SlideShare a Scribd company logo

Top 5 Pitfalls to Avoid Implemeting COSO 2013

Download as PPTX, PDF
Aviva Spectrum™
Aviva Spectrum™

Learn about the 5 pitfalls you should avoid when implementing COSO's 2013 framework. This presentation will provide you with background on what could go wrong for SOX testing and other pitfalls to be aware of.

Self ImprovementBusinessTechnology
1 of 19
2012 Regulatory update Compliance Made Simple ©
Compliance Made Simple © 2 Agenda COSO 2012 Massive Project Major Concerns - AC Top 5 Pitfalls How to WIN!
Compliance Made Simple © 3 COSO 2012 Project Participants COSO Board of Directors COSO Advisory Council • AICPA • AAA • IIA • FEI • IMA • Regulatory Observers • Public Accounting Firms • Others (IFAC, GAVI Alliance, ISACA) PwC Author and Project Leader Stakeholder Input Survey of over 700 stakeholders and users of the 1992 Internal Control – Integrated Framework
Compliance Made Simple © 4 What’s Staying & What’s Leaving? What is not changing... What is changing... 1. Definition of internal control 2. Five components of internal control 3. The fundamental criteria used to assess effectiveness of systems of internal control 4. Use of judgment in evaluating the effectiveness of systems of internal control 1. Codification of principles with universal application for use in developing and evaluating the effectiveness of systems of internal control 2. Expanded financial reporting objective to address internal and external, financial and non-financial reporting objectives 3. Increased focus on operations, compliance and non-financial reporting objectives based on user input
A changing business environment... Drives updates to the Framework... Expectations for governance oversight Globalization of markets and operations Changes in business models Demands and complexity of rules, regulations and standards Expectations for competencies and accountabilities Use and reliance on evolving technology Expectations for preventing and detecting fraud Updated COSO Cube COSO-2012: Summary of Updates Not limited to FINANCIAL Compliance Made Simple © (see appendix for AICPA Toolkit changes) 5
Confidence Benefits of the Updated Framework Management and Board of Directors Other Users External Parties Performance • Improve governance • Expand use beyond financial reporting • Improve quality of risk assessment • Strengthen anti-fraud efforts • Adapt controls to changing business needs • Greater applicability for various business models Compliance Made Simple © 6
Compliance Made Simple © 7 Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities COSO 2012: CODIFICATION OF 17 PRINCIPLES 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies relevant objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies C O M P L I A N C E M A D E S I M P L E © 7
Compliance Made Simple © 8 COSO 2006 Vs. 2012 (proposed)
Compliance Made Simple © 9 COSO 2006 Vs. 2012 (proposed)
New Fraud Considerations Changes to “Oversight functions” In-Depth questions regarding forecasting impact of changes to ICFR and Operations Compliance Made Simple © 10 Major Impact to A/C
Compliance Made Simple © 11 Part I: Audit Committee Administration Audit Committee Roles and Responsibilities Audit Committee Charter Matrix Audit Committee Financial Expert Decision Tree Sample Request for Proposal Letter for CPA Services (Public Company) AICPA Peer Reviews and PCAOB Inspections of CPA Firms: An Overview Guidelines for Hiring the Chief Audit Executive (CAE) Engaging Independent Counsel and Other Advisers Part II: Key Responsibilities Part III: Performance Evaluation Part IV: Other Tools
