coso transition templates
DESCRIPTION
These FREE COSO Transition Templates will allow your organization to easily map to the new 17 principles and 86 points of focus. They will also provide your executive management team and audit committee an easy dashboard showing them your compliance to the new 2013 COSO framework. Register for the full recorded webinar:TRANSCRIPT
AGENDA
What to expect
COSO Principles
POF discussion w/case studies
Attributes and testing
Templates w/game plan
What you’re working on tomorrow
Creating your own transition plan
Leveraging key best practices
Download templates
Technical Community sharing ideas Templates, WEBINARS advise and learn from others implementing this new framework. MEMBERS ONLY!
Implementation Resources
COMPLIANCE MADE SIMPLE ©
http://www.linkedin.com/groups/2013-COSO-Implementation-4888186/about
COSO Implementation
PRINCIPLES BASED APPROACH
5 Components
17 Principles
80+ Points of Focus “POF”(prior guidance “attributes”)
COMPLIANCE MADE SIMPLE ©
CONTROL ENVIRONMENT (PR. #1: INTEGRITY & ETHICAL VALUES)
Approaches:
a) Establishing Standards of Conduct
b) Leading by example on matters of integrity & ethics
c) Evaluating Mgmt & Other personnel, OS service providers & Bus. Partners for Adherence to Standards of Conduct
d) Developing Processes to report & promptly act on deviations from standards of conduct
Points of Focus:1. Sets the Tone at the Top2. Est. Standards of Conduct3. Evaluates Adherence to
Standards of Conduct4. Addresses Deviations in a
Timely Manner
CASE STUDY #1EVALUATION OF EFFECTIVENESS (PRINCIPLE #1)
LOOKING AT THE ENTIRE PRINCIPLE #1 – FINDINGS ANALYSIS
COMPLIANCE MADE SIMPLE ©
Principle 1: The Organization demonstrates a commitment to integrity and ethical values.
VOL. #3 – COSO IC EFFECTIVENESS (VOLUME #3 PG.65- 66)
COMPLIANCE MADE SIMPLE ©
QUICK BACKGROUND: • Private Co., retail furniture company (family owned)• $200MM Rev and exclusively in Western US Sales• Evaluation of Principle #1
COSO 2013 FINDINGS1. No formal training program to make employees aware of importance to adherence
to standards of conduct.2. No process to evaluate EEs against the published integrity & ethics policy3. Processes to ID & Address Deviations are ad hoc
POLLING Q: HOW SEVERE ARE THESE FINDINGS?
COMPLIANCE MADE SIMPLE ©
Is this a Control Deficiency, Significant Def., or Major Deficiency?
COMPLIANCE MADE SIMPLE ©
Principle #1
Sets
the
ton
e?
Est
. SO
C
Eval. Adherence?
Address D
eviations?
Visualizing the findings
If you answered “Y” for YES that the POF is IN-SCOPEThen the formula to review approaches will automatically populate the word “In-Scope”.
If you leave it blank or put “N” for NO, it will still populate “Out of Scope”
Reviewing your Approach Options
Approaches a, b coverPOF 2, butApproach b covers both 1, 2
Do more with less!
EVALUATE PRIOR YEAR RESULTS Consider year-end testing results dashboard used for internal communications
FAILURE ANALYSIS All POF items were in-scope. Now analyze remediation plan efforts!
Review PY IC testing
conclusions (CD/SD/MW)
POLLING QUESTION: MULTI-LOCATIONS
Q: Do you have in-scope multi-locations?
“remember in-scope for controls testing”
Principle #1
POF:
Set
s th
e
tone
Est
. SO
C Eva
l. Adhere
nce
Address D
eviations
Visualizing Your COSO Transition
Approach “A” Approach “B”
Approach “C”
Examples 1 Example 2 Example 1Examples 1 Example 2
3 KC
4 KC
3 KC
2 KC
4 KC
COSO’S TRANSITION GUIDANCE
COMPLIANCE MADE SIMPLE ©
Compliance Made Simple ©
STEP 1 – AWARENESS & EDUCATION!
Group Document Delivery Date Next Steps
Board of Directors Executive Summary FY 2014 1st Quarterly Meeting
Agreement on Transition plan
C-Level Executive Summary FY 2014 1st quarterly Meeting
Internal Transition meeting March 2014
SOX Director • All Four COSO Materials
• COSO Cloud Based Guidance
• Monitoring guidance Vol #3
Feb. 21st 2014 Draft Transition plan 2 weeks before March 2014 meeting.
