internal control–integrated framework

7/30/2019 Internal ControlIntegrated Framework
1/34
0
Presented by:Richard F. Chambers CIA, CCSA, CGAP, CRMAGlobal President and CEOThe Institute of Internal Auditors
May 21, 2013
Internal Control Integrated Framework
The ICGFM 27th Annual International Training Conference

2/34
1
Presentation Overview
COSO & Project Overview Internal Control-Integrated Framework
Illustrative Documents Illustrative Tools for Assessing Effectiveness of a System of Internal Control Internal Control over External Financial Reporting: A Compendium of
Approaches and examples Transition & Impact Recommended Actions Questions & Comments

3/34
2
COSO & Project Overview

4/34
3
COSO Overview Internal Control Publications
1992 2006 2009 2013

5/34
4
Original Framework
COSOs In ternal Contro l In tegrated Framewo rk (1992 Edition)
RefreshObjectives
Updated
Framework
COSOs In ternal Contro l In tegrated Framewo rk (2013 Edition)
Broadens Application Clarifies Requirements
Articulate principles to
facilitate effective
internal control
Why update what works The Framework has become themost widely adopted control framework worldwide.
UpdatesContext
Enhancements
Reflect changes in
business & operating
environments
Expand operations and
reporting objectives

6/34
5
Project timetable
Assess & SurveyStakeholders Design & Build
Public Exposure,Assess & Refine Finalize
2010 2011 2012 2013

7/346
Project participantsCOSO
Board of Directors
COSO Advisory Council
AICPA AAA FEI IIA IMA Public Accounting Firms Regulatory observers (SEC, GAO, FDIC,
PCAOB) Others (IFAC, ISACA, others)
PwC
Author &Project Leader
Stakeholders
Over 700 stakeholders in Framework
responded to global survey during 2011 Over 200 stakeholders publically commented
on proposed updates to Framework duringfirst quarter of 2012
Over 50 stakeholders publically commented onproposed updates in last quarter of 2012

8/347
Project deliverable #1 Internal Control-IntegratedFramework (2013 Edition)
Consists of three volumes: Executive Summary
Framework and Appendices Illustrative Tools for
Assessing Effectiveness of aSystem of Internal Control
Sets out:
Definition of internal control Categories of objectives Components of internal
control Requirements for
effectiveness

9/348
Project deliverable #2 Internal Control over ExternalFinancial Reporting: A Compendium....
Approaches and Examplesillustrate how principles areapplied in preparing financialstatements
Considers changes inbusiness and operatingenvironments during past two
decades Relevant for variety of entities
public, private, not-for-profit,and government
Consistent with updatedFramework

10/349
Internal Control Integrated Framework

11/3410
Defining Internal Control:
Internal control is a process, effectedby an entitys board of directors,management, and other personnel,designed to provide reasonableassurance regarding theachievement of objectives relating to
operations, reporting andcompliance.

12/3411
The Internal Control DefinitionReflects Fundamental Concepts:
Geared to the achievement of objectives in one or more categories
Operations Reporting Compliance
A process consisting of ongoing tasksand activities: a means not an end.
Effected by people Able to provide reasonable
assurance. Adaptable to the entity structure

13/3412
The Components of InternalControl Remain Unchanged:
Control environment
Risk assessment Control activities
Information and communication
Monitoring activities

14/3413
Relationship of Objectives andComponents:
Objectives are what an entitystrives to achieve (3 columns)
Components represent whatare required to achieveobjectives (5 Rows)
The organizational structure willvary by the nature andcomplexity of the entity (the 3 rd dimension in the cube)

15/3414
Update expected to ease use and application
What is not changing... What is changing...
Core definition of internal control
Three categories of objectives andfive components of internal control
Each of the five components of internal control are required foreffective internal control
Important role of judgment indesigning, implementing andconducting internal control, and inassessing its effectiveness
Changes in business and operating
environments considered
Operations and reporting objectivesexpanded
Fundamental concepts underlyingfive components articulated asprinciples
Additional approaches andexamples relevant to operations,compliance, and non-financialreporting objectives added

16/3415
Environm ents changes . .. have driven Framework updates
Expectations for governance oversight
Globalization of markets and operations
Changes and greater complexity in business
Demands and complexities in laws, rules,regulations, and standards
Expectations for competencies andaccountabilities
Use of, and reliance on, evolving technologies
Expectations relating to preventing anddetecting fraud
COSO Cube (2013Edition)
Update considers changes in business and operatingenvironments

