2. Session objectives By the end of the session you will be able to Understand how COSO links to our audit approach Understand the dimensions of the COSO cube List the 5 internal control components Describe the key considerations within each component Have an awareness of COSO2
3. What are the 4 stages of the ACM? Scoping Understanding Evaluating Validating
4. Where does COSO fit into Audit When performing the understanding, evaluating and validating stages we look at our clients’ internal controls. SCOPING VALIDATING AUDITCOMFORT CYCLE UNDERSATANDING EVALUATING INTERNALCONTROLS
5. Internal Control Framework (COSO) SCOPING VALIDATING AUDITCOMFORT CYCLE UNDERSATANDING EVALUATING INTERNALCONTROLS COSO = Framework against which we assess internal controls
6. Who or what is COSO? The Committee of Sponsoring Organizations of the Treadway Commission Voluntary, private sector organisation originally formed in 1985 Dedicated to improving the quality of financial reporting through business ethics, effective internal controls and corporate governance.
7. Five components of internal control Monitoring Information and Communication Control Activities Risk Assessment Control Environment The five components of internal control as described in the COSO framework are as follows:
8.
9. They help ensure that necessary actions are taken to address risks.
11. Range of activities including:Approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties.
22. Internal control deficiencies should be reported upstream, with serious matters reported to top management and the board.
23.
24. Includes internal and externally information about events, activities and conditions necessary for informed business decision-making and external reporting.
37. Enterprise Risk Management - COSO 2 Enterprise Risk Management (ERM) model was developed. Incorporates the notion of risk administration, defined as a process designed to identify future events that can rebound in the future of the entity. Enterprise objectives defined in 4 categories: Strategic Operational Informative Observance
38. ERM Includes Alignment of the appetite of risk and strategy. It improves the answer to the waterings. It reduces surprises and operational losses. To take possession of opportunities.
39. ERM Components Original COSO Components: Control Activities Risk Assessment Information & Communication Monitoring of Controls Environment (Control Environment) Plus: Establishment of objectives Identification of events Answer to the risk
40. Summary Upon conclusion of this session you should now: Understand how COSO fits into our audit approach Understand the dimensions of the COSO cube List the 5 internal control components Describe the key considerations within each component Have an awareness of COSO2