internal Control Framework: Frequently Asked Questions 4 Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements – Frequently Asked Questions Regarding Section 404 5 Guide to the Sarbanes-Oxley Act: IT Risks and Controls 6 Board Perspectives: Risk Oversight - COSO 2013: Why Should You Care 7 Source: http://www.protiviti.com/en-US/Pages/Resource-Guides.aspx Bulletin: Top 10 Lessons Learned from Implementing COSO 2013 8
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 36 Past Protiviti Webinars on COSO 2013 Title Date COSO 2013: What is New, What is Changed, Why Does it Matter and Other Frequently Asked Questions May 28, 2014 COSO 2013: Managing the Project for Success June 4, 2014 COSO 2013: Mapping Controls to Principles June 11, 2014 COSO 2013: The Implications to IT Controls June 18, 2014 COSO 2013: Assessing Fraud Risk in ICEFR and Implementation Insights Panel June 25, 2014 COSO 2013: Assessing Fraud Risk September 10, 2014 All of our webinars can be found on www.protiviti.com. Just click on Webinars on our home page
© 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 37 Confidentiality Statement and Restriction for Use This document contains confidential material proprietary to Protiviti Inc. ("Protiviti"), a wholly-owned subsidiary of Robert Half ("RHI"). RHI is a publicly-traded company and as such, the materials, information, ideas, and concepts contained herein are non-public, should be used solely and exclusively to evaluate the capabilities of Protiviti to provide assistance to your Company, and should not be used in any inappropriate manner or in violation of applicable securities laws. The contents are intended for the use of your Company and may not be distributed to third parties.

Recommandé

COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightBlackLine
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to knowjennyhollingworth
 
COSO Update DTF
COSO Update DTFCOSO Update DTF
COSO Update DTFDavid Fernandes
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Frameworkhyesue
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Auditijazurrehman
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Frameworksbyearly
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 

Recommandé

COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightBlackLine
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to knowjennyhollingworth
 
COSO Update DTF
COSO Update DTFCOSO Update DTF
COSO Update DTFDavid Fernandes
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Frameworkhyesue
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Auditijazurrehman
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Frameworksbyearly
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The AuditorCorporate Compliance Seminars
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
COSO ERM
COSO ERMCOSO ERM
COSO ERMSophia Abigayle
 
Coso illustrative tool
Coso illustrative toolCoso illustrative tool
Coso illustrative toolSARVJEET KAUSHAL
 
Internal controls & ai ss
Internal controls & ai ssInternal controls & ai ss
Internal controls & ai ssKashif Rana ACCA
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Internal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkInternal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkMuhamad Sugian Nor
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsCorporate Compliance Seminars
 
Professional opportunities in Internal Audit
Professional opportunities in Internal AuditProfessional opportunities in Internal Audit
Professional opportunities in Internal AuditManoj Agarwal
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessmentManoj Agarwal
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal AuditArmeniaFED
 
Functional Audit
Functional AuditFunctional Audit
Functional AuditManoj Agarwal
 
The state of ia pandemic plan
The state of ia pandemic planThe state of ia pandemic plan
The state of ia pandemic planManoj Agarwal
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Nidhi Gupta
 
Model i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaModel i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaRajeswaran Muthu Venkatachalam
 
SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013Lorri Jongeneel, CPA
 
Internal control system
Internal control systemInternal control system
Internal control systemSowie Althea
 
Ecommerce
EcommerceEcommerce
EcommerceVoksedigital
 
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Chiang Mai University School of Public Policy
 

Contenu connexe

Tendances

Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Internal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkInternal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkMuhamad Sugian Nor
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsCorporate Compliance Seminars
 
Professional opportunities in Internal Audit
Professional opportunities in Internal AuditProfessional opportunities in Internal Audit
Professional opportunities in Internal AuditManoj Agarwal
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessmentManoj Agarwal
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal AuditArmeniaFED
 
