Upload
swati-pandey
View
229
Download
0
Embed Size (px)
Citation preview
8/3/2019 COSO Presentation Final
1/52
COSO-Committee Of
Sponsoring Organizationof the TreadwayCommission
Submitted to: Submitted by: Dr.Vrijendra singh Pooja Singh
Swati PandeyAnuja Sethiya
Meera Singh
8/3/2019 COSO Presentation Final
2/52
ROADMAP.1. Sponsors for COSO 3.ERM
1.1 IIA 3.1 Definition
1.2 AICA 3.2 Framework
1.3 AAA 3.3 Objectives
1.4 IMA 3.4 Components
1.5 FEI 3.5 Implementation
2. Introduction 4.Internal Control
2.1 Concerns 4.1 Definition
2.2 Effectiveness 4.2 COSO cubes
8/3/2019 COSO Presentation Final
3/52
ROADMAP.
5. Limitations
6. Helpful COSO
7. Example8. References
8/3/2019 COSO Presentation Final
4/52
Sponsoring organizations
for COSO COSO stands for the Committee OfSponsoring
Organizations of the Treadway Commission. The
sponsoring organizations are: Institute of Internal Auditors (IIA)
American Institute of Certified PublicAccountants (AICPA)
American Accounting Association (AAA) Institute of Management Accountants (IMA)
Financial Executives Institute (FEI)
8/3/2019 COSO Presentation Final
5/52
8/3/2019 COSO Presentation Final
6/52
Established in 1941, The Institute ofInternal Auditors (IIA)is a guidance-setting body.
Serving members in 165 countries.
The IIA is the internal audit profession's globalvoice, chief advocate, recognized authority, andprincipal educator, with global headquarters inAltamonte Springs, Fla., United States.
8/3/2019 COSO Presentation Final
7/52
Mission:
Advocating and promoting the value that internal auditprofessionals add to their organizations;
Providing comprehensive professional education anddevelopment opportunities; standards and otherprofessional practice guidance; and certification programs;
Researching, disseminating, and promoting to practitionersand stakeholders knowledge concerning internal auditingand its appropriate role in control, risk management,and governance.
Bringing together internal auditors from all countries toshare information and experiences.
8/3/2019 COSO Presentation Final
8/52
(IMA) Institute of Management Accountants isa professional organization headquartered in Montvale,New Jersey more than 60,000 professionals worldwide.
The IMA visionis to be the leading resource fordeveloping, certifying, connecting, and supporting theworlds best accountants and financial professionalsworking in business.
IMA provides best-in-class certification, the CertifiedManagement Accountant (CMA), for criticalinternal financial management responsibilities,including planning, budgeting, business reporting, decisionanalysis, and risk management.
8/3/2019 COSO Presentation Final
9/52
8/3/2019 COSO Presentation Final
10/52
The American Accounting Association (AAA) is an"organization of persons interested in accountingeducation and research.
It was formed in 1916. Its main publication, TheAccountingReview, was first published in 1926.
Its missionis to take further the discipline andprofession of accounting through education, research,and service.
8/3/2019 COSO Presentation Final
11/52
Financial Executives International (FEI) was founded in 1931.
FEI is a member service-oriented organization for senior-level
financial executives in companies of all sizes, both public andprivate, and in all industries.
FEI operates a separate non-profit foundation: Financial
ExecutivesResearchFoundation, which acts as afinancial resource for members and foundation supporters.
The FEI headquarters and full-time staff are located in
Morristown, New Jersey.
8/3/2019 COSO Presentation Final
12/52
INTRODUCTION
COSO , is a joint initiative of the five private
sector organizations.
COSO ERM framework defines essential
components and provides guidance on
enterprise risk management, internal controland fraud deterrence.
8/3/2019 COSO Presentation Final
13/52
Todays organizations are
concerned about: Risk Management
Governance Control
Assurance (and Consulting)
And COSOprovides them with allthese.
8/3/2019 COSO Presentation Final
14/52
EffectiveI/C, or ERM, Means:
That Management has a flow of reliableinformation about each component of
control for all the objectives, from all areas ofthe organization.
COSO does not specify who should providewhat information, just that managementshould be receiving and acting on theinformation.
8/3/2019 COSO Presentation Final
15/52
Continues
Many different sources, or flows, ofinformation exist in an organization.
Soft controls relate to the people doing thework to meet the objectives of theorganization; hard controls relate the
processes and activities those people do.
8/3/2019 COSO Presentation Final
16/52
ERM Defined.
a process, effected by an entity's board of
directors, management and other personnel,
applied in strategy setting and across the
enterprise, designed to identify potential events
that may affect the entity, and manage risks to
be within its risk appetite, to provide reasonable
assurance regarding the achievement of entityobjectives.
