Upload
blackline
View
312
Download
2
Tags:
Embed Size (px)
DESCRIPTION
COSO recommends the transition to the revised framework be completed by December 15, 2014. Is your organization ready? In our previous session Clearing Up the COSO Confusion: How to Adopt the New Framework, we discussed the broad scope of the new COSO Framework and how it may apply to your current internal control system. In this upcoming session, we will provide a preview of how to use the COSO template to document and manage controls. This will enable financial leaders, like you, to break through common implementation difficulties to achieve and sustain a fully functioning and auditable internal controls framework. In this deep dive session, you will learn: - Powerful ways to utilize BlackLine’s Task Management Module to help manage your internal controls framework - Practical implementation examples facilitated through directed case studies and activities - Key steps to be taken to ensure all relevant issues have been considered and appropriate changes have been implemented in the framework - Best practices for organizations to establish and accelerate the implementation of the new framework
Citation preview
David Barton Managing Director
UHY Advisors
TIME: 12pm PDT / 3pm EDT, Tuesday, October 21st
Susan Hols Senior Solutions Consultant
BlackLine Systems Inc.
AGENDA • See a live demonstration of how BlackLine Systems’ Task Product
can be used to help companies organize and manage the work around complying with the new COSO Framework
• Quick review of the COSO Framework and what is new • Key steps to be taken to ensure all relevant issues have been
considered and appropriate changes have been implemented in the framework
• Practical implementation examples facilitated through directed case studies and activities
• Best practices for organizations to establish and accelerate the implementation of the new framework
Susan Hols Senior Solutions Consultant
BlackLine Systems Inc.
COSO Functionality in BlackLine – Screen Demo
COSO Framework: 5 Components & 17 Principles
CONTROL ENVIRONMENT
1. Demonstrates commitment to integrity and ethical values
2. Exercises oversight responsibility 3. Establishes structure, authority, and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability
RISK ASSESSMENT 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change
CONTROL ACTIVITIES 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures
INFORMATION & COMMUNICATION 13. Uses relevant information 14. Communicates internally 15. Communicates externally
MONITORING 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
Optional : COSO Points of Focus
1 2 3 4 5 6 7 8 9
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
Public Company
Internal Control Activities
Map them to COSO Framework
Department Control # Control Activity Accounts Payable CA 053 All postings to the General Ledger are run
and validated to ensure that the GL and subledger are in balance.
Systems CA 054 Segregation of Duties is maintained throughout all systems and all roles and responsibilities are reviewed by management on an annual basis
Systems CA 055 Requests for access to systems and associated responsibilities/functionality is reviewed and approved by management.
General Ledger CA 056 All balance sheet reconciliations are prepared and reviewed by management on a monthly basis. All reconciliation exceptions are addressed on a timely basis.
General Ledger CA 057 All reconciliations deemed as critical (as per Corp. Policy 146) are completed and approved by workday 6.
Step2: Evaluate and assess compliance of Internal Control Activities to COSO Framework
Step1: Map Control Activities
• Add additional control activities • Remediate any exceptions/deficiencies • Annually assess
Actio
ns: Step3:
David Barton Managing Director
UHY Advisors
COSO Functionality in BlackLine – Screen Demo
ABOUT UHY Advisors • Top 20 Global Public Accounting and Consulting Firm • 7,000 staff in 260 offices in 85 countries • Global resources and capabilities to assist you with all of your local,
national and international service requirements
• Certified BlackLine Implementation Partner • Leading implementation partner in 2012 and 2013 • Subject matter expertise across all BlackLine modules • Unique project management and finance transformation methodology
BlackLine and UHY Advisors
COSO Internal Control Integrated Framework • On May 14, 2013, COSO released an updated version of its Internal
Control – Integrated Framework – Intended to make the framework more relevant for investors and
shareholders – Focused on enhancing control structures to deal with rapid changes
in business environment
• Original COSO framework will be superseded after December 15, 2014 – It’s time to get busy – External auditors and PCAOB will likely begin enforcement
What’s New? • “Fundamental Concepts” are now “Principles”
– 17 Principles across the 5 components • In order for a system of control to be deemed “effective”:
– All 17 principles must be “present and functioning” – All 5 components must operate together in an integrated manner
• Each Principle contains multiple points of focus • Financial Reporting has been expanded to include non-financial and
internal reporting
What Does “present and functioning” mean? • Present equates to the existence of a control, i.e. is it active? • Inference toward effective design • Functioning equates to operating effectiveness, i.e. it has been tested • Task module is a great way to prove operation and possibly testing
5 Elements and 17 Principles
Control Environment Risk Assessment Control Activities Information and
Communication Monitoring Activities
1. The organization demonstrates a commitment to integrity and ethical values.
2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
3. Management establishes–with board oversight–structures, reporting lines, and appropriate authorities and responsibilities in pursuit of objectives.
4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
5. The organization holds the individuals accountable for their internal control responsibilities in the pursuit of objectives.
6. The organization specifies objectives with sufficient clarity to enable identification and assessment of risks relating to objectives.
7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.
8. The organization considers the potential for fraud in assessing risks to the achievement of objectives.
9. The organization identifies and assesses changes that could significantly impact the system of internal control.
10. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
11. The organization selects and develops general control activities over technology to support the achievement of objectives.
12. The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.
13. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.
14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
15. The organization communicates with external parties regarding matters affecting the functioning of internal control.
16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
Where to Begin?
• Most companies have some form of controls documentation (flowcharts, narratives, matrix)
• Step 1 is to map your existing controls to the 2013 COSO framework – Gap analysis – Remediation (fill the gaps)
• Export existing COSO Template tasks • Compare to existing internal controls
Possible Controls Status
• Control exists in your BlackLine Task Module and in your control matrix (existing Task user)
• Control exists in your control matrix but not in Template (add control) • Control exists in Template but not in your control matrix
(remediation)
Risk Key Control(s)
High
Controller group reviews Great Plains automated calculations. JE's are reviewed and approved by Controller. CA 061 Controller group maintains a Month-end Close Checklist. CA 063 A draft of financial statements is sent each month by Assistant Controller to CEO, President, Controller, and COO for reasonableness review. Only the Controller and Assistant Controller have access to Great Plains during the closing periods. CA 054 Controller group prepares GL balance sheet reconciliation; GL is compared to sources, subsidiary schedule/ledger, or other reports that provide detailed account activity information. CA 059 CA 060 Annually, Goodwill impairment analysis reviewed for reasonableness. Controller and Assistant Controller review the financial statements for the impact of material and/or unique exposure items. High
Control Exists in Both
High
Controller group prepares GL balance sheet reconciliation; GL is compared to sources, subsidiary schedule/ledger, or other reports that provide detailed account activity information Annually, Goodwill impairment analyses (SFAS 142) are summarized by Controller's group and reviewed for reasonableness
High
JE's are reviewed and approved by Controller. CA 061 Changes to the chart of accounts are approved by the Controller and implemented by the Assistant Controller. A draft of financial statements is sent each month by Assistant Controller to CEO, President, Controller, and COO for reasonableness review.
Add a control to BlackLine Task Module
Control in Template, not in Matrix
• Specifies suitable objectives
• Identifies and analyzes risk
• Assesses fraud risk
• Identifies and analyzes significant change
Risk Assessment
What’s Next?
• Map your current controls and documentation to the new framework • Perform a gap analysis • Develop a transition plan
– Consider centralized PMO – Ensure top-down approach – Identify roles and responsibilities – Facilitate awareness and perform training
• Remediate gaps • Communicate with stakeholders
THANK YOU!
https://www.blackline.com/ http://uhy-us.com/