A Close Examination of COSO's NEW 2013 Framework
-
Upload
wwwavivaspectrumcom -
Category
Economy & Finance
-
view
5.586 -
download
3
description
Transcript of A Close Examination of COSO's NEW 2013 Framework
![Page 1: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/1.jpg)
A Close Examination of COSO's NEW 2013
Framework
Compliance Made Simple ©
![Page 2: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/2.jpg)
Great Organizations Have:
Professional & Organizational Credibility 24/7Great organizations know their risks.Compliance with Standards brings them VALUE!Continuous Improvement is the path to Long-Term SustainabilityOrganizations need effective internal controls to ensure that
their information is timely and reliable, almost instantly, in today’s world of up-to-the-moment digital info distribution on all information: operational, financial, graphical versus hard numbers, or prospective.
Coso’s Update & it’s Impact on Your Company
Compliance Made Simple ©
![Page 3: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/3.jpg)
Why Change Something that’s Working?
What’s Actually Changing?
What is ERM and What are the Risks?
What Changes Impact SOX 404
Implementation Next Steps
Agenda
Compliance Made Simple ©
![Page 4: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/4.jpg)
Compliance Made Simple ©
![Page 5: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/5.jpg)
Compliance Made Simple ©
1992COSO
“Good”
ERM2004
Small COSO2006
“Better”
2013 COSO “BEST”
How We See Framework Changes?
![Page 6: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/6.jpg)
Over 50 examples & 200 pages written on how to leverage controls that are Non-Financial Reporting
Why? 1. You are blindly relying on your IT to
do its function. 2. Wasted dollars (over $6billion a year)
Enterprise Risk Management“Why 2013 Feels like ERM?”
Compliance Made Simple ©
![Page 7: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/7.jpg)
The Risks? Almost Limitless. The Defense? COSO’s Framework
Compliance Made Simple ©
![Page 8: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/8.jpg)
Compliance Made Simple ©
![Page 9: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/9.jpg)
Compliance Made Simple ©
MonitoringGuidance (2008)
(over 400 pages in 3 vol. set)
AICPA (2008)Audit Committee Toolkit
(Approx. 7 templates will change)
New 2013COSO (over 500 pages
then 150+ for ICFR guidance)
Where to get SOURCE Documents?
2013 IllustrativeTools (145 pages)
![Page 10: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/10.jpg)
Compliance Made Simple ©
![Page 11: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/11.jpg)
The COSO board emphasizes monitoring streamlines both compliance and operational aspects of the business. Key steps to effective monitoring:
Identify and maximize effective monitoring, and Identify and improve ineffective or inefficient monitoring 80/20 Rule applies to automated monitoring vs. manual
monitoring (1 hour v. 3 hours)
The Foundation and Apex of COSO? MONITORING
Compliance Made Simple ©
![Page 12: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/12.jpg)
Key Implementation Factors1. Organizational design of business2. Establishing an ERM organization3. Performing risk assessments4. Determining overall risk appetite5. Identifying risk responses6. Communication of risk results7. Monitoring8. Oversight & periodic review by management
Compliance Made Simple ©
![Page 13: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/13.jpg)
Compliance Made Simple ©
What will change in SOX 404?
Top 3 ImpactAreas
![Page 14: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/14.jpg)
Compliance Made Simple ©
Risk Assessment Process & SOX 404 Deliverables
1. Creates higher expectation to document process of Risk Assessment (see Principle 9 “ID & Changes that could impact ICFR”)
Risk Assessment (page 65 – 69 of ICEFR Compendium
Management Risk Responses to consider: a) Avoid, b) Accept, c) Reduce and d) Share (page 69 of Compendium)
![Page 15: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/15.jpg)
Compliance Made Simple ©
IT Assessments2. IT Cloud Environment – COSO wants more
“benchmarking” based on it’s cloud computing 2012 Guidance – (PAGE #8 to 16 for Expert Auditor to read)
Control Env. – Pr #3 (attribute 1 & 3) (page 34 of ICEFR Compendium)
Control Act. (page 85 – 86 of ICEFER Compendium)
![Page 16: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/16.jpg)
Compliance Made Simple ©
Planning DocumentsMateriality/Changes
3. Materiality – now Principle 6 Focuses more energy on how you get your answer and “WHY!”
Document your options and any changes. Don’t forget the 4th quarter assessment = Prudent Official TEST
AU sec. 312, Audit Risk and Materiality in
Conducting an Audit
![Page 17: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/17.jpg)
Compliance Made Simple ©
Flow of Changes in SOX DocsDocumented RA processPlanning
• PnP Update• Brainstorming sessions documented• 4th quarter materiality check
Source Documents InventoryDocumentation• Internal & External Impact Assessment (pg. 72 of Framework & Appendices)• Transactional RA – 4th Quarter assessment (High & Mod. Risks)
Sub-Certifications & AC MinutesTesting & Reporting
Documents• Leverage 2008 Guidance (Residual Risk – Low/Mod)• Substantive testing to low (interview etc.)• Quarterly AC meetings (RA analysis – external environment analysis)• IA role top 7 disclosures documented via inquiry in AC minutes
![Page 18: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/18.jpg)
2 Key Next Steps
Compliance Made Simple ©
Company Overview/Forecast (2 mos. lead time)
SOX Aggregate Impact(3 mos. lead time)
Finance & IT Deliverables Impact assessment(3-4 mos. lead time)
2014 Implementation Analysis
ComplianceControl Analysis
(“CCA”)
Three Free CCA by June 30, 2013
![Page 19: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/19.jpg)
Join COSO 2013 LinkedIn Group for FREE templates, advise and learn from others implementing this new framework.
Step 2
Compliance Made Simple ©
COSO 2013 Implementationhttp://www.linkedin.com/groups/2013-COSO-Implementation-4888186/about
![Page 20: A Close Examination of COSO's NEW 2013 Framework](https://reader035.fdocument.pub/reader035/viewer/2022070301/5464c1daaf7959cf288b4e19/html5/thumbnails/20.jpg)
Sonia Luna, President, [email protected]
700 S. Flower Street #1100Los Angeles, CA 90017P: (213) 250-5700
Contact Information
Compliance Made Simple ©