SlideShare ist ein Scribd-Unternehmen logo

Coso Internal Control Integrated Framework

H
hyesue

COSO

1 von 30
Downloaden Sie, um offline zu lesen
COSO’s Proposed R i i t COSO’ P d Revision to Internal Control - Integrated g Framework and its Implications on I f Information Technology ti T h l Ken Vander Wal, ISACA International President David Landsittel, Chairman of COSO Cara Beston, Partner at PricewaterhouseCoopers p 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Today’s webinar: • Text in questions using the Ask A Question button • All audio is streamed over your computer – Having technical issues? Click the ? button • Download the slide deck from the Event Home Page • No CPEs being offered for this event • Question or suggestion? Email them to eLearning@isaca.org L i @i 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Presenters: Ken Vander Wal ISACA International President David Landsittel Chairman of COSO Cara Beston Partner at PricewaterhouseCoopers 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Agenda • Introd ction Introduction • COSO, Project Overview, Scope and Structure • Proposed Updates • I Impact of Updates to Technology t fU d t t T h l • Open Discussion • C ll to Action – N t St Call t A ti Next Steps 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Introduction • Background • ISACA Membership on COSO’s Advisory Council – Represented by Ken Vander Wal – Supported by Global Task Force • Today’s Presenters – David Landsittel – Cara Beston 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
COSO, Project Overview, Scope and Structure 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
About COSO – Formed in 1985 to sponsor a Commission to examine fraudulent financial reporting f d l t fi i l ti – A joint initiative of five private sector organizations – Sponsors: • American Accounting Association • American Institute of Certified Public Accountants • Financial Executives International • Institute of Management Accountants • The Institute of Internal Auditors 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Mission of COSO • “To provide thought leadership through the development of To comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.” Fundamental Principle • Good risk management and internal control are necessary for the long-term success of organizations 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Project Overview j – Internal Control - Integrated Framework • First published in 1992 • M t widely used Most id l d framework in the US • Also widely used around the th worldld – However, since 1992, the operating environment has evolved l d – Framework concepts timeless, but context needs updating pdating 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Project Objectives j j – The goal of the project is to “refresh” the Framework, by providing a context that is current. – Enhancements are not intended to alter the core concepts developed in the original Framework – Other project objectives include: • Explicitly identifying principles and attributes to provide efficiency and a basis for evaluating effectiveness • Adding more f focus on operational and compliance control objectives • Expanding “Financial Reporting” objective to encompass “ “reporting” more broadly i ” b dl 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Project Governance Structure and Participants COSO Board of Directors PricewaterhouseCoopers Project Team COSO Advisory Council Companies & Other Stakeholders (nominated by the COSO Board) • Industry Associations • AICPA • Academia • AAA • Not-for-profit, government entities • IIA • Professional associations • FEI • Risk management professionals • IMA • Lawyers • Regulatory Observers • Public Accounting Firms • Regulators • Others • Other rule-makers 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Project Scope and Deliverables • Three Products Contemplated: – An updated Internal Control – Integrated Framework – A companion document focusing on applying framework for Internal Control over External Financial Reporting (ICEFR) – Evaluation tools for use in assessing the overall effectiveness of internal control 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Project Timetable j 2010 2011 2012 Sept – Jan Feb - Oct Dec - Mar Apr - Dec Assess & Survey Design & Public Finalize Stakeholder Build Exposure 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Obtaining Input: Survey of Stakeholders – Over 700 responses – Responses come from wide range of organizations and individuals • Large, small and non-profit organizations well represented • 1 in 4 respondents are international (27%) • The majority of respondents have been using the Framework for over 5 years – Overall, a large majority of respondents (85%) support updating, but not a major overhaul in the Framework 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
What’s Changed • The experienced reader will find much familiar in the updated Framework, which builds on what has proven effective in the original version. What is not changing... What is changing... 1. Definition of internal control 1. Updating context to reflect 2. Five components of internal current environment control 2. Codification of principles used 3. 