Embed Size (px)
Citation preview
November 22, 2017
COSO 2013: Getting Internal ControlUnder Control
November 22, 2017 2
COSO 2013
Inter
November 22, 2017 3
The Agenda
• COSO 2013 in a Nutshell
• How COSO 2013 Can Create Assurance, and Why This is a Good Thing
• How to Make Your Case that COSO 2013 is Either Working in Your Organization, or That Things Need to Change
Inter
November 22, 2017 4
COSO 2013
November 22, 2017 5
The Definition
• COSO 2013 IC definition:Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
November 22, 2017 6
The Five Components
November 22, 2017 7
The Seventeen Principles
November 22, 2017 8
Present and Functioning
November 22, 2017 9
What is Internal Control, Really?
• COSO 2013 IC definition:Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
November 22, 2017 10
What is Internal Control, Really?
• COSO 2013 IC definition:Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
November 22, 2017 11
Assurance
November 22, 2017 12
Is it Present?
November 22, 2017 13
Does it Function?
November 22, 2017 14
Making Your Case
Inter
November 22, 2017 15
Control Environment
1. Demonstrate commitment to integrity and ethical values
2. Exercise oversight responsibility3. Establish structures, reporting lines, authorities
and responsibilities4. Demonstrate commitment to a competent
workforce5. Hold people accountable
November 22, 2017 16
Risk Assessment
6. Specify appropriate objectives7. Identify and analyze risks8. Evaluate fraud risks9. Identify and analyze changes that could
significantly affect internal controls
November 22, 2017 17
Control Activities
10.Select and develop control activities that mitigate risks
11.Select and develop technology controls12.Deploy control activities through policies
and procedures
November 22, 2017 18
Information & Communication
13.Use relevant, quality information to support the internal control function
14.Communicate internal control information internally
15.Communicate internal control information externally
November 22, 2017 19
Monitoring
16.Perform ongoing and/or periodic evaluations of internal controls
17.Communicate internal control deficiencies
November 22, 2017 20
Self Evaluation
• Thinking about Internal Control outside of the IC Process
• Does the Report Reflect Reality?
