Are You Ready? Implementing COSO's Updated Internal Controls Framework
-
Upload
blackline -
Category
Economy & Finance
-
view
1.207 -
download
4
Transcript of Are You Ready? Implementing COSO's Updated Internal Controls Framework
![Page 1: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/1.jpg)
December 16, 2014 11:00A PST/2:00PM EST
![Page 2: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/2.jpg)
CPE credits and supplemental information
We are issuing 1 CPE credit To be eligible for CPE credit, please answer three (3) out of the four (4) polling questions throughout the duration of this webinar. An email with a link to the CPE Course Evaluation Form will be emailed after the webinar.
![Page 3: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/3.jpg)
3
Today’s Speakers
Robert Hirth Chairman Committee of Sponsoring Organizations of the Treadway Commission
Susan Parcells Director, Finance Transformation & Product Expert BlackLine
Michael P Rose Partner, Northeast Region Advisory Services Grant Thornton
![Page 4: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/4.jpg)
Agenda
4
COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
![Page 5: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/5.jpg)
Polling Question #1 What type of organization do you work for?
A. Public, US listed
B. Private
C. Not for Profit
D. Other
![Page 6: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/6.jpg)
Agenda
6
COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
![Page 7: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/7.jpg)
7
20 Years in the Making…
![Page 8: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/8.jpg)
8
15,000 > 600,000
Originally formed in 1985, COSO is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management (ERM) internal control and fraud deterrence.
9,300
386,000
67,000
180,000
![Page 9: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/9.jpg)
9
Mission COSO’s Mission is “To provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.”
COSO’s Fundamental Principle Good risk management and internal control are necessary for long term success of all organizations
![Page 10: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/10.jpg)
10
COSO is more than Internal Control…
![Page 11: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/11.jpg)
11
And Thus…
National Commission on Fraudulent Financial Reporting formed with James C. Treadway, Jr., former SEC
Commissioner and General Counsel, Paine Webber as its Chairman – becoming known as the “Treadway
Commission” a private-sector initiative, was formed in 1985 to inspect, analyze, and make recommendations on
fraudulent corporate financial reporting.
Source: sechistorical.org
![Page 12: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/12.jpg)
12
The Internal Control Recommendation All public companies should maintain internal
controls that provide reasonable assurance that fraudulent financial reporting will be prevented or
subject to early detection - this is a broader concept than internal accounting controls…
…The Commission also recommends that its sponsoring organizations cooperate on
developing additional, integrated guidance on internal controls…
- Treadway Commission report
![Page 13: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/13.jpg)
Agenda
13
COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
![Page 14: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/14.jpg)
14
W hy Make Changes?
In the twenty years since the inception of the original framework, business and operating
environments have changed dramatically, becoming increasingly complex,
technologically driven, and global.
At the same time, stakeholders are more engaged, seeking greater transparency and
accountability for the integrity of systems of internal control that support business
decisions and governance of the organization
Source: COSO September 2012
![Page 15: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/15.jpg)
15
Environmental changes... …have driven Framework updates
Expectations for governance oversight
Globalization of markets and operations
Changes and greater complexity in business
Demands and complexities in laws, rules, regulations, and standards
Expectations for competencies and accountabilities
Use of, and reliance on, evolving technologies
Expectations relating to preventing and detecting fraud COSO Cube (2013 Edition)
Update considers changes in business and operating environments…
![Page 16: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/16.jpg)
16
Original Framework
COSO’s Internal Control–Integrated Framework (1992 Edition)
Refresh Objectives
Updated Framework COSO’s Internal Control–Integrated Framework (2013 Edition)
Broadens Application Clarifies Requirements
Articulate principles to
facilitate effective
internal control
Why update what works – The Framework has become the most widely adopted control framework worldwide.
Updates Context
Enhancements
Reflect changes in
business & operating
environments
Expand operations and
reporting objectives
![Page 17: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/17.jpg)
17
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring Activities
Update articulates principles of effective internal control 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability
6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change
10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures
13. Uses relevant information 14. Communicates internally 15. Communicates externally
16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
![Page 18: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/18.jpg)
18
Update describes important characteristics of principles, e.g.,
• Points of focus may not be suitable or relevant, and others may be identified
• Points of focus may facilitate designing, implementing, and conducting internal control
• There is no requirement to separately assess whether points of focus are in place
Control Environment 1. The organization demonstrates a commitment to integrity and ethical values.