The state of ia pandemic plan
The state of ia pandemic planThe state of ia pandemic plan
The state of ia pandemic planManoj Agarwal
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Nidhi Gupta
 

Tendances (19)

COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
Coso framework
Coso frameworkCoso framework
Coso framework
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
 
Coso illustrative tool
Coso illustrative toolCoso illustrative tool
Coso illustrative tool
 
Internal controls & ai ss
Internal controls & ai ssInternal controls & ai ss
Internal controls & ai ss
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
Internal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkInternal_Audit_Competency_Framework
Internal_Audit_Competency_Framework
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance Seminars
 
Professional opportunities in Internal Audit
Professional opportunities in Internal AuditProfessional opportunities in Internal Audit
Professional opportunities in Internal Audit
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessment
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
 
Functional Audit
Functional AuditFunctional Audit
Functional Audit
 
The state of ia pandemic plan
The state of ia pandemic planThe state of ia pandemic plan
The state of ia pandemic plan
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013
 
Model i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaModel i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for ia
 
SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013
 

En vedette

Internal control system
Internal control systemInternal control system
Internal control systemSowie Althea
 
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...Kenny Ong
 
Arens12e 10
Arens12e 10Arens12e 10
Arens12e 10John Sy
 
42 39 checklist_for_internal_control_system
42 39 checklist_for_internal_control_system42 39 checklist_for_internal_control_system
42 39 checklist_for_internal_control_systemKalyan Ghosh
 
Auditing tools and Techniques
Auditing tools and TechniquesAuditing tools and Techniques
Auditing tools and TechniquesAjilal
 
Frauds & Scams in Banks
Frauds & Scams in BanksFrauds & Scams in Banks
Frauds & Scams in BanksAkshay Virkar
 
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control Tahir Abbas
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit MethodologyManoj Agarwal
 
7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and Reporting7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and ReportingBrown Smith Wallace
 
Fraud Detection presentation
Fraud Detection presentationFraud Detection presentation
Fraud Detection presentationHernan Huwyler
 
Internal Control
Internal ControlInternal Control
Internal ControlSalih Islam
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing PresentationVernon Benjamin
 
Audit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, AuditingAudit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, AuditingAdvance Business Consulting
 

En vedette (20)

Internal control system
Internal control systemInternal control system
Internal control system
 
Ecommerce
EcommerceEcommerce
Ecommerce
 
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
 
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
 
Arens12e 10
Arens12e 10Arens12e 10
Arens12e 10
 
Cobit dan coso
Cobit dan cosoCobit dan coso
Cobit dan coso
 
42 39 checklist_for_internal_control_system
42 39 checklist_for_internal_control_system42 39 checklist_for_internal_control_system
42 39 checklist_for_internal_control_system
 
METHODS OF AUDITING
METHODS OF AUDITINGMETHODS OF AUDITING
METHODS OF AUDITING
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Auditing tools and Techniques
Auditing tools and TechniquesAuditing tools and Techniques
Auditing tools and Techniques
 
Frauds & Scams in Banks
Frauds & Scams in BanksFrauds & Scams in Banks
Frauds & Scams in Banks
 
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and Reporting7 Keys to Fraud Prevention, Detection and Reporting
7 Keys to Fraud Prevention, Detection and Reporting
 
Fraud Detection presentation
Fraud Detection presentationFraud Detection presentation
Fraud Detection presentation
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Internal Control
Internal ControlInternal Control
Internal Control
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 
Audit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, AuditingAudit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, Auditing
 

Similaire à Top 10 lessons learned from COSO 2013 Implementation

Digitization - What Does This Mean to Internal Audit?
Digitization - What Does This Mean to Internal Audit?Digitization - What Does This Mean to Internal Audit?
Digitization - What Does This Mean to Internal Audit?jennyhollingworth
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
 
Prosci Solutions Webinar
Prosci Solutions WebinarProsci Solutions Webinar
Prosci Solutions WebinarTim Creasey
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach Jim Kaplan CIA CFE
 