17/3416
Control Environment
Risk Assessment
Control Activities
Information &Communication
Monitoring Activities
Update articulates principles of effective internal control 1. Demonstrates commitment to integrity and ethical values2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence5. Enforces accountability
6. Specifies suitable objectives7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change
10. Selects and develops control activities
11. Selects and develops general controls over technology 12. Deploys through policies and procedures
13. Uses relevant information14. Communicates internally 15. Communicates externally
16. Conducts ongoing and/or separate evaluations17. Evaluates and communicates deficiencies

18/3417
Control Environment
Update articulates principles of effective internal control(continued)
1. The organization demonstrates a commitment tointegrity and ethical values.
2. The board of directors demonstrates independencefrom management and exercises oversight of thedevelopment and performance of internal control.
3. Management establishes, with board oversight,structures, reporting lines, and appropriateauthorities and responsibilities in the pursuit of
objectives.4. The organization demonstrates a commitment to
attract, develop, and retain competent individualsin alignment with objectives.
5. The organization holds individuals accountable for their internal control responsibilities in the pursuitof objectives.

19/3418
6. The organization specifies objectives withsufficient clarity to enable the identification and
assessment of risks relating to objectives.7. The organization identifies risks to the
achievement of its objectives across the entityand analyzes risks as a basis for determininghow the risks should be managed.
8. The organization considers the potential for fraud in assessing risks to the achievement of objectives.
9. The organization identifies and assesseschanges that could significantly impact thesystem of internal control.
Risk Assessment
Update articulates principles of effective internal control(continued)

20/34

21/34
20
13. The organization obtains or generates and usesrelevant, quality information to support the
functioning of other components of internalcontrol.
14. The organization internally communicatesinformation, including objectives andresponsibilities for internal control, necessary tosupport the functioning of other components of internal control.
15. The organization communicates with externalparties regarding matters affecting thefunctioning of other components of internalcontrol.
Information &Communication
Update articulates p

internal control–integrated framework

Documents

Information for entity management - AICPA · PDF file2013 Internal Control—Integrated Framework (COSO framework), internal control is a process, effected by an entity’s board of

Internal Control Integrated Framework: COSO 2013 Control Integrated Framework: COSO 2013 Update ... 1992 COSO published Internal Control – Integrated Framework (Pyramid); ... Criminal

A Discussion About Internal Controls · PDF file 2 005 Testing Internal Controls 004 Approach to Designing Internal Controls 003 COSO Internal Controls Integrated Framework 002 Defining

COSO’s Internal Control 2013 – Integrated Framework · PDF fileThe Road to Transition: COSO’s Internal Control 2013 – Integrated Framework | 2 Control Environment 1. Demonstrates

Draft for ublic Exposure - IDW · PDF fileThe COSO Internal Control–Integrated Framework (Framework) enables organizations to effectively and efficiently develop systems of internal

Internal Control Integrated Framework: COSO 2013 Update fileInternal Control Integrated Framework: COSO 2013 Update Presented by: Billy Morehead, Ph.D., CPA, CGFM, CPM AGA Past National

Honorably Retire “Internal Controls” Promote “Risk ... ... (Source: Internal Control - Integrated Framework Exposure Draft March 1991, Committee of Sponsoring Organizations)

COSO Internal Control — Integrated Framework Principles

COSO Internal Control - Integrated Framework V1

RELATING THE COSO INTERNAL CONTROL INTEGRATED FRAMEWORK ... · PDF file... Control—Integrated Framework and COBIT ... Framework for the Governance and Management of ... the enterprise

Internal Control–Integrated Framework - Montana · PDF file1 Table of Contents • COSO & Project Overview • Internal Control-Integrated Framework • Illustrative Documents –

Internal Control Integrated Framework - · PDF file Project deliverable #1 – Internal Control-Integrated Framework (2013 Edition) •Consists of three volumes: Executive Summary

Internal Control — Integrated Framework Guidance on

The New COSO: Internal Control - Integrated Framework New+COSO+Framework.pdf · PDF fileOverview of Internal Control • Internal Control—Integrated Framework – COSO Report (1992

Internal Control—Integrated Framework · PDF file (COSO) released its Internal Control—Integrated Framework (the original framework). The original framework has gained broad acceptance

Internal Control Integrated Framework - Rutgers raw. · PDF file3 Original Framework (today) COSO’s Internal Control–Integrated Framework (1992 Edition) Enhancements and clarifications

The Updated COSO Internal Control- Integrated ... Toolkits/The... · PDF file The Updated COSO Internal Control-Integrated Framework Appendix – Components, principles and points

policyIQ for COSO 2013 Internal Control - Integrated Framework

Internal Control — Integrated Framework Guidance · PDF fileInternal Control — Integrated Framework Guidance on Monitoring Internal Control Systems Volume I — Executive Summary

COSO Internal Control — Integrated Framework Principles Sprin · PDF file COSO Internal Control — Integrated Framework Principles The organization demonstrates a commitment to