COSO Transition Templates

COSO – TRANSITION TEMPLATESCASE STUDIES AND PRACTICAL GUIDANCE

WHO’S TRANSITIONING THIS YEAR?

Polling Question?

YOU’RE NOT ALONE!

NEW 17 PRINCIPLES TO POF:COSO TRANSITION CHEAT SHEET!

http://www.avivaspectrum.com/blog

AGENDA

What to expect

COSO Principles

POF discussion w/case studies

Attributes and testing

Templates w/game plan

What you’re working on tomorrow

Creating your own transition plan

Leveraging key best practices

Download templates

Technical Community sharing ideas Templates, WEBINARS advise and learn from others implementing this new framework. MEMBERS ONLY!

Implementation Resources

COMPLIANCE MADE SIMPLE ©

http://www.linkedin.com/groups/2013-COSO-Implementation-4888186/about

COSO Implementation



PRINCIPLES BASED APPROACH

5 Components

17 Principles

80+ Points of Focus “POF”(prior guidance “attributes”)

COMPONENT LAYOUT 17 principles


Principle# Points of Focus

1 4

2 4

3 3

4 4

5 6


CONTROL ENVIRONMENT (PR. #1: INTEGRITY & ETHICAL VALUES)

Approaches:

a) Establishing Standards of Conduct

b) Leading by example on matters of integrity & ethics

c) Evaluating Mgmt & Other personnel, OS service providers & Bus. Partners for Adherence to Standards of Conduct

d) Developing Processes to report & promptly act on deviations from standards of conduct

Points of Focus:1. Sets the Tone at the Top2. Est. Standards of Conduct3. Evaluates Adherence to

Standards of Conduct4. Addresses Deviations in a

Timely Manner

Compliance Made Simple ©

WHAT “HOLDS” A PRINCIPLE UP!

Prin

cipl

e

CASE STUDY #1EVALUATION OF EFFECTIVENESS (PRINCIPLE #1)

LOOKING AT THE ENTIRE PRINCIPLE #1 – FINDINGS ANALYSIS


Principle 1: The Organization demonstrates a commitment to integrity and ethical values.

VOL. #3 – COSO IC EFFECTIVENESS (VOLUME #3 PG.65- 66)


QUICK BACKGROUND: • Private Co., retail furniture company (family owned)• $200MM Rev and exclusively in Western US Sales• Evaluation of Principle #1

COSO 2013 FINDINGS1. No formal training program to make employees aware of importance to adherence

to standards of conduct.2. No process to evaluate EEs against the published integrity & ethics policy3. Processes to ID & Address Deviations are ad hoc

POLLING Q: HOW SEVERE ARE THESE FINDINGS?


Is this a Control Deficiency, Significant Def., or Major Deficiency?


Principle #1

Sets

the

ton

e?

Est

. SO

C

Eval. Adherence?

Address D

eviations?

Visualizing the findings

Determine In-Out Scope POF

In-ScopeFormula drive in EXCEL

From “Principle_POF ONLY” TAB!

If you answered “Y” for YES that the POF is IN-SCOPEThen the formula to review approaches will automatically populate the word “In-Scope”.

If you leave it blank or put “N” for NO, it will still populate “Out of Scope”

Reviewing your Approach OptionsReference

To POF #

Reviewing your Approach Options

Approaches a, b coverPOF 2, butApproach b covers both 1, 2

Do more with less!

Reviewing your Approach Options

Determine the right Approach and conclude “Y” (Yes) or “N” (NO)

EVALUATE PRIOR YEAR RESULTS Consider year-end testing results dashboard used for internal communications

FAILURE ANALYSIS All POF items were in-scope. Now analyze remediation plan efforts!

Review PY IC testing

conclusions (CD/SD/MW)

POLLING QUESTION: MULTI-LOCATIONS

Q: Do you have in-scope multi-locations?

“remember in-scope for controls testing”

MULTI-LOCATION REVIEW IMPACT ANALYSIS

COSO TRANSITION OPTIONS – VOL#4

Principle #1

POF:

Set

s th

e

tone

Est

. SO

C Eva

l. Adhere

nce

Address D

eviations

Visualizing Your COSO Transition

Approach “A” Approach “B”

Approach “C”

Examples 1 Example 2 Example 1Examples 1 Example 2

3 KC

4 KC

3 KC

2 KC

4 KC

COSO’S TRANSITION GUIDANCE


http://www.coso.org/documents/COSO%20McNallyTransition%20Article-Final%20COSO%20Version%20Proof_5-31-13.pdf


STEP 1 – AWARENESS & EDUCATION!

Group Document Delivery Date Next Steps

Board of Directors Executive Summary FY 2014 1st Quarterly Meeting

Agreement on Transition plan

C-Level Executive Summary FY 2014 1st quarterly Meeting

Internal Transition meeting March 2014

SOX Director • All Four COSO Materials

• COSO Cloud Based Guidance

• Monitoring guidance Vol #3

Feb. 21st 2014 Draft Transition plan 2 weeks before March 2014 meeting.