Internal Audit Quality Assessment
Internal Audit Quality AssessmentInternal Audit Quality Assessment
Internal Audit Quality AssessmentMohammad Draidi
 
Demo site script_1.03.ppt
Demo site script_1.03.pptDemo site script_1.03.ppt
Demo site script_1.03.pptthe_ro0t
 
Webinar: Key Aspects for Maximizing Synergies Through Effective Post Merger I...
Webinar: Key Aspects for Maximizing Synergies Through Effective Post Merger I...Webinar: Key Aspects for Maximizing Synergies Through Effective Post Merger I...
Webinar: Key Aspects for Maximizing Synergies Through Effective Post Merger I...GPMIP
 
IIBA Board Of Directors Elections Sept 2009
IIBA Board Of Directors Elections Sept 2009IIBA Board Of Directors Elections Sept 2009
IIBA Board Of Directors Elections Sept 2009Tracy Cook
 
Post Merger Integration Toolkit - Frameworks, Best Practices and Templates
Post Merger Integration Toolkit - Frameworks, Best Practices and TemplatesPost Merger Integration Toolkit - Frameworks, Best Practices and Templates
Post Merger Integration Toolkit - Frameworks, Best Practices and TemplatesAurelien Domont, MBA
 
Jahez_Internal Audit Report_Financial Control_Jan'23_01032023.pptx
Jahez_Internal Audit Report_Financial Control_Jan'23_01032023.pptxJahez_Internal Audit Report_Financial Control_Jan'23_01032023.pptx
Jahez_Internal Audit Report_Financial Control_Jan'23_01032023.pptxSudhanshuTripathi64
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
 
project of audit
project of auditproject of audit
project of auditUswa Malik
 
Smu mba sem 3 pm spring 2016 assignments
Smu mba sem 3 pm spring 2016 assignmentsSmu mba sem 3 pm spring 2016 assignments
Smu mba sem 3 pm spring 2016 assignmentssolved_assignments
 
The Role of the Board in a Private Company (Series: Board of Directors Boot C...
The Role of the Board in a Private Company (Series: Board of Directors Boot C...The Role of the Board in a Private Company (Series: Board of Directors Boot C...
The Role of the Board in a Private Company (Series: Board of Directors Boot C...Financial Poise
 
HI600 Ch01 text_slides
HI600 Ch01 text_slidesHI600 Ch01 text_slides
HI600 Ch01 text_slidesljmcneill33
 
Protiviti-Governance-Portal-Client-Insights
Protiviti-Governance-Portal-Client-InsightsProtiviti-Governance-Portal-Client-Insights
Protiviti-Governance-Portal-Client-InsightsMarco Villacorta Olano
 
Compliance Week_April 1 2008_article
Compliance Week_April 1 2008_articleCompliance Week_April 1 2008_article
Compliance Week_April 1 2008_articleDean Plank
 

Similaire à Top 10 lessons learned from COSO 2013 Implementation (20)

Digitization - What Does This Mean to Internal Audit?
Digitization - What Does This Mean to Internal Audit?Digitization - What Does This Mean to Internal Audit?
Digitization - What Does This Mean to Internal Audit?
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
 
Prosci Solutions Webinar
Prosci Solutions WebinarProsci Solutions Webinar
Prosci Solutions Webinar
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach
 
Internal Audit Quality Assessment
Internal Audit Quality AssessmentInternal Audit Quality Assessment
Internal Audit Quality Assessment
 
Demo site script_1.03.ppt
Demo site script_1.03.pptDemo site script_1.03.ppt
Demo site script_1.03.ppt
 
Webinar: Key Aspects for Maximizing Synergies Through Effective Post Merger I...
Webinar: Key Aspects for Maximizing Synergies Through Effective Post Merger I...Webinar: Key Aspects for Maximizing Synergies Through Effective Post Merger I...
Webinar: Key Aspects for Maximizing Synergies Through Effective Post Merger I...
 