STEP 2 – PRELIMINARY IMPACT ASSESSMENTMap your existing system of internal control against the updated COSO Framework.
COMPLIANCE MADE SIMPLE ©
Area Assessment File name
Items/Controls Covered
New 2013 Impact
# of Approaches (Vol. 4)
Est. Eval. Lead Time
Due Date
Impact inventory listing due
ELC 2013-ELC Assessment.xls
45 5 PR & 17 POF
25 Unique Examples
2 weeks March 1st March. 8th
These are NOT ControlsEstimate 2-3 Controls per
approach
Consider separate controls for
transaction level and separate for
review/monitoring
STEP 3: BOD & EXTERNAL AUDITORS
Each business unit or location may prepare its own local level assessment.
COMPLIANCE MADE SIMPLE ©
Corporate Office
Fin
Division 1
Fin
Operating Unit
Fin
6 mos.
Compliance Made Simple ©
Initial Impact Analysis should give WARNINGS to BOD & C-Level Mgmt. Immediately!
In-Scope EntityWith Control Deficiency from
Prior Year
TRANSITION CONCERNS: NEW PCAOB AUDIT ALERT! Caused audit layering
More in-depth written description of estimates and use of judgment, especially review controls
Detailed documentation and testing of system reports utilized in performance of controls.
COMPLIANCE MADE SIMPLE ©
GOOD ISN’T GOOD ENOUGHGOOD V. NEW PCAOB CONTROL LANGUAGE
Older Language (“OK”)
Quarterly, Controller reviews the AR allowance for adequacy and reasonableness of reserve amounts by initialing and dating the “AR reserve” analysis.
COMPLIANCE MADE SIMPLE ©
GOOD ISN’T GOOD ENOUGHGOOD V. NEW PCAOB CONTROL LANGUAGE
Older Language (“OK”)
Quarterly, Controller reviews the AR allowance for adequacy and reasonableness of reserve amounts by initialing and dating the “AR reserve” analysis.
COMPLIANCE MADE SIMPLE ©
Audit Controller initials & Match Total $ = DONE!
NEW PCAOB CONTROL LANGUAGE“NEW STANDARDS FOR CONTROL LANGUAGE”
Older Language (“OK”)
Quarterly, Controller reviews the AR allowance for adequacy and reasonableness of reserve amounts by initialing and dating the “AR reserve” analysis.
Updated Control (“Better”)Quarterly, Controller reviews AR balances of significant customers with o/s balances greater than $10K and 5% of AR balance and those under that threshold by customer type (e.g. geographical location, types of orders, etc.), to review the AR allowance for accuracy and completeness. Adjustments, if needed, are sent via email to the AR manager, final review of the AR reserve analysis is initialed and dated by the Controller which agrees to the final g/l balance for the period.
COMPLIANCE MADE SIMPLE ©
Compliance Made Simple ©
SO WHAT HAPPENS IN TESTING?
BEFOREReview initials – DONE!
#1 - Initials
#2 - AR Threshold Analysis &
system report validation
(completeness/accuracy)#3 - AR Emails
w/follow-up interview
documentation
Laye
red
test
ing
STEP 4: PLANNING DOCUMENTS
COMPLIANCE MADE SIMPLE ©
Corporate Office
Fin
Division 1
Fin
Operating Unit
Fin
Align to PCAOB
OUR CONTROL COMPLIANCE ANALYSIS (“CCA”)
COSO Transition
Top Transition Failures (Case Studies)
Audit Evidence required
Priority Driven by Principles
PCAOB, IIA & SEC Guidance
Latest PCAOB Internal Control Standards
IIA Incorporated Top 7 IC Failures
SEC Guidance for Mgmt on Internal Controls
Norman Marks: COSO’s Transition
http://www.youtube.com/watch?v=FZt95bzIkOg
BLOG TALK RADIO SHOW
1) COSO Transition Experts
2) IT Audit Expert 3) BIG DATA – Auditing4) Risk Assessment
Best Practice Aids
YOUR TRANSITION NEXT STEPS1. BECOME A COSO IMPLEMENTATION MEMBER
2. DOWNLOAD THE TRANSITION TEMPLATES & SLIDES (SEE SLIDESHARE.NET “AVIVA SPECTRUM”)
3. GET YOUR CCA ANALYSIS
Compliance Made Simple ©
CONTROL COMPLIANCE ANALYSIS
Email:
Subject: CCA Reservation
MY CONTACT INFORMATIONSonia Luna, President, CEO
COMPLIANCE MADE SIMPLE ©
Question & Answer - Session