Template Type of Change that may be Expected #1 AC Member role & responsibilities. Minor updates related to AC members role to assist the BOD in its role of oversight for internal control and other whistleblower findings and their investigation and related action implementation including the consideration of the impact of a board members continued social relationship with company executives. #2 AC Charter Minor updates related to investigative authority and its implementation by the AC. #7 Engaging Council Minor updates as they relate to consideration of long standing social relations and their impact on independence in the light of the current SEC filings based on the Dodd-Frank Act. #8 Internal Control Major updates to align the principles and attributes under each of the 5 areas of COSO based on the new Integrated Framework. #9 – Fraud Responsibilities Minor (core issues have already been addressed) #10 Whistleblower Moderate –(needs to include in the template/log how to track when SEC investigations have come to attention of Audit Committee) #12 Executive Session Minor updates to the suggested questions to include queries related to assessment and impact of significant changes on the internal controls. #14 Responding to ID of Material Weakness Moderate – (needs to update language for needs of Dodd-Frank related issues) #15 – Evaluating the Internal Audit Team Moderate (currently no mention of Whistleblower complaint analysis or material weakness follow-up, this could be issues for AC given the new Dodd-Frank act) #17 Self Evaluation Minor update related to AC responsibilities per the Dodd Frank Act. Compliance Made Simple © 12 Appendix A Dodd-Frank Act: PoteAICPA Tool Kit Impacton AC Toolkit by AICPA
Top 5 Implementation Pitfalls Compliance Made Simple © 13 1. Pitfall – Deliverables Not Defined 40% of projects fail completely (failure defined as not delivered expectations or unusable1) 1 Standish Group's 1996 IT survey
Top 5 Implementation Pitfalls Compliance Made Simple © 14 2. Pitfall – No Link Over 90% of strategies never meet fulfillment of original intent2. Primary driver – planning never linked to key deliverables and overall quantifiable impact. (i.e. # of key controls drops by 10%, External auditor use of IA work increase by 15%, ELC controls reduce 25% of detailed transaction testing) Key Success formula Motivation=Project SUCCESS!2a 2 JP Kotter, “Leading Change: Why Transformation Efforts Fail,” Harvard Business Rev., Mar.-Apr. 1995, pp. 59-67 2 a Data on 290 completed projects from software engineering practitioners based in Australia, Chile, and USA. By June Verner
Top 5 Implementation Pitfalls Compliance Made Simple © 15 3. Pitfall – Culture Multi-Location Organizations have over 80% of projects fail because of cultural issues3. (Rolls Royce Case Study) Primary drivers 1. People don’t do as they say 2. Ineffective leaders 3. Competing Priorities 4. Insufficient resources 3 Enterprise information systems projectimplementation:: A case study of ERP in Rolls-Royce Yahaya Yusufa, , , A Gunasekaranb, Mark S Abthorpec
Top 5 Implementation Pitfalls Compliance Made Simple © 16 4. Pitfall – Insufficient Resources People are the most unstable set of resources (i.e. change position, turnover, CPE, life changes) and major projects typically under estimate over 86% the need of “human resources) on all project4. Primary drivers 1. Budget – Ineffective (incorrect assumptions) 2. Infrequent Timeline reviews 3. Timeliness of budget vs. actual corrections 4 Project management effectiveness: The Choice - formal or informal controls, University of Canberra, Susilo, A. Heales, J. Rohde, F.
Top 5 Implementation Pitfalls Compliance Made Simple © 17 5. Pitfall – “Team B” Syndrome 87% of C-Level Execs know the team leader function but NOTHING ELSE.5 Staff augmentations without clear sense of future Subcontactors never fully integrated within the project much less the organization 5 “Modern Approach” by Petty, 2009; Juli, 2010
Compliance Made Simple © 18 1. Discuss cultural issues upfront (what will work and what won’t…& “why”) 2. Create low & high estimates with checks & balances on estimates 3. Accountability structures for project leader and team members 4. Never use Team B for a Top priority project 5. Clearly define deliverables 6. Link Deliverables to people’s performance and overall corporate goals (quantify major categories) 7. Updates on timelines and ETC (estimate to complete by person, by task) 8. Get “perceived percentages” from team members and “weed out” weak players 9. Frequent project updates (more in the beginning and fewer towards end) 10. Present deliverables in a GRAND way! How to win the COSO Implementation Project?
Compliance Made Simple © 19 Sonia Luna, President, CEO Sonia.Luna@AvivaSpectrum.com 700 S. Flower Street #1100 Los Angeles, CA 90017 P: (213) 250-5700 x206 Contact Information

