Implementing the COSO 2013’s

New 17 Principles in Audit

Contents

2

Background

Pilot

Implementation

Actual Case

Moving

Forward

A. Background

2013

• Release of the updated Internal Control—Integrated Framework (COSO 2013 with new 17 principles)

2014

• OAG formed an internal COSO 2013 Working Group (WG)

2015-2016 • ADB Pilot implementation

3

http://www.coso.org/

B. Implementation Cycle

4

2015 2016

Industry Knowledgebase

ADB Internal Attestation Team

Protiviti

Ernst & Young

ISACA

OAG Pilot ICQ

Feedback

OAG Refined ICQ

Full Roll-Out

Phase 1 Pilot Phase 2 Pilot

Peer-to-Peer Learning with Multi-laterals

Interview/Online Survey

Pilot Primary Considerations

What tool do we

use? How to fit into the

existing Audit

Methodology?

1. Assessment Tool:

Why Do We Need a Questionnaire?

6 6

• The COSO Assessment Template

Principle

Points of Focus

Assessment

7

Assessment Tool:

Protiviti Internal Control Questionnaire (ICQ)

Assessment Tool:

The Pilot ICQ

8

Points to Consider

Principle Evaluation

8

2. High Level Audit Process

PLANNING

Annual Audit Plan

Audit Engagement

FIELDWORK

REPORTING

2. The Current Audit Planning Process

AUDIT PLANNING PHASE

Annual Audit Plan

Audit Engagement

Information Gathering

Understand Business

Processes

Build Risk and

Controls

Design Testing

Approach

Finalize Planning Memo

AC

TIV

ITIE

S D

OC

UM

ENT

K

EY O

UTP

UT

TESTING PHASE

Business Process

Flow/Narrative

Risk & Control Matrix

Final Planning Memo

Testing Strategy

Key Controls to Test

Controls Risk Assessment

2. The Proposed Audit Planning Process

AUDIT PLANNING PHASE

Annual Audit Plan

Audit Engagement

Information Gathering

Understand Business Processes

Build Risk & Controls

Design Testing

Approach

Finalize Planning Memo

AC

TIV

ITIE

S D

OC

UM

ENT

K

EY O

UTP

UT

TEST

ING

PH

ASE

Business Process

Flow/Narrative

Risk & Control Matrix

Final Planning Memo

Testing Strategy

Key Controls to Test

Controls Risk Assessment Gather Preliminary Information

Complete ICQ

Identify Preliminary

Risks

Self-Assessment ICQ

Principles Assessment

Deficiencies in Principles

Map to COSO

3. P2P Learning Initiative with

Multi-laterals

12

World Bank UN

OECD AfDB

ITU ADB

Early adoption stages

Discussion points include:

Client involvement Tool Audit Management System

support COSO Training Considerations

C. Pilot Case: Accomplishing the ICQ

13

Audit Engagement Pilot Case # 1

Team Effort

Level of Details

Control Environment

Entity-Level

Risk Assessment

Audit subject

specific

Monitoring

Audit subject specific

Information and

Communication

Audit subject specific

Control Activity

Audit subject

specific

Past audits

Consultation with OAG Colleagues

Strategy papers, programs , operations results shared by clients

Client Inquiry

14

Audit Project 1

Control Activity: Principle 10

Audit Project 2

Accomplishing the ICQ

15

Accomplishing the ICQ

15

Accomplishing the ICQ

16

ICQ Link to Planning Memo

17

Link to Risk & Control Matrix

18

Linkages Summary

19

D. Feedback Summary

Systematic method

Added confidence

Drives discipline

Level of perspective

Impact on Timeline

Benefits Challenges

E. Pilot Take-Aways

• Assessment Tool is key

• Refine/Tailor the Questionnaire

21

Ready for Phase 2 Pilot!

Resources Link

22

References Used

COSO www.coso.org

Internal Control—Integrated Framework Executive Summary Framework and Appendices COSO Illustrative Tools for Assessing Effectiveness

IIA www.theiia.org International standards for the professional practice of internal auditing

Protiviti www.knowledgeleader.com Internal Control Questionnaire

Ernst & Young http://www.ey.com Internal Control Questionnaire

ISACA www.isaca.org COSO-COBIT Mapping

Knowledge

Sharing

23