3 Criteria used to assess in developing and evaluating effectiveness of systems of effectiveness of systems internal control 3. Expanded financial reporting 4. Use of judgment in evaluating objective to address internal the ff ti th effectiveness of systems of f t f and external, financial and non- external non internal control financial reporting objectives 4. Increased focus on operations, compliance objectives 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Proposed Updates 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Summary of Updates A changing business environment... Drives updates to the Framework... Expectations for governance oversight Globalization of markets and operations Changes in business models Demands and complexity of rules, p y , regulations and standards Expectations for competencies and accountabilities Use and reliance on evolving technology Expectations for preventing and detecting fraud f d 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Summary of Updates Codification of 17 principles embedded in original Framework Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. 3 Establishes t E t bli h structure, authority and responsibility t th it d ibilit 4. Demonstrates commitment to competence 5. Establishes accountability 6. Specifies relevant objectives Risk Assessment 7. Identifies and assesses risk Risk Assessment 8. Identifies and assesses significant change 9. Assesses fraud risk Control Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures Information & 13. Generates relevant information Communication C i ti 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and separate evaluations Monitoring Activities 17. Evaluates and communicates deficiencies 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Impact of Updates to Technology 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Impact of Updates to Technology • Concepts related to technology were retained – Application controls v. General Controls – Language updated to reflect more current terms • Original Framework addressed technology as a key component of control activities and the information system • Today, technology is embedded in virtually every enterprise – Supports new business models and delivers business value – Enables business processes – Drives efficiency in controls – Generates expanded information p – Enhances speed and breadth of communication • Updated Framework considers technology across all internal control components p 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Impact of Updates to Technology • Technology does not change the internal control landscape, but may affect how a company implements internal control • As an enabler, technology – Creates new opportunities pp – Presents new risks – Promotes efficiency and effectiveness – Simplifies previously challenging activities – Adds complexity – Increases rate of change • Updated Framework considers the continuous evolution of technology, but does not attempt to address various types • Anticipates that technology will exist, but recognizes that it will be adopted differently from entity to entity 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Impact of Updates to Technology • Control Environment – Improve access to senior management and vice versa • Risk Assessment – Facilitate risk assessment process through improved data and analytics – Create new risks • Control Activities – P id new responses t risks Provide to i k – Increase efficiency of risk responses • Information & Communication – Increases available information – Expands communication channels • Monitoring Activities g – Considers new methods to monitor 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Examples of Technology & Updates • Increased importance of technology skills in assessing competence (par 161) • Identification of risks related to technological developments that may impact achievement of objectives (par 228 and 274) • Technology impact on risk of business continuity (par 248) • Entity-level considerations of the impact of systems (par 282) • Technology can both support business processes and also act as control activities (par 295) – The extent of IT dependence on processes may indicate a greater reliance on IT for controls – Management has the option to choose between manual, automated or a combination of both in selecting and developing control activities 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Examples of Technology & Updates • Technology is not prominently discussed in the area of segregation of duties (par 303- 305) – Management has several alternative control activities to select from in addressing risks associated with incompatible duties – Assessing risks associated with access to technology is important precedent to selecting control activities • Impact of technology on volume and complexity of data and information raise awareness of: – High volume of data available through electronic means increases complexity of systems needed to process data – Benefits of increased information may be offset by the operational or compliance risks – Increased importance of security, protection and retention of data 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Open Discussion 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Open Discussion Text in questions using the Ask A Question b tt Q ti button 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Call to Action – Next Steps 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Call to Action – Next Steps: • Review and Provide Comments: Internal Control - Integrated Framework http://www.ic.coso.org p g • Deadline --- 31 March 2012 • Draft of Internal Control over External Financial Reporting (ICEFR) • Embrace and Utilize COSO Internal Control - Integrated Framework in Your Enterprise • COBIT 5 - Coming 2nd Q 2012 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Register Now! Upcoming ISACA T i i U i Training: • 4-day courses include: – COBIT – Fundamentals of IT Audit and Assurance – IT Audit and Assurance Practices A dit d A P ti • 27 – 30 March in Atlanta, Georgia • www.isaca.org/training i / i i 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
Thank You! 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.