IIBA Board Of Directors Elections Sept 2009
IIBA Board Of Directors Elections Sept 2009IIBA Board Of Directors Elections Sept 2009
IIBA Board Of Directors Elections Sept 2009
 
Post Merger Integration Toolkit - Frameworks, Best Practices and Templates
Post Merger Integration Toolkit - Frameworks, Best Practices and TemplatesPost Merger Integration Toolkit - Frameworks, Best Practices and Templates
Post Merger Integration Toolkit - Frameworks, Best Practices and Templates
 
Jahez_Internal Audit Report_Financial Control_Jan'23_01032023.pptx
Jahez_Internal Audit Report_Financial Control_Jan'23_01032023.pptxJahez_Internal Audit Report_Financial Control_Jan'23_01032023.pptx
Jahez_Internal Audit Report_Financial Control_Jan'23_01032023.pptx
 
Internal Auditing Basics
Internal Auditing BasicsInternal Auditing Basics
Internal Auditing Basics
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics
 
project of audit
project of auditproject of audit
project of audit
 
Webinar on SWOT analysis in strategy development
Webinar on SWOT analysis in strategy developmentWebinar on SWOT analysis in strategy development
Webinar on SWOT analysis in strategy development
 
Smu mba sem 3 pm spring 2016 assignments
Smu mba sem 3 pm spring 2016 assignmentsSmu mba sem 3 pm spring 2016 assignments
Smu mba sem 3 pm spring 2016 assignments
 
The Role of the Board in a Private Company (Series: Board of Directors Boot C...
The Role of the Board in a Private Company (Series: Board of Directors Boot C...The Role of the Board in a Private Company (Series: Board of Directors Boot C...
The Role of the Board in a Private Company (Series: Board of Directors Boot C...
 
HI600 Ch01 text_slides
HI600 Ch01 text_slidesHI600 Ch01 text_slides
HI600 Ch01 text_slides
 
Protiviti-Governance-Portal-Client-Insights
Protiviti-Governance-Portal-Client-InsightsProtiviti-Governance-Portal-Client-Insights
Protiviti-Governance-Portal-Client-Insights
 
Compliance Week_April 1 2008_article
Compliance Week_April 1 2008_articleCompliance Week_April 1 2008_article
Compliance Week_April 1 2008_article
 

Dernier

A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Dernier (20)

A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Top 10 lessons learned from COSO 2013 Implementation