8/3/2019 COSO Presentation Final
17/52
ERM FRAMEWORK
Objectives can be viewed in the context of four
categories:
Strategic
Operations
Reporting
Compliance
8/3/2019 COSO Presentation Final
18/52
ERM FRAMEWORK
ERM considers activities at all levels
of the organization:
Enterprise-level
Division or subsidiary
Business unit processes
8/3/2019 COSO Presentation Final
19/52
Why ERM IsImportant ..??
.
8/3/2019 COSO Presentation Final
20/52
BecauseUnderlying principles:
Every entity, whether for-profit
or not, exists to realize value forits stakeholders.
Value is created, preserved, or eroded by
management decisions in all activities, fromsetting strategy to operating the enterpriseday-to-day.
8/3/2019 COSO Presentation Final
21/52
Because
ERM supports value creation by enablingmanagement to:
Deal effectively with potential future eventsthat create uncertainty.
Respond in a manner that reduces thelikelihood of downside outcomes andincreases the upside
8/3/2019 COSO Presentation Final
22/52
Objectives of ERM
framework.. Strategy - high-level goals, aligned with and
supporting the organization's mission
Operations - effective and efficient use ofresources
Financial Reporting - reliability of operational
and financial reporting
Compliance - compliance with applicable laws
and regulations
8/3/2019 COSO Presentation Final
23/52
Eight Components of ERM
frameworkThe eight components
of the frameworkare interrelated
8/3/2019 COSO Presentation Final
24/52
Internal Environment
Establishes a philosophy regarding riskmanagement. It recognizes that unexpected aswell as expected events may occur.
Establishes the entitys risk culture.
Considers all other aspects of how theorganizations actions may affect its riskculture.
8/3/2019 COSO Presentation Final
25/52
Objective Setting
Objectives must exist before management can
identify potential events affecting their
achievement.
Forms the risk appetite of the entity a high-
level view of how much risk management and
the board are willing to accept.
Risk tolerance, the acceptable level ofvariation around objectives, is aligned with
risk appetite.
8/3/2019 COSO Presentation Final
26/52
Event Identification
Involves identifying those incidents, occurringinternally or externally, that could affect
strategy and achievement of objectives.
Addresses how internal and external factorscombine and interact to influence the risk
profile.
Opportunities are channelled back to
managements strategy or objective-setting
processes
8/3/2019 COSO Presentation Final
27/52
Risk assessment
Allows an entity to
understand the extent to
which potential events
might impact objectives.
8/3/2019 COSO Presentation Final
28/52
Risk assessment continues..
Employs a combination of both qualitative and
quantitative risk assessment methodologies.
Risks are analyzed, considering likelihood andimpact, as a basis for determining how they
should be managed.
Risks are assessed on an inherent and a
residual basis.
8/3/2019 COSO Presentation Final
29/52
Risk Response
Identifies and evaluates possible responses to
risk.
Selects and executes response based on
evaluation of the portfolio of risks and
responses.
Management selects risk responses
avoiding, accepting, reducing, or sharing risk developing a set of actions to align risks with
the entitys risk tolerances and risk appetite.
8/3/2019 COSO Presentation Final
30/52
Control Activities
Policies and procedures that help ensure that
the risk responses, as well as other entity
directives, are carried out.
Occur throughout the organization, at all
levels and in all functions.
8/3/2019 COSO Presentation Final
31/52
Information and Communication
Management identifies, captures, andcommunicates information that enables
people to carry out their responsibilities.
Communication occurs in a broader sense,
flowing down, across, and up the organization.
8/3/2019 COSO Presentation Final
32/52
Monitoring
Monitoring helps determine the effectiveness
of the processes, technologies and personnel
executing enterprise risk management.
The entity establishes minimum standards for
each component of enterprise risk
management.
8/3/2019 COSO Presentation Final
33/52
How to establish ERM?
Determine a risk philosophy
Survey risk culture
Consider organizational integrity
and ethical values
Decide roles and responsibilities
8/3/2019 COSO Presentation Final
34/52
Internal Control Defined.