Recommended

Control findingsreporting
Control findingsreportingControl findingsreporting
Control findingsreporting
Aviva Spectrum™
 
Leveraging COSO-A Score-Carding Approach
Leveraging COSO-A Score-Carding Approach Leveraging COSO-A Score-Carding Approach
Leveraging COSO-A Score-Carding Approach
Aviva Spectrum™
 
Mobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedMobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons Learned
Nimonik
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Nimonik
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls Framework
BlackLine
 
IPE Webinar with Sonia Luna-Aviva Spectrum-10/16/14
IPE Webinar with Sonia Luna-Aviva Spectrum-10/16/14IPE Webinar with Sonia Luna-Aviva Spectrum-10/16/14
IPE Webinar with Sonia Luna-Aviva Spectrum-10/16/14
Aviva Spectrum™
 
Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation
Amit Bhargava
 
Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal Audit
Smitesh Bhosale
 

Recommended

Control findingsreporting
Control findingsreportingControl findingsreporting
Control findingsreporting
Aviva Spectrum™
 
Leveraging COSO-A Score-Carding Approach
Leveraging COSO-A Score-Carding Approach Leveraging COSO-A Score-Carding Approach
Leveraging COSO-A Score-Carding Approach
Aviva Spectrum™
 
Mobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedMobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons Learned
Nimonik
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Nimonik
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls Framework
BlackLine
 
IPE Webinar with Sonia Luna-Aviva Spectrum-10/16/14
IPE Webinar with Sonia Luna-Aviva Spectrum-10/16/14IPE Webinar with Sonia Luna-Aviva Spectrum-10/16/14
IPE Webinar with Sonia Luna-Aviva Spectrum-10/16/14
Aviva Spectrum™
 
Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation Top 10 lessons learned from COSO 2013 Implementation
Top 10 lessons learned from COSO 2013 Implementation
Amit Bhargava
 
Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal Audit
Smitesh Bhosale
 
Internal audit
Internal auditInternal audit
Internal audit
Shoab Malek (Certified Quality Auditor)
 
Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditing
Frederick Altum Pokoo-Aikins
 
Risk Based Quality Audit Part 1
Risk Based Quality Audit Part 1Risk Based Quality Audit Part 1
Risk Based Quality Audit Part 1
Thomas Bradley
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
minkhollow
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
David Griffiths
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditing
Khalid Aziz
 
COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to know
jennyhollingworth
 
Internal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkInternal_Audit_Competency_Framework
Internal_Audit_Competency_Framework
Muhamad Sugian Nor
 
COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It Right
BlackLine
 
internal audit function ans controller's role in investors relation
internal audit function ans controller's role in investors relation internal audit function ans controller's role in investors relation
internal audit function ans controller's role in investors relation
ArgentinaMorata
 
Internal audit strategy for non-profits
Internal audit strategy for non-profitsInternal audit strategy for non-profits
Internal audit strategy for non-profits
Debashis Gupta
 
Approach note on internal audit [compatibility mode]
Approach note on internal audit [compatibility mode]Approach note on internal audit [compatibility mode]
Approach note on internal audit [compatibility mode]
Deep Kumar Mendiratta
 
Control Self Assessment
Control Self AssessmentControl Self Assessment
Control Self Assessment
Manoj Agarwal
 
Effective internal audit planning
Effective internal audit planningEffective internal audit planning
Effective internal audit planning
Shailesh Tiwari
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal audit
AmitaMistry2
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guide
CenapSerdarolu
 
Improving effectiveness of internal auditing
Improving effectiveness of internal auditingImproving effectiveness of internal auditing
Improving effectiveness of internal auditing
PECB
 
Operational Auditing
Operational AuditingOperational Auditing
Operational Auditing
ahmad bassiouny
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guide
CenapSerdarolu
 
Internal Audit effectiveness
Internal Audit effectivenessInternal Audit effectiveness
Internal Audit effectiveness
Karan Puri
 
BlackLine-The-Blueprint-for-Continuous-Accounting
BlackLine-The-Blueprint-for-Continuous-AccountingBlackLine-The-Blueprint-for-Continuous-Accounting
BlackLine-The-Blueprint-for-Continuous-Accounting
Ted Sparrey
 
BlackLine Platform Overview Slides
BlackLine Platform Overview SlidesBlackLine Platform Overview Slides
BlackLine Platform Overview Slides
Osten Taylor
 

More Related Content

What's hot

Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditing
Frederick Altum Pokoo-Aikins
 
Risk Based Quality Audit Part 1
Risk Based Quality Audit Part 1Risk Based Quality Audit Part 1
Risk Based Quality Audit Part 1
Thomas Bradley
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
minkhollow
 
Internal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkInternal_Audit_Competency_Framework
Internal_Audit_Competency_Framework
Muhamad Sugian Nor
 
Internal audit strategy for non-profits
Internal audit strategy for non-profitsInternal audit strategy for non-profits
Internal audit strategy for non-profits
Debashis Gupta
 
Approach note on internal audit [compatibility mode]
Approach note on internal audit [compatibility mode]Approach note on internal audit [compatibility mode]
Approach note on internal audit [compatibility mode]
Deep Kumar Mendiratta
 
Effective internal audit planning
Effective internal audit planningEffective internal audit planning
Effective internal audit planning
Shailesh Tiwari
 

What's hot (20)