Empfohlen

Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
Jesús Gándara
 
Coso framework
Coso frameworkCoso framework
Coso framework
Darryl Woolley
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls Framework
BlackLine
 
COSO Framework Model
COSO Framework ModelCOSO Framework Model
COSO Framework Model
TownofAddison
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
Irfan Ahmed - ACA, CICA
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated Framework
Aziz Fataliyev, Internal Audit Practitioner
 
Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditing
Frederick Altum Pokoo-Aikins
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
ArmeniaFED
 

Empfohlen

Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
Jesús Gándara
 
Coso framework
Coso frameworkCoso framework
Coso framework
Darryl Woolley
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls Framework
BlackLine
 
COSO Framework Model
COSO Framework ModelCOSO Framework Model
COSO Framework Model
TownofAddison
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
Irfan Ahmed - ACA, CICA
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated Framework
Aziz Fataliyev, Internal Audit Practitioner
 
Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditing
Frederick Altum Pokoo-Aikins
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
ArmeniaFED
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
Manoj Agarwal
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
Manoj Agarwal
 
A Presentation on Risk Based Auditing
A Presentation on Risk Based AuditingA Presentation on Risk Based Auditing
A Presentation on Risk Based Auditing
Amar Deep Ghimire
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal audit
AmitaMistry2
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
Corporate Compliance Seminars
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing function
Debashis Gupta
 
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Kirtane Pandit
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Letzconsult.com
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
Treasury Consulting LLP
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
minkhollow
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessment
Manoj Agarwal
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
David Griffiths
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
Manoj Agarwal
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
grifff
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
Salih Islam
 
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
International Federation of Accountants
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
Manoj Agarwal
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Audit
ijazurrehman
 
Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...
asvary asvary
 
COSO ERM Framework
COSO ERM FrameworkCOSO ERM Framework
COSO ERM Framework
ssuser6ea258
 
200808 01
200808 01200808 01
200808 01
Richard Thompson
 
Clean Up Your Desk
Clean Up Your DeskClean Up Your Desk
Clean Up Your Desk
David Deubelbeiss
 

Weitere ähnliche Inhalte

Was ist angesagt?

A Presentation on Risk Based Auditing
A Presentation on Risk Based AuditingA Presentation on Risk Based Auditing
A Presentation on Risk Based Auditing
Amar Deep Ghimire
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
Treasury Consulting LLP
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
minkhollow
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessment
Manoj Agarwal
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Audit
ijazurrehman
 

Was ist angesagt? (20)

Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
 
A Presentation on Risk Based Auditing
A Presentation on Risk Based AuditingA Presentation on Risk Based Auditing
A Presentation on Risk Based Auditing
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal audit
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing function
 
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessment
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
 
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Audit
 
Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...
 
COSO ERM Framework
COSO ERM FrameworkCOSO ERM Framework
COSO ERM Framework
 

Andere mochten auch

IAS 7
IAS 7IAS 7
IAS 7
RS P
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
Ahmad Tariq Bhatti
 

Andere mochten auch (19)

200808 01
200808 01200808 01
200808 01
 
Clean Up Your Desk
Clean Up Your DeskClean Up Your Desk
Clean Up Your Desk
 
Clean Desk Policy
Clean Desk PolicyClean Desk Policy
Clean Desk Policy
 
Ias 2 inventory valuation
Ias 2 inventory valuationIas 2 inventory valuation
Ias 2 inventory valuation
 
IAS 7
IAS 7IAS 7
IAS 7
 
Cobit dan coso
Cobit dan cosoCobit dan coso
Cobit dan coso
 
IAS 7 Cash Flow Statements
IAS 7 Cash Flow StatementsIAS 7 Cash Flow Statements
IAS 7 Cash Flow Statements
 
Ias 2
Ias 2Ias 2
Ias 2
 
Statement of cash flow ias 7
Statement of cash flow ias 7Statement of cash flow ias 7
Statement of cash flow ias 7
 
Ias 7 Cash Flow Statements
Ias 7 Cash Flow StatementsIas 7 Cash Flow Statements
Ias 7 Cash Flow Statements
 
IAS-7
IAS-7IAS-7
IAS-7
 
ISO 27014 et 38500
ISO 27014 et 38500ISO 27014 et 38500
ISO 27014 et 38500
 
Ias 7
Ias 7Ias 7
Ias 7
 
Inventories – ias 2
Inventories – ias 2Inventories – ias 2
Inventories – ias 2
 
Daily 15 minute office 5S
Daily 15 minute office 5SDaily 15 minute office 5S
Daily 15 minute office 5S
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 
Audit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, AuditingAudit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, Auditing
 