Internal control is a process, effected by anentitys board of directors, management andother personnel, designed to providereasonable assurance regarding the
achievement of objectives in the followingcategories:
Effectiveness and efficiency of operations
Reliability of financial reporting Compliance with applicable laws and
regulations
8/3/2019 COSO Presentation Final
35/52
COSOInternal Control
Soft Controls
People
Openness
Shared Values
Clarity
Commitment to
Competence
Honesty
High Expectations
Communications
Hard Controls
Activities
Reviews
Inspections
Policies
Reconciliations
Structure
Limits of AuthorityUse rids and
Password
Physical Counts
8/3/2019 COSO Presentation Final
36/52
The COSO cubes-I/C & ERM
Monitoring
Information and Communication
Control Activities
Risk Response
Risk Assessment
Event Identification
Objective Setting
Internal Environment
8/3/2019 COSO Presentation Final
37/52
Limitations:
Reasonable, not absolute assurance Different levels of assurance for different
objectives
The future is uncertain Other limiting factors
Judgment, breakdowns Collusion, management override
Cost versus benefits Not part of IC or ERM
The objectives selected to be achieved The responses taken to the risks
8/3/2019 COSO Presentation Final
38/52
How much more COSO canhelp?
Controls for reliability of financial reportingare mainly in finance areas (Financial)
Controls over effective and efficientoperations (Operational) and compliance withlaws and regulations (Compliance) are mainlyin operational areas.
Discussing objectives, risks and responses isthe most valuable part of ERM
8/3/2019 COSO Presentation Final
39/52
Continues Anyone can put together a list of risks and
controls, but true ERM can only be done by thosedirectly responsible for achieving the objectives.
The samesoft controls in the COSO I/Cframework also apply to the ERM framework. I/C
is fully incorporated into ERM.
ERM does not replace good management
practices, does not replace setting the rightobjectives, and does not replace the businessexperience needed to have the right vision ofwhere an organization should be heading.
8/3/2019 COSO Presentation Final
40/52
Example: ERM Organization:
ERMDirector
Vice President and
Chief Risk Officer
Corporate CreditRisk Manager
InsuranceRisk Manager
ERM
Manager
ERM
Manager
Staff Staff Staff
FES
Commodity
Risk Mg.Director
8/3/2019 COSO Presentation Final
41/52
Implementation in a firm
Everyone in an entity has some responsibility forenterprise risk management. The chief executiveofficer is ultimately responsible and should
assume ownership.
A risk officer, financial officer, internal auditor, andothers usually have key support responsibilities.
Other entity personnel are responsible for executingenterprise risk management in accordance withestablished directives and protocol.
8/3/2019 COSO Presentation Final
42/52
ERM Report
The report is in two volumes. The first volumecontains the Frameworkas well as theExecutive Summary.
The Framework defines enterprise risk managementand describes principles and concepts, providingdirection for all levels of management in businesses
and other organizations to use in evaluating andenhancing the effectiveness of enterprise risk
management.
8/3/2019 COSO Presentation Final
43/52
The Executive Summary is a high-leveloverview directed to chief executives, other
senior executives, board members, and
regulators.
8/3/2019 COSO Presentation Final
44/52
Use of the ERM report
Suggested actions that might be taken as a result
of this report depend on position and role of the
parties involved:
Board of DirectorsThe board shoulddiscuss with senior management the state of the
entitys enterprise risk management and provideoversight as needed.
8/3/2019 COSO Presentation Final
45/52
The board should consider seeking input from
internal auditors, external auditors, and others.
Senior ManagementThis study suggeststhat the chief executive assess the organizations
enterprise risk management capabilities.
In one approach, the chief executivebrings
together business unit heads and key functionalstaff to discuss an initial assessment of enterprise
risk management capabilities and effectiveness.
8/3/2019 COSO Presentation Final
46/52
Other Entity Personnel Managers and
other personnel should consider how they areconducting their responsibilities in light of this
framework and discuss with more senior
personnel ideas for strengthening enterprise risk
management.
Internal auditorsshould consider the
breadth of their focus on enterprise riskmanagement.
8/3/2019 COSO Presentation Final
47/52
Regulators This framework can promote ashared view of enterprise risk management,
including what it can do and its limitations.
Regulators may refer to this framework inestablishing expectations, whether by rule or
guidance or in conducting examinations, for
entities they oversee.
8/3/2019 COSO Presentation Final
48/52
Professional Organizations Rule-making and other professional organizations
providing guidance on financial management,auditing, and related topics should consider their
standards and guidance in light of this
framework.
8/3/2019 COSO Presentation Final
49/52
With this foundation for mutual understanding,
all parties will be able to speak a commonlanguage and communicate more effectively.
Business executives will be positioned to assess
their companys enterprise risk management
process against a standard, and strengthen the
process and move their enterprise toward
established goals.
8/3/2019 COSO Presentation Final
50/52
Future research can be leveraged off an
established base. Legislators and regulators willbe able to gain an increased understanding of
enterprise risk management, including its
benefits and limitations.
With all parties utilizing a common enterprise risk
management framework, these benefits will be
realized.
8/3/2019 COSO Presentation Final
51/52
References
www.coso.org
www.wikipedia.com www.authorstream.com
8/3/2019 COSO Presentation Final
52/52
Thank You!!