Internal audit
Internal auditInternal audit
Internal audit
 
Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditing
 
Risk Based Quality Audit Part 1
Risk Based Quality Audit Part 1Risk Based Quality Audit Part 1
Risk Based Quality Audit Part 1
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditing
 
COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to know
 
Internal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkInternal_Audit_Competency_Framework
Internal_Audit_Competency_Framework
 
COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It Right
 
internal audit function ans controller's role in investors relation
internal audit function ans controller's role in investors relation internal audit function ans controller's role in investors relation
internal audit function ans controller's role in investors relation
 
Internal audit strategy for non-profits
Internal audit strategy for non-profitsInternal audit strategy for non-profits
Internal audit strategy for non-profits
 
Approach note on internal audit [compatibility mode]
Approach note on internal audit [compatibility mode]Approach note on internal audit [compatibility mode]
Approach note on internal audit [compatibility mode]
 
Control Self Assessment
Control Self AssessmentControl Self Assessment
Control Self Assessment
 
Effective internal audit planning
Effective internal audit planningEffective internal audit planning
Effective internal audit planning
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal audit
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guide
 
Improving effectiveness of internal auditing
Improving effectiveness of internal auditingImproving effectiveness of internal auditing
Improving effectiveness of internal auditing
 
Operational Auditing
Operational AuditingOperational Auditing
Operational Auditing
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guide
 
Internal Audit effectiveness
Internal Audit effectivenessInternal Audit effectiveness
Internal Audit effectiveness
 

Viewers also liked

BlackLine-The-Blueprint-for-Continuous-Accounting
BlackLine-The-Blueprint-for-Continuous-AccountingBlackLine-The-Blueprint-for-Continuous-Accounting
BlackLine-The-Blueprint-for-Continuous-Accounting
Ted Sparrey
 
BlackLine Platform Overview Slides
BlackLine Platform Overview SlidesBlackLine Platform Overview Slides
BlackLine Platform Overview Slides
Osten Taylor
 
Updated coso internal control framework fa qs second edition-protiviti-2013_good
Updated coso internal control framework fa qs second edition-protiviti-2013_goodUpdated coso internal control framework fa qs second edition-protiviti-2013_good
Updated coso internal control framework fa qs second edition-protiviti-2013_good
SARVJEET KAUSHAL
 
Automating Account Reconciliations to Mitigate Compliance Risk
Automating Account Reconciliations to Mitigate Compliance RiskAutomating Account Reconciliations to Mitigate Compliance Risk
Automating Account Reconciliations to Mitigate Compliance Risk
Proformative, Inc.
 
Marc S Berlin Health Care Resume
Marc S Berlin Health Care ResumeMarc S Berlin Health Care Resume
Marc S Berlin Health Care Resume
Marc Berlin
 
Darlene Krenitz resume_12.19.16
Darlene Krenitz resume_12.19.16Darlene Krenitz resume_12.19.16
Darlene Krenitz resume_12.19.16
Darlene Krenitz
 

Viewers also liked (14)

BlackLine-The-Blueprint-for-Continuous-Accounting
BlackLine-The-Blueprint-for-Continuous-AccountingBlackLine-The-Blueprint-for-Continuous-Accounting
BlackLine-The-Blueprint-for-Continuous-Accounting
 
BlackLine Platform Overview Slides
BlackLine Platform Overview SlidesBlackLine Platform Overview Slides
BlackLine Platform Overview Slides
 
Automating Key Accountancy Processes
Automating Key Accountancy ProcessesAutomating Key Accountancy Processes
Automating Key Accountancy Processes
 
Int2 dd chp 3
Int2 dd chp 3Int2 dd chp 3
Int2 dd chp 3
 
Updated coso internal control framework fa qs second edition-protiviti-2013_good
Updated coso internal control framework fa qs second edition-protiviti-2013_goodUpdated coso internal control framework fa qs second edition-protiviti-2013_good
Updated coso internal control framework fa qs second edition-protiviti-2013_good
 
Automating Account Reconciliations to Mitigate Compliance Risk
Automating Account Reconciliations to Mitigate Compliance RiskAutomating Account Reconciliations to Mitigate Compliance Risk
Automating Account Reconciliations to Mitigate Compliance Risk
 
BlackLine System Admin Best Practices
BlackLine System Admin Best Practices BlackLine System Admin Best Practices
BlackLine System Admin Best Practices
 
Are Your Account Reconciliations in Good Shape?
Are Your Account Reconciliations in Good Shape?Are Your Account Reconciliations in Good Shape?
Are Your Account Reconciliations in Good Shape?
 
