COSO 2013For Austin AGAJanuary 2014

Changes are less than earthshakingMore than 71 percent of internal audit executives at public companies said they they expect adoption of the new framework to be not significant or somewhat significant; only 22 percent said they expect implementation to be moderately or extremely significant.

IIA survey quoted in Compliance Week article: SEC Drops New Hint: Update to New COSO Framework by Tammy Whitehouse 11/13

20 YEARS

19922013Increased stakeholder expectations for transparency regarding controls– Sarbanes Oxley– A-123– ?

19922013Emphasis on governance

19922013Reliance on technology

19922013Complex business models– Global– Outsourcing

19922013Awareness of fraud

9

New structure

Same 5 componentsAdd 17 principles

And 82 points of focus

11

COSO Model

Leita Hart-Fanta, CPA, CGFM, CGAP Leita@yellowbook-cpe.com

Under RISK ASSESSMENT COMPONENT

Principle 8 – The organization considers the potential for fraud in assessing risks to the achievement of objectives. • Points of Focus: – Considers various types of fraud – Assesses incentives and pressures – Assesses opportunities – Assesses attitudes and

rationalizations

Quote from the 2013 COSO Executive Summary

When a major deficiency exists with respect to the presence and functioning of a component or relevant principle, or with respect to the components operating together in an integrated manner, the organization cannot conclude that it has met the requirements for an effective system of internal control.

14

Leita’s version of COSO

Risk Assessment

Control Activities

Information and Communication

Control environment

MONITORING

Leita Hart-Fanta, CPA, CGFM, CGAP Leita@yellowbook-cpe.com

15

Which element of the COSO model?

1. Establish goals and objectives annually2. Report frequently to oversight agencies3. Send financial data to department heads each week4. Administrative staff in Engineering inspects budget

amendments created by accounting each month5. Link risks to the goals and objectives of the

department6. Establish an ethics policy7. Force users to create new passwords for the

customer application each month8. Delegate authority and responsibility in job

descriptions9. Reconcile reports to federal grantor to the general

ledger10. The same person that opens the mail does not

record the receipt and make the deposit11. Put performance measures for each department on

the internet

Leita Hart-Fanta, CPA, CGFM, CGAP Leita@yellowbook-cpe.com

16

COSO ERM Model

Leita Hart-Fanta, CPA, CGFM, CGAP Leita@yellowbook-cpe.com

Governance

Enterprise risk management

Internal controls

COSO

Integrated auditing

• Compliance• Financial• Operational• Fraud• IT