Points of Focus: • Sets the Tone at the Top • Establishes Standards of Conduct • Evaluates Adherence to Standards of Conduct • Addresses Deviations in a Timely Manner
![Page 19: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/19.jpg)
19
Update describes how various controls effect principles, e.g.,
Control Environment
1. The organization demonstrates a commitment to integrity and ethical values.
Component
Principle
Controls embedded in
other components
may effect this principle
Human Resources review employees’ confirmations to assess whether standards of conduct are understood and adhered to by staff across the entity
Control Environment
Management obtains and reviews data and information underlying potential deviations captured in whistleblower hot-line to assess quality of information
Information & Communication
Internal Audit separately evaluates Control Environment, considering employee behaviors and whistleblower hotline results and reports thereon
Monitoring Activities
![Page 20: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/20.jpg)
20
There is no Magic 17 Principles Control Checklist …
• The Framework does not prescribe controls to be
selected, developed, and deployed for effective internal control
• Selection of controls is a function of management judgment based on factors unique to the entity
• How controls effect multiple principles can provide persuasive evidence
![Page 21: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/21.jpg)
Polling Question #2 What industry are you in?
A. Financial Services
B. Distribution, Manufacturing
C. Services
D. Technology
E. Energy and Utilities
F. Other
![Page 22: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/22.jpg)
Agenda
22
COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
![Page 23: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/23.jpg)
23
Transition & Impact
• Users are encouraged to transition applications and related documentation to the updated Framework as soon as feasible
• Updated Framework will supersede original Framework at the end of the transition period (i.e., December 15, 2014)
• During the transition period, external reporting should disclose whether the original or updated version of the Framework was used
![Page 24: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/24.jpg)
24
Mostly Smooth Sailing for Early Adopters of COSO Framework Update (?) “Early adopters of the updated COSO framework say they're finding their existing internal controls map rather well to the newly articulated principles contained in the updated framework, although they need to bring more controls into the scope of their internal control evaluation and audit to show it.” April 8, 2014
![Page 25: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/25.jpg)
25
Microsoft Example • Nearly complete with its implementation of the COSO update, mapping the
new framework to its existing control environment and updating its controls.
• Increased the number of entity-level controls that are scoped into its Sarbanes-Oxley compliance exercise from 45 to 58 as a result of the refresh to the updated framework.
• Found its coverage was adequate, but some of the controls that met the COSO principles were not scoped into the internal control assessment and audit.
• Meant streamlining and identifying activities already doing that met the requirements, then documenting them and bringing them into scope for walkthroughs and testing.
Source: Compliance Week
![Page 26: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/26.jpg)
26
Microsoft Example, Continued • Devoted a few hundred staff hours to the project,
• Finalizing its control design with input from its audit firm, Deloitte.
• “There are still a couple of open questions we are working on with them that may result in a few more changes, but it's not substantial at this point,”
• Throughout the implementation the audit firm has targeted areas that the Public Company Accounting Oversight Board has called on auditors to pay closer attention through its inspection process, he says. They are looking more closely, for example, at risk assessments, outsourcing, and reports that are generated and relied on internally.
Source: Compliance Week
![Page 27: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/27.jpg)
27
Don’t Rush it ? A Risk-free Decision? • “If the company isn’t well into the process already and doesn’t have
the resources in place to make the transition in 2014, don’t rush it. • The SEC has stated that it doesn’t intend to challenge companies—
at least in the near-term—that don’t transition by December 15, 2014.)
• Disclose use of 1992 or 2013 Framework; explanation regarding why transition is delayed but not required in 2014. (revised)
• COSO 2013 is “an important opportunity to improve the efficiency and effectiveness of the business.”
![Page 28: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/28.jpg)
Many Firms, But One Framework
![Page 29: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/29.jpg)
29
Same Destination, Slightly Different Path
![Page 30: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/30.jpg)
Polling Question #3 What is your current status for transitioning to the 2013 COSO Framework?
A. Basically done and did just fine
B. Basically done but it was hard
C. Still in process and doing just fine
D. Still in process and struggling with the amount of work
E. 12/31 year-end but deferring to 2015
F. Not a 12/31 year-end
![Page 31: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/31.jpg)
Agenda
31
COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
![Page 32: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/32.jpg)
© Grant Thornton LLP. All rights reserved.