Risk Assessments-How risk assessments aid in the prevention of catastrophic i...
Risk Assessments-How risk assessments aid in the prevention of catastrophic i...Risk Assessments-How risk assessments aid in the prevention of catastrophic i...
Risk Assessments-How risk assessments aid in the prevention of catastrophic i...
 
2010; Risk Management Workshop Rev.1.1
2010; Risk Management Workshop Rev.1.12010; Risk Management Workshop Rev.1.1
2010; Risk Management Workshop Rev.1.1
 
Coso Monitoring Training Final
Coso Monitoring Training FinalCoso Monitoring Training Final
Coso Monitoring Training Final
 
Marc S Berlin Health Care Resume
Marc S Berlin Health Care ResumeMarc S Berlin Health Care Resume
Marc S Berlin Health Care Resume
 
Darlene Krenitz resume_12.19.16
Darlene Krenitz resume_12.19.16Darlene Krenitz resume_12.19.16
Darlene Krenitz resume_12.19.16
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
 

Similar to Top 5 Pitfalls to Avoid Implemeting COSO 2013

Increasing Project Success through Project Management Maturity Based on ISO 2...
Increasing Project Success through Project Management Maturity Based on ISO 2...Increasing Project Success through Project Management Maturity Based on ISO 2...
Increasing Project Success through Project Management Maturity Based on ISO 2...
PECB
 
04.integration management updated
04.integration management updated04.integration management updated
04.integration management updated
Shraddha PMP
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Framework
hyesue
 
Change Management Training
Change Management TrainingChange Management Training
Change Management Training
Julia Smith
 

Similar to Top 5 Pitfalls to Avoid Implemeting COSO 2013 (20)

ATCO-BaasKaar Roadmap to SAP Quality Award 2014
ATCO-BaasKaar Roadmap to SAP Quality Award 2014ATCO-BaasKaar Roadmap to SAP Quality Award 2014
ATCO-BaasKaar Roadmap to SAP Quality Award 2014
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
 
Jason uyderv pmi 2 16 12
Jason uyderv pmi 2 16 12Jason uyderv pmi 2 16 12
Jason uyderv pmi 2 16 12
 
COSO Deck
COSO DeckCOSO Deck
COSO Deck
 
Increasing Project Success through Project Management Maturity Based on ISO 2...
Increasing Project Success through Project Management Maturity Based on ISO 2...Increasing Project Success through Project Management Maturity Based on ISO 2...
Increasing Project Success through Project Management Maturity Based on ISO 2...
 
IRJET- An Overview on Project Management
IRJET- An Overview on Project ManagementIRJET- An Overview on Project Management
IRJET- An Overview on Project Management
 
Ba process plan- IGATE Global Solutions LTD
Ba process plan- IGATE Global Solutions LTDBa process plan- IGATE Global Solutions LTD
Ba process plan- IGATE Global Solutions LTD
 
Pm chapter 6
Pm chapter 6Pm chapter 6
Pm chapter 6
 
Pm chapter 6
Pm chapter 6Pm chapter 6
Pm chapter 6
 
04.integration management updated
04.integration management updated04.integration management updated
04.integration management updated
 
Standard operating procedures
Standard operating proceduresStandard operating procedures
Standard operating procedures
 
Core Skills for Change Agents
Core Skills for Change AgentsCore Skills for Change Agents
Core Skills for Change Agents
 
4 integration
4 integration4 integration
4 integration
 
JF Burguet - ERP Experiences
JF Burguet - ERP ExperiencesJF Burguet - ERP Experiences
JF Burguet - ERP Experiences
 
Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"
 
Oscpa webinar sox change readiness
Oscpa webinar sox change readinessOscpa webinar sox change readiness
Oscpa webinar sox change readiness
 
Breaking the Project Failure Cycle
Breaking the Project Failure CycleBreaking the Project Failure Cycle
Breaking the Project Failure Cycle
 
Pm chapter 6...
Pm chapter 6...Pm chapter 6...
Pm chapter 6...
 