Ähnlich wie Coso Internal Control Integrated Framework

Session 2C Public Sector Adoption of International Standards for Supreme Audi...
Session 2C Public Sector Adoption of International Standards for Supreme Audi...Session 2C Public Sector Adoption of International Standards for Supreme Audi...
Session 2C Public Sector Adoption of International Standards for Supreme Audi...
International Federation of Accountants
 
Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1
Slime Argentina
 
Increasing Project Success through Project Management Maturity Based on ISO 2...
Increasing Project Success through Project Management Maturity Based on ISO 2...Increasing Project Success through Project Management Maturity Based on ISO 2...
Increasing Project Success through Project Management Maturity Based on ISO 2...
PECB
 
Intro to management_and_auditing_of_info_systs
Intro to management_and_auditing_of_info_systsIntro to management_and_auditing_of_info_systs
Intro to management_and_auditing_of_info_systs
jakodongo
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
Oracle
 
Managing Organizational Influences on ISO 21500 Implementation
Managing Organizational Influences on ISO 21500 ImplementationManaging Organizational Influences on ISO 21500 Implementation
Managing Organizational Influences on ISO 21500 Implementation
PECB
 

Ähnlich wie Coso Internal Control Integrated Framework (20)

Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
 
Session 2C Public Sector Adoption of International Standards for Supreme Audi...
Session 2C Public Sector Adoption of International Standards for Supreme Audi...Session 2C Public Sector Adoption of International Standards for Supreme Audi...
Session 2C Public Sector Adoption of International Standards for Supreme Audi...
 
Top 5 Pitfalls to Avoid Implemeting COSO 2013
Top 5 Pitfalls to Avoid Implemeting COSO 2013Top 5 Pitfalls to Avoid Implemeting COSO 2013
Top 5 Pitfalls to Avoid Implemeting COSO 2013
 
Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1
 
Increasing Project Success through Project Management Maturity Based on ISO 2...
Increasing Project Success through Project Management Maturity Based on ISO 2...Increasing Project Success through Project Management Maturity Based on ISO 2...
Increasing Project Success through Project Management Maturity Based on ISO 2...
 
Intro to management_and_auditing_of_info_systs
Intro to management_and_auditing_of_info_systsIntro to management_and_auditing_of_info_systs
Intro to management_and_auditing_of_info_systs
 
North West branch Annual General Meeting & "Lessons on Governance"
North West branch Annual General Meeting & "Lessons on Governance"North West branch Annual General Meeting & "Lessons on Governance"
North West branch Annual General Meeting & "Lessons on Governance"
 
Continuous Auditing D.French
Continuous Auditing D.FrenchContinuous Auditing D.French
Continuous Auditing D.French
 
"Implementing a lean approach in IT operations and infrastructure" by Philipp...
"Implementing a lean approach in IT operations and infrastructure" by Philipp..."Implementing a lean approach in IT operations and infrastructure" by Philipp...
"Implementing a lean approach in IT operations and infrastructure" by Philipp...
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your Organization
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
 
Presentation by bhaskar bhindie ind ii
Presentation by bhaskar bhindie ind iiPresentation by bhaskar bhindie ind ii
Presentation by bhaskar bhindie ind ii
 
Managing Organizational Influences on ISO 21500 Implementation
Managing Organizational Influences on ISO 21500 ImplementationManaging Organizational Influences on ISO 21500 Implementation
Managing Organizational Influences on ISO 21500 Implementation
 
For Good Measure: Understanding impact metrics for your enterprise
For Good Measure: Understanding impact metrics for your enterpriseFor Good Measure: Understanding impact metrics for your enterprise
For Good Measure: Understanding impact metrics for your enterprise
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
 
Integrated Reporting: On-the-Ground Perspectives
Integrated Reporting: On-the-Ground PerspectivesIntegrated Reporting: On-the-Ground Perspectives
Integrated Reporting: On-the-Ground Perspectives
 
Course Tech 2013, Dan Shoemaker & Ken Sigler, Engineering a More Secure Softw...
Course Tech 2013, Dan Shoemaker & Ken Sigler, Engineering a More Secure Softw...Course Tech 2013, Dan Shoemaker & Ken Sigler, Engineering a More Secure Softw...
Course Tech 2013, Dan Shoemaker & Ken Sigler, Engineering a More Secure Softw...
 