  • 1. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 1 Protiviti Webinar: Top Ten Lessons Learned From Implementing COSO 2013
  • 2. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 2 Housekeeping Items… Following the webinar, all attendees will receive a link to a copy of the presentation and recording. If you are experiencing technical difficulties during the webcast, let us know by submitting a question within the webinar screen. Please provide your email address for a swift reply. If you are having trouble hearing the audio through the computer, separate phone lines are available. International +1 734 385 2579 United States +1 855 707 0664 Conference ID 26627554
  • 3. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 3 We are issuing 1.5 CPE credit for this presentation. To be eligible to receive CPE credit, please: • Answer five (5) out of the six (6) polling questions throughout the duration of this webinar. • Qualifying participants will receive their CPE certificates via e-mail within 4 weeks of the webinar • In the resources area, you can access the following: • Download The Updated COSO Internal Control Framework: Frequently Asked Questions • Download The Bulletin: Top 10 Lessons Learned from Implementing COSO 2013 • Register for the May 21st webinar The New Revenue Recognition Rules: Systems, Data, Reporting and a Transparent Audit Trail Trouble hearing the audio through the computer? Dial in! Phone: +1 855 707 0664, Conference ID: 26627554 CPE Credits and Supplemental Information
  • 4. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 4 Jim DeLoach is a Managing Director in Protiviti’s Houston office. He has served on the COSO Advisory Council with respect several COSO projects since 2002, the most recent project being the Internal Control – Integrated Framework Update. He has worked with, and delivered numerous presentations on risk management to, hundreds of companies and groups in 30 countries. He writes Protiviti’s Flash Reports, The Bulletin and Board Perspectives: Risk Oversight. In addition, he writes a monthly blog on the online magazine of the National Association of Corporate Directors and a monthly column for Corporate Compliance Insights. He also wrote all four editions of Guide to the Sarbanes- Oxley Act: Internal Control Reporting Requirements. E-mail: Jim.DeLoach@protiviti.com Jim DeLoach, Managing Director, Houston Today’s Speakers Trouble hearing the audio through the computer? Dial in! Phone: +1 855 707 0664, Conference ID: 26627554
  • 5. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 5 Keith Kawashima is a Managing Director in Protiviti’s Silicon Valley office. Keith has over 25 years of experience in finance and accounting including 15+ years with Protiviti/Arthur Andersen’s Internal Audit practice and more than 10 years corporate experience in both Finance and Operations prior to joining Protiviti. He has been involved in all aspects of a company’s internal audit function from establishing a charter and developing a risk-based internal audit plan, to developing and executing work programs, through reporting at the audit committee and board level. E-mail: Keith.Kawashima@protiviti.com Keith Kawashima, Managing Director, Northern California Today’s Speakers Trouble hearing the audio through the computer? Dial in! Phone: +1 855 707 0664, Conference ID: 26627554
  • 6. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 6 Shari Katz leads training and methodology development for Protiviti’s Internal Audit Solution and is based in Chicago. She develops curriculum and methodology, and facilitates knowledge management activities for the global internal audit practice. She has 20 years of experience in internal audit at Protiviti and Arthur Andersen. Her experience includes broad internal audit activity, from risk assessments and internal audit plan development to execution of audits and reporting of findings. It also includes Sarbanes Oxley compliance activities from establishing a first year project to supporting an ongoing program. She began her career in Andersen’s external audit practice. She is a CPA, CIA, CRMA and CGMA. E-mail: Shari.Katz@protiviti.com Shari Katz, Program Manager, Internal Audit Methodology and Training, Chicago Today’s Speakers Trouble hearing the audio through the computer? Dial in! Phone: +1 855 707 0664, Conference ID: 26627554
  • 7. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 7 Grounding Concepts Additional Resources Top 10 Lessons Learned Today We Will Cover… Trouble hearing the audio through the computer? Dial in! Phone: +1 855 707 0664, Conference ID: 26627554
  • 8. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 8 Grounding Concepts
  • 9. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 9 COSO Internal Control - Integrated Framework COSO Cube (2013 Edition)* Source: Chapter 2 of COSO Internal Control: Integrated Framework (2013). • The COSO 2013 Framework is a suitable framework for evaluating the effectiveness of internal control over financial reporting (ICFR) • COSO no longer supports the 1992 Framework • The majority of 12/31 issuers have completed the transition from the 1992 Framework to the 2013 Framework
