COSO's Internal Control - Integrated Framework: Insights & Examples
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is recognized the world over for providing guidance on critical aspects of governance, business ethics, internal control, enterprise risk management, fraud, and financial reporting. COSO's infamous Internal Control – Integrated Framework was first issued in 1992 and was popularized largely thanks to the Sarbanes-Oxley Act of 2002 (SOX). The Internal Control – Integrated Framework: 2013 offered many improvements over the initial 1992 Framework through more robust internal control discussion and examples. Certain concepts and guidance have been refined to reflect the evolution of the operating environment, changed expectations of regulators, and demands from other stakeholder groups.
Control owners, management teams, audit committees, and auditors need to understand the 2013 Framework. Topics include:
- The components and structure of the framework
- Essential logic of objectives, risks and controls
- A deep dive of the 5 components and all 17 principles
- Addressing the complexity of a fast-changing environment
- Utilizing the framework for an effective and cost-efficient assessment of internal controls over financial reporting (ICFR) for compliance with Section 404 of SOX
- Leveraging the framework beyond SOX for operational and compliance objectives
- IT implications
- Preventative vs. detective controls
- Addressing operating, reporting and compliance objectives
- The role of the internal auditor
- Assessing the severity of control deficiencies
- Documentation challenges and tools to succeed
- Applying the framework for outsourced service providers
- Communications with those charged with governance
- Cost-benefit analysis of internal control design
- Motivating control owners to embrace internal controls and periodic and/or real-time assessments
- Maximizing automated controls in existing ERP systems
- Types and timing of risk assessments
- Understanding what constitutes a ‘major deficiency’ and how it relates to SEC and PCOAB defined ‘material weakness’
- Scalability of internal control efforts to fit the risk profile and size of the organization
- Leveraging COSO Framework efforts across all significant objectives – operations, compliance and reporting
- Scoping of what should be included in an internal control risk assessment in the spirit of cost-benefits
- Remediating internal control deficiencies
Session Objectives:
- Understand the hot buttons of regulators, such as the SEC and PCAOB
- Leverage framework enhancements beyond a simple regulatory documentation exercise
- Learn effective practices for documenting the 17 principles
- Gain insights to help ensure that external auditors will conclude that the 17 principles are present and functioning for the external reporting objective
- Understand the framework terminology, such as ‘major deficiency’
- Discuss practical examples on how to meet the spirit of the 2013 framework
- Customize points of focus to fit your business environment
- Know what must be done for successful implementation
COSO's Control Framework is by far the most popular control framework used in the U.S., not just by public companies, but by many private companies, non-profit organizations and governments aspiring to realize a robust control environment. Do not let the benefits of the Internal Control – Integrated Framework: 2013 slip by. This session helps all levels of management, staff and auditors better understand how to unleash the framework’s full power.