eprentise How Automation will Transform Your Financial Audit
eprentise How Automation will Transform Your Financial Auditeprentise How Automation will Transform Your Financial Audit
eprentise How Automation will Transform Your Financial Audit
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 

Coso Internal Control Integrated Framework

  • 1. COSO’s Proposed R i i t COSO’ P d Revision to Internal Control - Integrated g Framework and its Implications on I f Information Technology ti T h l Ken Vander Wal, ISACA International President David Landsittel, Chairman of COSO Cara Beston, Partner at PricewaterhouseCoopers p 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 2. Today’s webinar: • Text in questions using the Ask A Question button • All audio is streamed over your computer – Having technical issues? Click the ? button • Download the slide deck from the Event Home Page • No CPEs being offered for this event • Question or suggestion? Email them to eLearning@isaca.org L i @i 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 3. Presenters: Ken Vander Wal ISACA International President David Landsittel Chairman of COSO Cara Beston Partner at PricewaterhouseCoopers 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 4. Agenda • Introd ction Introduction • COSO, Project Overview, Scope and Structure • Proposed Updates • I Impact of Updates to Technology t fU d t t T h l • Open Discussion • C ll to Action – N t St Call t A ti Next Steps 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 5. Introduction • Background • ISACA Membership on COSO’s Advisory Council – Represented by Ken Vander Wal – Supported by Global Task Force • Today’s Presenters – David Landsittel – Cara Beston 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 6. COSO, Project Overview, Scope and Structure 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 7. About COSO – Formed in 1985 to sponsor a Commission to examine fraudulent financial reporting f d l t fi i l ti – A joint initiative of five private sector organizations – Sponsors: • American Accounting Association • American Institute of Certified Public Accountants • Financial Executives International • Institute of Management Accountants • The Institute of Internal Auditors 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 8. Mission of COSO • “To provide thought leadership through the development of To comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.” Fundamental Principle • Good risk management and internal control are necessary for the long-term success of organizations 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 9. Project Overview j – Internal Control - Integrated Framework • First published in 1992 • M t widely used Most id l d framework in the US • Also widely used around the th worldld – However, since 1992, the operating environment has evolved l d – Framework concepts timeless, but context needs updating pdating 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 10. Project Objectives j j – The goal of the project is to “refresh” the Framework, by providing a context that is current. – Enhancements are not intended to alter the core concepts developed in the original Framework – Other project objectives include: • Explicitly identifying principles and attributes to provide efficiency and a basis for evaluating effectiveness • Adding more f focus on operational and compliance control objectives • Expanding “Financial Reporting” objective to encompass “ “reporting” more broadly i ” b dl 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 11. Project Governance Structure and Participants COSO Board of Directors PricewaterhouseCoopers Project Team COSO Advisory Council Companies & Other Stakeholders (nominated by the COSO Board) • Industry Associations • AICPA • Academia • AAA • Not-for-profit, government entities • IIA • Professional associations • FEI • Risk management professionals • IMA • Lawyers • Regulatory Observers • Public Accounting Firms • Regulators • Others • Other rule-makers 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 12. Project Scope and Deliverables • Three Products Contemplated: – An updated Internal Control – Integrated Framework – A companion document focusing on applying framework for Internal Control over External Financial Reporting (ICEFR) – Evaluation tools for use in assessing the overall effectiveness of internal control 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 13. Project Timetable j 2010 2011 2012 Sept – Jan Feb - Oct Dec - Mar Apr - Dec Assess & Survey Design & Public Finalize Stakeholder Build Exposure 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 14. Obtaining Input: Survey of Stakeholders – Over 700 responses – Responses come from wide range of organizations and individuals • Large, small and non-profit organizations well represented • 1 in 4 respondents are international (27%) • The majority of respondents have been using the Framework for over 5 years – Overall, a large majority of respondents (85%) support updating, but not a major overhaul in the Framework 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 15. What’s Changed • The experienced reader will find much familiar in the updated Framework, which builds on what has proven effective in the original version. What is not changing... What is changing... 1. Definition of internal control 1. Updating context to reflect 2. Five components of internal current environment control 2. Codification of principles used 3. 