Coso Internal Control Integrated Framework
Coso Internal Control Integrated FrameworkCoso Internal Control Integrated Framework
Coso Internal Control Integrated Framework
 
Change Management Training
Change Management TrainingChange Management Training
Change Management Training
 

More from Aviva Spectrum™

Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
Aviva Spectrum™
 

More from Aviva Spectrum™ (10)

2019 Farm Bill Hemp & CBD
2019 Farm Bill Hemp & CBD2019 Farm Bill Hemp & CBD
2019 Farm Bill Hemp & CBD
 
BlackLine System Admin Best Practices
BlackLine System Admin Best PracticesBlackLine System Admin Best Practices
BlackLine System Admin Best Practices
 
Personal Branding On LinkedIn to Optimize Your Job Search
Personal Branding On LinkedIn to Optimize Your Job SearchPersonal Branding On LinkedIn to Optimize Your Job Search
Personal Branding On LinkedIn to Optimize Your Job Search
 
Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach
 
Revenue Recognition Webinar-May 19th, 2015
Revenue Recognition Webinar-May 19th, 2015Revenue Recognition Webinar-May 19th, 2015
Revenue Recognition Webinar-May 19th, 2015
 
Continuous Monitoring Webinar Aviva Spectrum
Continuous Monitoring Webinar Aviva SpectrumContinuous Monitoring Webinar Aviva Spectrum
Continuous Monitoring Webinar Aviva Spectrum
 
PCAOB Audit Alert #11: New Internal Control Testing Standards & Excel
PCAOB Audit Alert #11: New Internal Control Testing Standards & ExcelPCAOB Audit Alert #11: New Internal Control Testing Standards & Excel
PCAOB Audit Alert #11: New Internal Control Testing Standards & Excel
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - Templates
 

Recently uploaded

February 2024 Recommendations for newsletter
February 2024 Recommendations for newsletterFebruary 2024 Recommendations for newsletter
February 2024 Recommendations for newsletter
ssuserdfec6a
 
the Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentationthe Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentation
brynpueblos04
 
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
Cara Menggugurkan Kandungan 087776558899
 
Girls in Mahipalpur (delhi) call me [🔝9953056974🔝] escort service 24X7
Girls in Mahipalpur (delhi) call me [🔝9953056974🔝] escort service 24X7Girls in Mahipalpur (delhi) call me [🔝9953056974🔝] escort service 24X7
Girls in Mahipalpur (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls In Mumbai Just Genuine Call ☎ 7738596112✅ Call Girl Andheri East G...
Call Girls In Mumbai Just Genuine Call ☎ 7738596112✅ Call Girl Andheri East G...Call Girls In Mumbai Just Genuine Call ☎ 7738596112✅ Call Girl Andheri East G...
Call Girls In Mumbai Just Genuine Call ☎ 7738596112✅ Call Girl Andheri East G...
mitaliverma221
 

Recently uploaded (15)

March 2023 Recommendations for newsletter
March 2023 Recommendations for newsletterMarch 2023 Recommendations for newsletter
March 2023 Recommendations for newsletter
 
2023 - Between Philosophy and Practice: Introducing Yoga
2023 - Between Philosophy and Practice: Introducing Yoga2023 - Between Philosophy and Practice: Introducing Yoga
2023 - Between Philosophy and Practice: Introducing Yoga
 
February 2024 Recommendations for newsletter
February 2024 Recommendations for newsletterFebruary 2024 Recommendations for newsletter
February 2024 Recommendations for newsletter
 
the Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentationthe Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentation
 
Goregaon West Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Goregaon West Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlsGoregaon West Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Goregaon West Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
 
Dadar West Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Dadar West Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlsDadar West Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Dadar West Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
 
Exploring Stoic Philosophy From Ancient Wisdom to Modern Relevance.pdf
Exploring Stoic Philosophy From Ancient Wisdom to Modern Relevance.pdfExploring Stoic Philosophy From Ancient Wisdom to Modern Relevance.pdf
Exploring Stoic Philosophy From Ancient Wisdom to Modern Relevance.pdf
 
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
 
Colaba Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Colaba Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlsColaba Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Colaba Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
 
Emotional Freedom Technique Tapping Points Diagram.pdf
Emotional Freedom Technique Tapping Points Diagram.pdfEmotional Freedom Technique Tapping Points Diagram.pdf
Emotional Freedom Technique Tapping Points Diagram.pdf
 
Social Learning Theory presentation.pptx
Social Learning Theory presentation.pptxSocial Learning Theory presentation.pptx
Social Learning Theory presentation.pptx
 
Girls in Mahipalpur (delhi) call me [🔝9953056974🔝] escort service 24X7
Girls in Mahipalpur (delhi) call me [🔝9953056974🔝] escort service 24X7Girls in Mahipalpur (delhi) call me [🔝9953056974🔝] escort service 24X7
Girls in Mahipalpur (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Call Girls In Mumbai Just Genuine Call ☎ 7738596112✅ Call Girl Andheri East G...
Call Girls In Mumbai Just Genuine Call ☎ 7738596112✅ Call Girl Andheri East G...Call Girls In Mumbai Just Genuine Call ☎ 7738596112✅ Call Girl Andheri East G...
Call Girls In Mumbai Just Genuine Call ☎ 7738596112✅ Call Girl Andheri East G...
 