Leading Practices
and
Lessons Learned
![Page 33: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/33.jpg)
© Grant Thornton LLP. All rights reserved.
Summary of Changes to COSO 1992
Enhances Governance Concepts
Consider Expectations for Competencies and Accountabilities
Consider Demands and Complexities in Laws, Rules, Regulations and Standards
Reflects Increased Relevance of Technology
Enhances Consideration of Anti-Fraud Expectations
Applies a Principle – Based Approach - Explicitly States 17 Principles
33
![Page 34: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/34.jpg)
© Grant Thornton LLP. All rights reserved.
Consideration for Implementation of COSO 2013
Spend Time to Understand 17 Principles and Points of Focus
Gather Information on COSO 2013 from a Variety of Sources (Larger Accounting Firms)
Attend Training Sessions
Meet with Peers or Attend Roundtables to Get Questions Answered and See What Others are Doing
34
![Page 35: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/35.jpg)
© Grant Thornton LLP. All rights reserved.
Consideration for Implementation of COSO 2013 (cont'd)
Map the 17 Principles to Existing Controls
Evaluate Results and any Gaps in the Controls or Documentation
Plan to Make Necessary Additions to Controls and Documentation
Meet with External Audit Firm
Execute on Changes Needed
35
![Page 36: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/36.jpg)
© Grant Thornton LLP. All rights reserved.
Some Considerations In Implementing COSO 2013
Principles 1-5 Relate to the Control Environment Component - explain linkages between various components of internal control - expand the discussion of governance roles to match organization structures, note
committee/board charters, minutes, accountability, roles, responsibilities - clarify expectations of integrity/ethical values, codes or conduct, whistle-blower
process, investigation and resolution, potential issues, training - expand risk oversight and strengthen linkages between risk and performance
Principles 6-9 Relate to Risk Assessment Component - objective setting as a precondition to risk assessment - focusing risk assessment component on objectives related to operations, reporting
and compliance - clarifying that risk assessment includes processes for risk identification, risk
analysis, risk response, aligning risk tolerance with risk appetite - expand the risk severity beyond impact and likelihood to include velocity and
persistence - considering fraud risk relating to material omission or misstatements of reporting,
inadequate safeguarding of assets, corruption
36
![Page 37: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/37.jpg)
© Grant Thornton LLP. All rights reserved.
Some Considerations In Implementing COSO 2013 (cont'd)
Principles 10-12 Relate to the Control Activities Component - reflect evolution in technology since 1992 move toward technology infrastructure - more details to reinforce linkages in general controls over technology and
automated control activities - distinction of transaction level controls from controls at other levels of
organization
Principles 13-15 Relating to the Information and Communication Component - emphasizing the importance of quality of information - verifying to a source and for retention when information is used to support
reporting objectives to third parties - impact of regulating requirements on reliability and protection of information - impact of technology as it relates to spend, means and quality of information - use of third-party service providers to manage specific processes and the user
controls that need to be in place
37
![Page 38: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/38.jpg)
© Grant Thornton LLP. All rights reserved.
Some Considerations In Implementing COSO 2013 (cont'd)
Principles 16-17 Relating to the Monitoring Activities Component
- refines terminology of monitoring activities as "ongoing evaluations" and "separate evaluations"
- expanding discussion of the use of technology and external service providers - use of management's reporting controls
38
![Page 39: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/39.jpg)
© Grant Thornton LLP. All rights reserved.
Additional Considerations for Implementation
PCAOB Practice Alert #11 Results of Latest PCAOB Inspection Reports Discussions with External Audit Firm Business Risk Manual Produced by AICPA, ACFE and IIA.
39
![Page 40: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/40.jpg)
© Grant Thornton LLP. All rights reserved.