  • 10. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 10 Importance of a Top-Down, Risk-Based Approach Still Applicable with the Implementation of the 2013 COSO Framework Important for Setting Scope and Objectives Not Employing this Approach Could Result in Going Overboard with Testing and Documentation
  • 11. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 11 Top 10 Lessons Learned from Implementing COSO 2013
  • 12. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 12 Lesson #1 Meet with Your Auditor Early and Often 2014 2015 Q1 Q2 Q3 Q4 Q1 Develop project plan & inventory existing documentation Perform COSO 2013 Mapping Update process documentation as necessary Document and/or design controls for COSO 2013 gaps Perform phase I testing of key controls Perform phase II testing of key controls Perform year end testing of key controls including annual controls. Final gap remediation assessment, including significance of open gaps (any warranting an MW or SD) Refresh Internal Audit infrastructure Perform / Execute Internal Audit Work program for selected Internal Audits Assess significance of remaining gaps, if applicable. Finalize prior year audit Discussions with management to evaluate prior year audit cycle and plan current year audit cycle Perform Phase I testing of key controls Perform Phase II testing of key controls External Audit will perform year end substantive audit procedures Discussions with management to evaluate prior year audit cycle and plan current year audit cycle Phase I – Planning and Scoping Phase II – Assess/Analyze Design Effectiveness Phase III – Implement/Assess Operational Effectiveness Phase IV – Monitoring/Testing/Remediation External Auditor Checkpoints Internal Auditor Oversight Checkpoints SOX IA CPA Firm
  • 13. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 13 Lesson #1 (continued) Upfront Planning Discussions Significant changes to your company Current focus areas of external audit • Mergers/acquisitions • Discontinued operations • Changes to organization hierarchy • Key management judgments and accounting estimates • Accounting policies • Changes to internal controls • Changes to IT infrastructure • Changes in third party relationships • PCAOB inspection results • Areas of focus for the year • Peer review results • New accounting standards • Updated disclosure requirements • Changes in audit procedures / methodology • COSO 2013 transition
  • 14. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 14 Lesson #1 (continued) Areas requiring review and agreement as part of effective planning: • COSO 2013 mapping approach and format • Scoping and materiality • Approach to: ‒ Multi-locations / site visits ‒ Inventory counts ‒ Review of out-sourced third party providers ‒ Application controls testing ‒ Controls over / validation of EAE / IPE ‒ One-time transactions ‒ Year-end cut-off and roll-forward procedures • Walkthrough performance • Deliverables • Reliance on the work of others (e.g. internal audit) • Use of specialists – areas of judgment • Areas requiring consultations
  • 15. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 15 Lesson #2 Establish an Effective and Relevant Mapping Approach • Identify whether the point of focus applies to the organization • Identify the key controls at the top level that relate to the point of focus, and the control unit where they reside • Evaluate design effectiveness at two points – at the design of the control itself, and then overall design effectiveness at the principle level • Evaluate operating effectiveness • Track and manage deficiencies • Write a memo outlining the approach the company took Orientation Planning Assessment Remediation
  • 16. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 16 Lesson #2 (Continued) There is no one-size-fits-all solution for mapping controls to the 17 principles. The size, complexity, risks and operating style of each organization will have an impact on the process. • Level of Effort depends on ‒ The level of depth of prior entity level documentation ‒ The extent of testing previously performed on entity level documentation ‒ The accuracy and robustness of the controls documented
  • 17. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 17 Lesson #2 (Continued) Extent of Gaps include: • Some controls need to be more robust • Some controls exist but were not documented for SOX • Some controls need to be built to address a gap • Deficiencies in entity level controls have an indirect connection to ICEFR, but need to be remediated in order to prevent them evolving into larger issues
  • 18. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 18 Lesson #3 • Ongoing risk assessments need to explicitly consider the risk of fraud • Anti-fraud controls need to be specifically identified and evaluated • The level of depth and rigor applied to fraud risks and controls will vary by organization Conduct a Substantive Fraud Risk Assessment To address Principle 8 of the framework:
