Documente Academic
Documente Profesional
Documente Cultură
Framework
Denese Cahill, Partner, Moss Adams LLP
Session Objectives
Understand key aspects of COSO 2013
Identify the differences between the 1992 and
2013 frameworks and the areas most widely
impacted by these changes
Provide information and resources to help
transition to COSO 2013 in a costeffective manner
while reducing the chances of material
weaknesses
Agenda
Background
What is COSO?
Reasons for a New COSO Framework
Enhancement
Address significant
changes to the business
environment and
associated risks
Increase focus on
operations, compliance
and nonfinancial
reporting objectives
Result
COSO
2013
11
Addedpointsoffocusundereachprinciple
Representimportantcharacteristicsthatsupporteachprinciple
Provideguidancetoassistmanagementinassessingwhetherthe
componentsofinternalcontrolarepresent,functioning,and
operatingtogetherwithintheorganization
Provideamuchmoregranularapproach,includingmoredetailand
clarityonimplementation
12
Anentitycanachieveeffectiveinternalcontrol ifallprinciplesare
presentandfunctioningandthecontrolcomponentsareoperating
together
13
Components
Control Environment
Risk Assessment
Control Activities
1.
2.
3.
4.
5.
Enforces accountability
6.
7.
8.
9.
Information and
Communication
Monitoring Activities
14
15
1. Demonstrateacommitmenttointegrityandethical
values.
PointsofFocus
a. Setsthetoneatthetop
b. Establishesstandardsofconduct
c. Evaluatesadherencetostandardsofconduct
d. Addressesdeviationsinatimelymanner
Approaches
a. Leadingbyexample
b. Evaluatesmanagementandotherpersonnel
c. Evaluatesoutsideserviceproviders
d. DevelopprocesstoreportandpromptlyactondeviationsfromStandardsof
Conduct
16
Increasestheimportanceoftheriskassessment
Emphasizestheuseofmanagementjudgment
Increasesrelevanceoftechnology
Enhancesdiscussionofgovernanceconcepts
Board of Directors, Subcommittees of the Board (Audit Committees,
Compensation Committees, Governance
Committees, etc.)
Expandsreportingcategory
Includes both internal and external financial and nonfinancial
reporting objectives
Establishes term internal control over external financial reporting
(ICEFR) as found in the Compendium
17
Increasesthefocusonnonfinancialreportingobjectives
Expanded focus on operations, compliance and nonfinancial
reporting objectives
Increaseddiscussionontheimpactofotherservice
organizations(e.g.,serviceorganizations,jointventures,etc.)
Enhancesconsiderationsfortheuseofrelevantandquality
information
18
Phase II:
Conduct Assessment
Phase III:
Update Documentation
3. Identify where
principles are not
addressed by
existing key
controls or
documentation
2. Map existing
entity-level key
controls (ELCs)
to the relevant
COSO 2013
principles, using
the points of
focus for
additional detail /
description
5. Document
controls that
map to each
principle and
conduct testing
as part of SOX
4. Develop a
remediation plan
to address
design or
documentation
gaps
20
Informalevaluationandalackofdocumentation/testingoftheCOSO
componentsotherthanControlActivities
InadequateevaluationofinternalcontrolunderCOSOrequirementsof
presentandfunctioningandworkinginanintegratedmanner
21
22
23
24
Companiesmustclearlydiscloseintheirinternalcontrolreport
whichframeworkwasutilizedduringthecurrenttransitionperiod.
For example criteria established in the Internal Control Integrated
Framework 2013 issued by the Committee of Sponsoring Organizations
of the Treadway Commission (COSO).
Management and external auditor use the same framework.
Companiesmustdisclosematerialchangesininternalcontrol.
2http://
www.thecaq.org/docs/reportsandpublications/2013septembe25jointmeetinghls.pdf
25
Summary
After10yearsofSOX404,companiesknowtheirkeycontrols.
BecauseCOSO2013providesmoredetailintheformof17
principlesand87pointsoffocus,amappingofexistingcontrolsto
theprinciplesneedstobeperformedandgapsneedtobe
remediated.
TheMossAdamsapproachistomapexistingcontrolstothenew
principlesbasedframework,identifygaps,remediateandthentest
similartoentitylevelcontrolsinprioryears.
Thereisworktobecompleted,butitdoesnotrequireafreshstart
toSOXbyeithermanagementortheexternalauditors.
WithCOSO1992retiringsoonandtheSECexpectingcalendarfilers
touseanddisclosetheiruseofCOSO2013in2014,management
needstocompletethemappingduringQ3inordertoallowtimeto
remediatedeficienciesandcoordinatewiththeexternalauditors.
26
Setsout:
Definitionofinternalcontrol
Categoriesofobjectives
Componentsandprinciplesof
internalcontrol
Requirementsfor
effectiveness
27
28
Questions?
Denese Cahill
(209) 9556104
Denese.Cahill@mossadams.com