Thank You
Michael P. Rose, CPA, CIA, CCSA, CRMA, CISA, CISM, CGEIT, CRISC, CITP Partner Northeast Region GRC Practice Leader [email protected]
40
![Page 41: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/41.jpg)
Agenda
41
COSO Overview Why the new Framework Transition Timeline and Reporting Implications Leading Practices and Lessons Learned Learn how the BlackLine Task Product can be used to help companies organize and manage the work around complying with the new COSO Framework
![Page 42: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/42.jpg)
BlackLine Modern Finance The world’s most trusted solution for Finance Controls and Automation
![Page 43: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/43.jpg)
![Page 44: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/44.jpg)
COMMON CHALLENGES AROUND THE NEW COSO FRAMEWORK
Documenting your controls Mapping your controls to the applicable Points of Focus/Principles Organizing the supporting documentation Assigning roles and responsibilities Providing evidence of managements’ testing of internal controls
![Page 45: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/45.jpg)
COSO Framework: 5 Components & 17 Principles
CONTROL ENVIRONMENT 1. Demonstrates commitment to integrity and
ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority, and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability
RISK ASSESSMENT 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change
CONTROL ACTIVITIES 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures
INFORMATION & COMMUNICATION 13. Uses relevant information 14. Communicates internally 15. Communicates externally
MONITORING 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
Optional: COSO Points of Focus
1 2 3 4 5 6 7 8 9
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
Public Company Internal Control Activities
Map them to COSO Framework
Department Control # Control Activity Accounts Payable CA 053 All postings to the General Ledger are run
and validated to ensure that the GL and subledger are in balance.
Systems CA 054 Segregation of Duties is maintained throughout all systems and all roles and responsibilities are reviewed by management on an annual basis
Systems CA 055 Requests for access to systems and associated responsibilities/functionality is reviewed and approved by management.
General Ledger CA 056 All balance sheet reconciliations are prepared and reviewed by management on a monthly basis. All reconciliation exceptions are addressed on a timely basis.
General Ledger CA 057 All reconciliations deemed as critical (as per Corp. Policy 146) are completed and approved by workday 6.
Step2:
Step1: Map Control Activities
Add additional control activities Remediate any exceptions/deficiencies Annually assess
Step3:
Evaluate and assess compliance of Internal Control Activities to COSO Framework
![Page 46: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/46.jpg)
Polling Question #4 What tools are you using to currently manage your SOX compliance documentation?
A. Using spreadsheets, flowcharts
B. Using internally developed software
C. Using a third party software
![Page 47: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/47.jpg)
BLACKLINE’S SOLUTION TO MANAGING THE NEW COSO FRAMEWORK
![Page 48: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/48.jpg)
![Page 49: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/49.jpg)
Task Dependency
Use the task dependency functionality to align those control activities with either the Points of Focus and/or the Principles as appropriate
Use the COSO import template to bring in just the 17 COSO Principles or the Principles and the 87 Points of Focus into the BlackLine Task Module (can also bring in approximately 90 basic control activities) and two certification checklists
COSO Import
Template
Features
![Page 50: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/50.jpg)
Control Activities
Add your own control activities as additional tasks
Create a certification checklist around internal controls at the COSO principle level and/or the individual points of focus which includes the necessary documentation of overall analysis and any acceptable level of risk.
Certification Checklist
Features
![Page 51: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/51.jpg)
Certification checklist to indicate: The Principle is present The Principle is functioning Major deficiencies exist
Add documentation to provide: • Summary of Controls for Points of Focus/Principles • Evaluation of Deficiencies within the Principle Add comments to indicate: • Any identified deficiencies • Compensating controls for the deficiencies • Impact on any of the other Principles
Additional Features
![Page 52: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/52.jpg)
Manage COSO Compliance Costs: Track time spent at the individual control points and at the COSO principle levels
Certification Details: Full audit trail tracks and timestamps all certification events for all control point assessments and COSO reviews
Built-In Workflow: • Ensure that there is clear ownership
around the control activities Real-time Reporting and Dashboards: • Management can easily report on
their COSO compliance activities
Additional Features
![Page 53: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/53.jpg)
THANK YOU!
53
![Page 54: Are You Ready? Implementing COSO's Updated Internal Controls Framework](https://reader034.fdocuments.us/reader034/viewer/2022051400/55a201d71a28ab3d268b4653/html5/thumbnails/54.jpg)
QUESTIONS?
54
Robert B. Hirth, Jr. Chairman Committee of Sponsoring Organizations of the Treadway Commission Office: 415.402.3621 www.coso.org
Susan Parcells, CPA, CGMA Director, Finance Transformation & Product Expert BlackLine Office: 818.223.9008 https://www.blackline.com
Michael P. Rose Partner, Northeast Region Advisory Services Grant Thornton Office: http://www.grantthornton.com
FEI http://www.financialexecutives.org