  • 19. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 19 Lesson #3 (Continued) Elements of a Fraud Risk Management Program Control Environment • Board / Audit Committee Oversight • Management roles and responsibilities • Code of Business Conduct • Conflicts of Interest Policy • Fraud Control Policy • Investigation Protocols / Policy • Ombudsman Program • Whistleblower Policy Risk Assessment • Fraud risk assessment (including corruption / bribery) Control Activities • Due diligence (employees and third parties) Information & Communication • Reporting mechanisms, including hotline • Ethics training • Fraud awareness training Monitoring Activities • Continuous monitoring (i.e., management) • Fraud/ ethics audit procedures (i.e., Internal Audit, Compliance) • Investigation / case management system • Discipline / remediation • Quality assurance review
  • 20. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 20 Lesson #4 Take a Broader View of Outsourced Processes Beyond the Service Organization Control (SOC) Report • Scope in key controls over outsourced activities • Ensure risk assessments consider risks and controls relating to the integrity of data sent to and received from outsourced service providers • Use a systemic methodology to evaluate SOC 1 reports and management controls around outsourced service providers We expect outsourced processes to receive increased focus in 2015
  • 21. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 21 Lesson #4 (continued) Evaluating a SOC Report Assess the Scope Map User Control Considerations (UCCs) Evaluate the Opinion and Exceptions Cover the Gap Period • Ensure all significant areas included • Assess the impact of those excluded • Determine if additional procedures are necessary • Evaluate all exceptions and include in deficiency list if they are key • If the opinion is qualified, determine if there are mitigating controls in place • Compare your actual controls to the UCCs and identify any gaps • Ensure you have controls to monitor the activities performed by the third party • Compare the “as of” or “period end” date on the report to your fiscal year end date • Perform additional procedures if necessary to cover the gap period
  • 22. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 22 Lesson #5 Manage the Level of Depth When Testing Indirect Controls • Ensure they are commensurate with and relevant to financial reporting risks • Ensure they focus on the achievement of control objectives relating to financial reporting • Do not expand the scope to cover non-ICFR related risks and controls
  • 23. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 23 Lesson #6 Understand and Document Control Precision • Ensure management review controls achieve a sufficient level of precision to detect material misstatements • If management review controls do not achieve the prescribed level of precision, consider shifting to transaction level controls
  • 24. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 24 Inquire of both the control owner and reviewer and corroborate with others Observe the timely resolution/correction of unreconciled differences or errors identified by the reviewer Participate in review meetings and document those matters reviewed and questions asked that initiated follow-up Review draft versions of documents and items supporting the control Inspect email correspondence of follow-up procedures performed, if available Lesson #6 (continued) Evaluating Control Precision
  • 25. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 25 Verify that all the outliers or exceptions that should have been identified were, in fact, identified by the individual performing the control Ensure all the outliers or exceptions were adequately followed up on and resolved Lesson #6 (continued) A lack of errors/exceptions may suggest that the control is not operating with sufficient precision. Evaluating Errors/Exceptions Identified
  • 26. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 26 • Information used in the execution of key controls (IPE) should be evaluated for completeness and accuracy • The level of rigor required to validate IPE will vary from auditor to auditor and audit firm to audit firm Lesson #7 Evaluate the Adequacy of Information Produced by Entity (IPE) We expect further emphasis in the next round of PCAOB inspection reports on the reliance of key controls on IPE
  • 27. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 27 Lesson #7 (continued) Factors to consider when evaluating the completeness and accuracy and frequency of testing key reports: Whether the report query logic has changed Whether the relevant IT general controls are effective Whether information that the report generates comes from multiple systems or databases, thereby increasing the risk to ICFR Whether the control is sensitive to other business factors that may have changed, such as new GL accounts or sub-accounts Whether the report is being used in a control with a higher risk of failure