SIKP311 Sikolohiyang Pilipino - Ginhawa.pptx
SIKP311 Sikolohiyang Pilipino - Ginhawa.pptxSIKP311 Sikolohiyang Pilipino - Ginhawa.pptx
SIKP311 Sikolohiyang Pilipino - Ginhawa.pptx
 
Pokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy TheoryPokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy Theory
 

Top 5 Pitfalls to Avoid Implemeting COSO 2013

  • 2. Compliance Made Simple © 2 Agenda COSO 2012 Massive Project Major Concerns - AC Top 5 Pitfalls How to WIN!
  • 3. Compliance Made Simple © 3 COSO 2012 Project Participants COSO Board of Directors COSO Advisory Council • AICPA • AAA • IIA • FEI • IMA • Regulatory Observers • Public Accounting Firms • Others (IFAC, GAVI Alliance, ISACA) PwC Author and Project Leader Stakeholder Input Survey of over 700 stakeholders and users of the 1992 Internal Control – Integrated Framework
  • 4. Compliance Made Simple © 4 What’s Staying & What’s Leaving? What is not changing... What is changing... 1. Definition of internal control 2. Five components of internal control 3. The fundamental criteria used to assess effectiveness of systems of internal control 4. Use of judgment in evaluating the effectiveness of systems of internal control 1. Codification of principles with universal application for use in developing and evaluating the effectiveness of systems of internal control 2. Expanded financial reporting objective to address internal and external, financial and non-financial reporting objectives 3. Increased focus on operations, compliance and non-financial reporting objectives based on user input
  • 5. A changing business environment... Drives updates to the Framework... Expectations for governance oversight Globalization of markets and operations Changes in business models Demands and complexity of rules, regulations and standards Expectations for competencies and accountabilities Use and reliance on evolving technology Expectations for preventing and detecting fraud Updated COSO Cube COSO-2012: Summary of Updates Not limited to FINANCIAL Compliance Made Simple © (see appendix for AICPA Toolkit changes) 5
  • 6. Confidence Benefits of the Updated Framework Management and Board of Directors Other Users External Parties Performance • Improve governance • Expand use beyond financial reporting • Improve quality of risk assessment • Strengthen anti-fraud efforts • Adapt controls to changing business needs • Greater applicability for various business models Compliance Made Simple © 6
  • 7. Compliance Made Simple © 7 Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities COSO 2012: CODIFICATION OF 17 PRINCIPLES 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies relevant objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies C O M P L I A N C E M A D E S I M P L E © 7
  • 8. Compliance Made Simple © 8 COSO 2006 Vs. 2012 (proposed)
  • 9. Compliance Made Simple © 9 COSO 2006 Vs. 2012 (proposed)
  • 10. New Fraud Considerations Changes to “Oversight functions” In-Depth questions regarding forecasting impact of changes to ICFR and Operations Compliance Made Simple © 10 Major Impact to A/C
  • 11. Compliance Made Simple © 11 Part I: Audit Committee Administration Audit Committee Roles and Responsibilities Audit Committee Charter Matrix Audit Committee Financial Expert Decision Tree Sample Request for Proposal Letter for CPA Services (Public Company) AICPA Peer Reviews and PCAOB Inspections of CPA Firms: An Overview Guidelines for Hiring the Chief Audit Executive (CAE) Engaging Independent Counsel and Other Advisers Part II: Key Responsibilities Part III: Performance Evaluation Part IV: Other Tools
  • 12. Template Type of Change that may be Expected #1 AC Member role & responsibilities. Minor updates related to AC members role to assist the BOD in its role of oversight for internal control and other whistleblower findings and their investigation and related action implementation including the consideration of the impact of a board members continued social relationship with company executives. #2 AC Charter Minor updates related to investigative authority and its implementation by the AC. #7 Engaging Council Minor updates as they relate to consideration of long standing social relations and their impact on independence in the light of the current SEC filings based on the Dodd-Frank Act. #8 Internal Control Major updates to align the principles and attributes under each