Embed Size (px)
DESCRIPTION
http://www.avivaspectrum.com/contacts Learn valuable information on the new COSO Framework from Sonia Luna, the CEO of Aviva Spectrum. This presentation covers: Why Change Something that’s Working? What’s Actually Changing? What is ERM and What are the Risks? What Changes Impact SOX 404 Implementation Next Steps Aviva Spectrum is the premier provider of Internal Audit, SOX compliance, and Risk Management Services in the West Coast. Our goal in creating long-term, strategic partnerships with our clients is to establish efficient internal controls systems simply and effectively that in turn build core strength and efficiency in your corporate structure. [email protected] 700 S. Flower Street #1100 Los Angeles, CA 90017 P: (213) 250-5700
Citation preview
A Close Examination of COSO's NEW 2013
Framework
Compliance Made Simple ©
Great Organizations Have:
Professional & Organizational Credibility 24/7Great organizations know their risks.Compliance with Standards brings them VALUE!Continuous Improvement is the path to Long-Term SustainabilityOrganizations need effective internal controls to ensure that
their information is timely and reliable, almost instantly, in today’s world of up-to-the-moment digital info distribution on all information: operational, financial, graphical versus hard numbers, or prospective.
Coso’s Update & it’s Impact on Your Company
Compliance Made Simple ©
Why Change Something that’s Working?
What’s Actually Changing?
What is ERM and What are the Risks?
What Changes Impact SOX 404
Implementation Next Steps
Agenda
Compliance Made Simple ©
Compliance Made Simple ©
Compliance Made Simple ©
1992COSO
“Good”
ERM2004
Small COSO2006
“Better”
2013 COSO “BEST”
How We See Framework Changes?
Over 50 examples & 200 pages written on how to leverage controls that are Non-Financial Reporting
Why? 1. You are blindly relying on your IT to
do its function. 2. Wasted dollars (over $6billion a year)
Enterprise Risk Management“Why 2013 Feels like ERM?”
Compliance Made Simple ©
The Risks? Almost Limitless. The Defense? COSO’s Framework
Compliance Made Simple ©
Compliance Made Simple ©
Compliance Made Simple ©
MonitoringGuidance (2008)
(over 400 pages in 3 vol. set)
AICPA (2008)Audit Committee Toolkit
(Approx. 7 templates will change)
New 2013COSO (over 500 pages
then 150+ for ICFR guidance)
Where to get SOURCE Documents?
2013 IllustrativeTools (145 pages)
Compliance Made Simple ©
The COSO board emphasizes monitoring streamlines both compliance and operational aspects of the business. Key steps to effective monitoring:
Identify and maximize effective monitoring, and Identify and improve ineffective or inefficient monitoring 80/20 Rule applies to automated monitoring vs. manual
monitoring (1 hour v. 3 hours)
The Foundation and Apex of COSO? MONITORING
Compliance Made Simple ©
Key Implementation Factors1. Organizational design of business2. Establishing an ERM organization3. Performing risk assessments4. Determining overall risk appetite5. Identifying risk responses6. Communication of risk results7. Monitoring8. Oversight & periodic review by management
Compliance Made Simple ©
Compliance Made Simple ©
What will change in SOX 404?
Top 3 ImpactAreas
Compliance Made Simple ©
Risk Assessment Process & SOX 404 Deliverables
1. Creates higher expectation to document process of Risk Assessment (see Principle 9 “ID & Changes that could impact ICFR”)
Risk Assessment (page 65 – 69 of ICEFR Compendium
Management Risk Responses to consider: a) Avoid, b) Accept, c) Reduce and d) Share (page 69 of Compendium)
Compliance Made Simple ©
IT Assessments2. IT Cloud Environment – COSO wants more
“benchmarking” based on it’s cloud computing 2012 Guidance – (PAGE #8 to 16 for Expert Auditor to read)
Control Env. – Pr #3 (attribute 1 & 3) (page 34 of ICEFR Compendium)
Control Act. (page 85 – 86 of ICEFER Compendium)
Compliance Made Simple ©
Planning DocumentsMateriality/Changes
3. Materiality – now Principle 6 Focuses more energy on how you get your answer and “WHY!”
Document your options and any changes. Don’t forget the 4th quarter assessment = Prudent Official TEST
AU sec. 312, Audit Risk and Materiality in
Conducting an Audit
Compliance Made Simple ©
Flow of Changes in SOX DocsDocumented RA processPlanning
• PnP Update• Brainstorming sessions documented• 4th quarter materiality check
Source Documents InventoryDocumentation• Internal & External Impact Assessment (pg. 72 of Framework & Appendices)• Transactional RA – 4th Quarter assessment (High & Mod. Risks)
Sub-Certifications & AC MinutesTesting & Reporting
Documents• Leverage 2008 Guidance (Residual Risk – Low/Mod)• Substantive testing to low (interview etc.)• Quarterly AC meetings (RA analysis – external environment analysis)• IA role top 7 disclosures documented via inquiry in AC minutes
2 Key Next Steps
Compliance Made Simple ©
Company Overview/Forecast (2 mos. lead time)
SOX Aggregate Impact(3 mos. lead time)
Finance & IT Deliverables Impact assessment(3-4 mos. lead time)
2014 Implementation Analysis
ComplianceControl Analysis
(“CCA”)
Three Free CCA by June 30, 2013
Join COSO 2013 LinkedIn Group for FREE templates, advise and learn from others implementing this new framework.
Step 2
Compliance Made Simple ©
COSO 2013 Implementationhttp://www.linkedin.com/groups/2013-COSO-Implementation-4888186/about
Sonia Luna, President, [email protected]
700 S. Flower Street #1100Los Angeles, CA 90017P: (213) 250-5700
Contact Information
Compliance Made Simple ©