  • 28. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 28 Lesson #7 (continued) End-User Computing/Spreadsheets Controls Access Controls • Stored in files or directories where access is restricted. • Fields with formulas use cell protection to restrict the ability to make changes to formulas. Input Controls • Inputs are validated for accuracy and completeness when data is manually entered or imported. • Control totals are reconciled upon data extraction from the source system and uploaded to the spreadsheet. Calculation Controls • Automation of the configured calculations. • Fields with formulas use cell protection to restrict the ability to make changes to formulas. • Reviews are completed to validate the appropriate- ness of important formulas. Change Controls • Version controls to track changes and differentiate versions. • Require testing and approval of spreadsheet updates prior to deployment. Monitoring Controls • Use automated spreadsheet testing tools to evaluate the spreadsheet logic and input controls. • Output is compared to another source (which may include an independent expectation) to identify potential variations or errors.
  • 29. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 29 Lesson #8 Expect an Increase in Deficiency Evaluation Efforts • More analysis is required to evaluate deficiencies identified, including compensating controls • Assess deficiencies in a systemic manner to determine if they have broader implications when aggregated • Internal control components “operate together” when they are “present and functioning” and internal control deficiencies, when aggregated, do not result in a major deficiency
  • 30. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 30 Lesson #9 Adopt the Updated 2013 Framework “On Time” Given that the majority of organizations have transitioned successfully, the SEC staff will not likely provide a “free pass” for fiscal years ended after December 15, 2015
  • 31. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 31 Lesson #10 Ask yourself – Is Limiting Your Focus on Applying the 2013 COSO Framework to SOX Compliance the Answer? • Most organizations have only used the COSO 2013 framework for SOX, but there are benefits to using the COSO framework for other objectives (e.g., operations, compliance and other reporting) • Other uses of the COSO 2013 framework should be segregated from SOX compliance
  • 32. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 32 Meet with Your Auditor Early and Often Establish an Effective and Relevant Mapping Approach1 2 Conduct a Substantive Fraud Risk Assessment Take a Broader View of Outsourced Processes Beyond the Service Organization Control (SOC) Report 3 4 Manage the Level of Depth When Testing Indirect Controls Understand and Document Control Precision5 6 Evaluate the Adequacy of Information Produced by Entity (IPE) Expect an Increase in Deficiency Evaluation Efforts7 8 Adopt the Updated 2013 Framework “On Time” Ask yourself – Is Limiting Your Focus on Applying the 2013 COSO Framework to SOX Compliance the Answer? 9 10 10 Lessons Learned from Implementing the COSO 2013 Framework
  • 33. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 33 Additional Resources
  • 34. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 34 Resources on COSO 2013 2013 Internal Control – Integrated Framework - Executive Summary COSO Internal Control-Integrated Framework Frequently Asked Questions The 2013 COSO Framework & SOX Compliance – One Approach to an Effective Transition 1 2 3 Access COSO Guidance and Thought Papers at: www.coso.org and click on ‘guidance’
  • 35. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 35 Protiviti Resources on COSO 2013 The Updated COSO Internal Control Framework: Frequently Asked Questions 4 Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements – Frequently Asked Questions Regarding Section 404 5 Guide to the Sarbanes-Oxley Act: IT Risks and Controls 6 Board Perspectives: Risk Oversight - COSO 2013: Why Should You Care 7 Source: http://www.protiviti.com/en-US/Pages/Resource-Guides.aspx Bulletin: Top 10 Lessons Learned from Implementing COSO 2013 8
  • 36. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 36 Past Protiviti Webinars on COSO 2013 Title Date COSO 2013: What is New, What is Changed, Why Does it Matter and Other Frequently Asked Questions May 28, 2014 COSO 2013: Managing the Project for Success June 4, 2014 COSO 2013: Mapping Controls to Principles June 11, 2014 COSO 2013: The Implications to IT Controls June 18, 2014 COSO 2013: Assessing Fraud Risk in ICEFR and Implementation Insights Panel June 25, 2014 COSO 2013: Assessing Fraud Risk September 10, 2014 All of our webinars can be found on www.protiviti.com. Just click on Webinars on our home page
  • 37. © 2015 Protiviti Inc. An Equal Oppurtunity Employer MFDV. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. 37 Confidentiality Statement and Restriction for Use This document contains confidential material proprietary to Protiviti Inc. ("Protiviti"), a wholly-owned subsidiary of Robert Half ("RHI"). RHI is a publicly-traded company and as such, the materials, information, ideas, and concepts contained herein are non-public, should be used solely and exclusively to evaluate the capabilities of Protiviti to provide assistance to your Company, and should not be used in any inappropriate manner or in violation of applicable securities laws. The contents are intended for the use of your Company and may not be distributed to third parties.