STEP 2 – PRELIMINARY IMPACT ASSESSMENTMap your existing system of internal control against the updated COSO Framework.


Area Assessment File name

Items/Controls Covered

New 2013 Impact

# of Approaches (Vol. 4)

Est. Eval. Lead Time

Due Date

Impact inventory listing due

ELC 2013-ELC Assessment.xls

45 5 PR & 17 POF

25 Unique Examples

2 weeks March 1st March. 8th

These are NOT ControlsEstimate 2-3 Controls per

approach

Consider separate controls for

transaction level and separate for

review/monitoring

STEP 3: BOD & EXTERNAL AUDITORS

Each business unit or location may prepare its own local level assessment.


Corporate Office

Fin

Division 1

Fin

Operating Unit

Fin

6 mos.


Transition ANALYSIS


Initial Impact Analysis should give WARNINGS to BOD & C-Level Mgmt. Immediately!

In-Scope EntityWith Control Deficiency from

Prior Year

POLLING QUESTION: PCAOB NEW IC STANDARDS

Q: Are you adopting the NEW PCAOB STANDARDS?

TRANSITION CONCERNS: NEW PCAOB AUDIT ALERT! Caused audit layering

More in-depth written description of estimates and use of judgment, especially review controls

Detailed documentation and testing of system reports utilized in performance of controls.


http://pcaobus.org/Standards/QandA/10-24-2013_SAPA_11.pdf

GOOD ISN’T GOOD ENOUGHGOOD V. NEW PCAOB CONTROL LANGUAGE

Older Language (“OK”)

Quarterly, Controller reviews the AR allowance for adequacy and reasonableness of reserve amounts by initialing and dating the “AR reserve” analysis.


GOOD ISN’T GOOD ENOUGHGOOD V. NEW PCAOB CONTROL LANGUAGE




Audit Controller initials & Match Total $ = DONE!

NEW PCAOB CONTROL LANGUAGE“NEW STANDARDS FOR CONTROL LANGUAGE”



Updated Control (“Better”)Quarterly, Controller reviews AR balances of significant customers with o/s balances greater than $10K and 5% of AR balance and those under that threshold by customer type (e.g. geographical location, types of orders, etc.), to review the AR allowance for accuracy and completeness. Adjustments, if needed, are sent via email to the AR manager, final review of the AR reserve analysis is initialed and dated by the Controller which agrees to the final g/l balance for the period.



SO WHAT HAPPENS IN TESTING?

BEFOREReview initials – DONE!

#1 - Initials

#2 - AR Threshold Analysis &

system report validation

(completeness/accuracy)#3 - AR Emails

w/follow-up interview

documentation

Laye

red

test

ing

STEP 4: PLANNING DOCUMENTS


Corporate Office

Fin

Division 1

Fin

Operating Unit

Fin

Align to PCAOB

OUR CONTROL COMPLIANCE ANALYSIS (“CCA”)

COSO Transition

Top Transition Failures (Case Studies)

Audit Evidence required

Priority Driven by Principles

PCAOB, IIA & SEC Guidance

Latest PCAOB Internal Control Standards

IIA Incorporated Top 7 IC Failures

SEC Guidance for Mgmt on Internal Controls

The Process

Initial IntakeAnalysis &

BenchmarkingCCA Report

POLLING QUESTION:

Q: Are you benchmarking your external auditor reliance?

CCA Benchmarking

Norman Marks: COSO’s Transition

http://www.youtube.com/watch?v=FZt95bzIkOg



http://www.amazon.com/Management-Guide-Sarbanes-Oxley-Section-404/dp/0894138103/ref=sr_1_12?ie=UTF8&qid=1391478991&sr=8-12&keywords=norman+marks


BLOG TALK RADIO SHOW

1) COSO Transition Experts

2) IT Audit Expert 3) BIG DATA – Auditing4) Risk Assessment

Best Practice Aids

http://www.blogtalkradio.com/avivaspectrum

YOUR TRANSITION NEXT STEPS1. BECOME A COSO IMPLEMENTATION MEMBER

2. DOWNLOAD THE TRANSITION TEMPLATES & SLIDES (SEE SLIDESHARE.NET “AVIVA SPECTRUM”)

3. GET YOUR CCA ANALYSIS


CONTROL COMPLIANCE ANALYSIS

Email:

[email protected]

Subject: CCA Reservation

WE ARE VOLUNTEERING OUR TIME!WRITE A RECOMMENDATION

Leave a review!

MY CONTACT INFORMATIONSonia Luna, President, CEO

[email protected]


Question & Answer - Session

Business

COSO Transition Templates