of the 5 areas of COSO based on the new Integrated Framework. #9 – Fraud Responsibilities Minor (core issues have already been addressed) #10 Whistleblower Moderate –(needs to include in the template/log how to track when SEC investigations have come to attention of Audit Committee) #12 Executive Session Minor updates to the suggested questions to include queries related to assessment and impact of significant changes on the internal controls. #14 Responding to ID of Material Weakness Moderate – (needs to update language for needs of Dodd-Frank related issues) #15 – Evaluating the Internal Audit Team Moderate (currently no mention of Whistleblower complaint analysis or material weakness follow-up, this could be issues for AC given the new Dodd-Frank act) #17 Self Evaluation Minor update related to AC responsibilities per the Dodd Frank Act. Compliance Made Simple © 12 Appendix A Dodd-Frank Act: PoteAICPA Tool Kit Impacton AC Toolkit by AICPA
  • 13. Top 5 Implementation Pitfalls Compliance Made Simple © 13 1. Pitfall – Deliverables Not Defined 40% of projects fail completely (failure defined as not delivered expectations or unusable1) 1 Standish Group's 1996 IT survey
  • 14. Top 5 Implementation Pitfalls Compliance Made Simple © 14 2. Pitfall – No Link Over 90% of strategies never meet fulfillment of original intent2. Primary driver – planning never linked to key deliverables and overall quantifiable impact. (i.e. # of key controls drops by 10%, External auditor use of IA work increase by 15%, ELC controls reduce 25% of detailed transaction testing) Key Success formula Motivation=Project SUCCESS!2a 2 JP Kotter, “Leading Change: Why Transformation Efforts Fail,” Harvard Business Rev., Mar.-Apr. 1995, pp. 59-67 2 a Data on 290 completed projects from software engineering practitioners based in Australia, Chile, and USA. By June Verner
  • 15. Top 5 Implementation Pitfalls Compliance Made Simple © 15 3. Pitfall – Culture Multi-Location Organizations have over 80% of projects fail because of cultural issues3. (Rolls Royce Case Study) Primary drivers 1. People don’t do as they say 2. Ineffective leaders 3. Competing Priorities 4. Insufficient resources 3 Enterprise information systems projectimplementation:: A case study of ERP in Rolls-Royce Yahaya Yusufa, , , A Gunasekaranb, Mark S Abthorpec
  • 16. Top 5 Implementation Pitfalls Compliance Made Simple © 16 4. Pitfall – Insufficient Resources People are the most unstable set of resources (i.e. change position, turnover, CPE, life changes) and major projects typically under estimate over 86% the need of “human resources) on all project4. Primary drivers 1. Budget – Ineffective (incorrect assumptions) 2. Infrequent Timeline reviews 3. Timeliness of budget vs. actual corrections 4 Project management effectiveness: The Choice - formal or informal controls, University of Canberra, Susilo, A. Heales, J. Rohde, F.
  • 17. Top 5 Implementation Pitfalls Compliance Made Simple © 17 5. Pitfall – “Team B” Syndrome 87% of C-Level Execs know the team leader function but NOTHING ELSE.5 Staff augmentations without clear sense of future Subcontactors never fully integrated within the project much less the organization 5 “Modern Approach” by Petty, 2009; Juli, 2010
  • 18. Compliance Made Simple © 18 1. Discuss cultural issues upfront (what will work and what won’t…& “why”) 2. Create low & high estimates with checks & balances on estimates 3. Accountability structures for project leader and team members 4. Never use Team B for a Top priority project 5. Clearly define deliverables 6. Link Deliverables to people’s performance and overall corporate goals (quantify major categories) 7. Updates on timelines and ETC (estimate to complete by person, by task) 8. Get “perceived percentages” from team members and “weed out” weak players 9. Frequent project updates (more in the beginning and fewer towards end) 10. Present deliverables in a GRAND way! How to win the COSO Implementation Project?
  • 19. Compliance Made Simple © 19 Sonia Luna, President, CEO Sonia.Luna@AvivaSpectrum.com 700 S. Flower Street #1100 Los Angeles, CA 90017 P: (213) 250-5700 x206 Contact Information

Editor's Notes

  1. Ineffective Evaluation strategies (also noted in
  2. Ineffective Evaluation strategies (also noted in
  3. Ineffective Evaluation strategies (also noted in
  4. Ineffective Evaluation strategies (also noted in