3 Criteria used to assess in developing and evaluating effectiveness of systems of effectiveness of systems internal control 3. Expanded financial reporting 4. Use of judgment in evaluating objective to address internal the ff ti th effectiveness of systems of f t f and external, financial and non- external non internal control financial reporting objectives 4. Increased focus on operations, compliance objectives 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 16. Proposed Updates 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 17. Summary of Updates A changing business environment... Drives updates to the Framework... Expectations for governance oversight Globalization of markets and operations Changes in business models Demands and complexity of rules, p y , regulations and standards Expectations for competencies and accountabilities Use and reliance on evolving technology Expectations for preventing and detecting fraud f d 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 18. Summary of Updates Codification of 17 principles embedded in original Framework Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. 3 Establishes t E t bli h structure, authority and responsibility t th it d ibilit 4. Demonstrates commitment to competence 5. Establishes accountability 6. Specifies relevant objectives Risk Assessment 7. Identifies and assesses risk Risk Assessment 8. Identifies and assesses significant change 9. Assesses fraud risk Control Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures Information & 13. Generates relevant information Communication C i ti 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and separate evaluations Monitoring Activities 17. Evaluates and communicates deficiencies 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 19. Impact of Updates to Technology 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 20. Impact of Updates to Technology • Concepts related to technology were retained – Application controls v. General Controls – Language updated to reflect more current terms • Original Framework addressed technology as a key component of control activities and the information system • Today, technology is embedded in virtually every enterprise – Supports new business models and delivers business value – Enables business processes – Drives efficiency in controls – Generates expanded information p – Enhances speed and breadth of communication • Updated Framework considers technology across all internal control components p 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 21. Impact of Updates to Technology • Technology does not change the internal control landscape, but may affect how a company implements internal control • As an enabler, technology – Creates new opportunities pp – Presents new risks – Promotes efficiency and effectiveness – Simplifies previously challenging activities – Adds complexity – Increases rate of change • Updated Framework considers the continuous evolution of technology, but does not attempt to address various types • Anticipates that technology will exist, but recognizes that it will be adopted differently from entity to entity 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 22. Impact of Updates to Technology • Control Environment – Improve access to senior management and vice versa • Risk Assessment – Facilitate risk assessment process through improved data and analytics – Create new risks • Control Activities – P id new responses t risks Provide to i k – Increase efficiency of risk responses • Information & Communication – Increases available information – Expands communication channels • Monitoring Activities g – Considers new methods to monitor 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 23. Examples of Technology & Updates • Increased importance of technology skills in assessing competence (par 161) • Identification of risks related to technological developments that may impact achievement of objectives (par 228 and 274) • Technology impact on risk of business continuity (par 248) • Entity-level considerations of the impact of systems (par 282) • Technology can both support business processes and also act as control activities (par 295) – The extent of IT dependence on processes may indicate a greater reliance on IT for controls – Management has the option to choose between manual, automated or a combination of both in selecting and developing control activities 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 24. Examples of Technology & Updates • Technology is not prominently discussed in the area of segregation of duties (par 303- 305) – Management has several alternative control activities to select from in addressing risks associated with incompatible duties – Assessing risks associated with access to technology is important precedent to selecting control activities • Impact of technology on volume and complexity of data and information raise awareness of: – High volume of data available through electronic means increases complexity of systems needed to process data – Benefits of increased information may be offset by the operational or compliance risks – Increased importance of security, protection and retention of data 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 25. Open Discussion 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 26. Open Discussion Text in questions using the Ask A Question b tt Q ti button 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 27. Call to Action – Next Steps 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 28. Call to Action – Next Steps: • Review and Provide Comments: Internal Control - Integrated Framework http://www.ic.coso.org p g • Deadline --- 31 March 2012 • Draft of Internal Control over External Financial Reporting (ICEFR) • Embrace and Utilize COSO Internal Control - Integrated Framework in Your Enterprise • COBIT 5 - Coming 2nd Q 2012 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 29. Register Now! Upcoming ISACA T i i U i Training: • 4-day courses include: – COBIT – Fundamentals of IT Audit and Assurance – IT Audit and Assurance Practices A dit d A P ti • 27 – 30 March in Atlanta, Georgia • www.isaca.org/training i / i i 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
  • 30. Thank You! 2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.