In Control: Getting Familiar with the New COSO...
Transcript of In Control: Getting Familiar with the New COSO...
![Page 1: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/1.jpg)
CSMFO
Monterey, California
February 18, 2015
In Control: Getting Familiar with the New COSO Guidelines
1
![Page 2: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/2.jpg)
Part 1
2
Background on COSO
![Page 3: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/3.jpg)
Development of a comprehensive framework of internal control
Internal Control – Integrated Framework (1992)
3
![Page 4: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/4.jpg)
Traditional view Poor internal control is the fault of management
4
![Page 5: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/5.jpg)
Treadway Commission (1987) Treadway Commission on Fraudulent Financial Reporting Sponsored by American Accounting Association
American Institute of Certified Public Accountants
Financial Executives International
Institute of Management Accountants
The Institute of Internal Auditors
5
![Page 6: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/6.jpg)
Critical reassessment Internal control needs to be defined
Case needs to be made for management involvement
Three responsible parties need to work together Management Governing body Independent auditor
6
![Page 7: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/7.jpg)
Cooperative effort for change The organizations that sponsored the Treadway Commission
agree to work together to facilitate change Council of Sponsoring Organizations = COSO
Result of that effort Internal Control—An Integrated Framework (1992) “COSO Report” (COSO 1992)
7
![Page 8: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/8.jpg)
Basic approach of COSO Report
8
All entities share certain common objectives
Internal control = means used to achieve
To be successful, internal control must Involve both the governing body and management Be comprehensive
![Page 9: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/9.jpg)
COSO definition
9
Internal control is a process, effected by an entity’s Board of Directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:1. Effectiveness and efficiency of operations2. Reliability of financial reporting3. Compliance with applicable laws and regulations
![Page 10: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/10.jpg)
Key concepts
10
Process Dynamic vs. static Components interrelated
Personnel More than policies and procedures
Reasonable assurance Cost-benefit must be considered
Achievement of objectives Internal control logically derived from objectives Source of consistency
![Page 11: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/11.jpg)
Who is responsible?
11
Management primarily responsible Direct beneficiary Uniquely positioned to establish and maintain
Governing body ultimately responsible Inherent in oversight function
![Page 12: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/12.jpg)
How much is enough?
12
Five components of a comprehensive framework of internal control1. Control environment2. Control activities3. Information and communication4. Monitoring activities5. Risk assessment
![Page 13: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/13.jpg)
Recent modifications to the comprehensive framework
Internal Control – Integrated Framework (2013)
13
![Page 14: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/14.jpg)
Background
14
Why needed Changing expectations Governance
Fraud prevention and detection
Rapidly changing technology Increasing complexity
![Page 15: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/15.jpg)
What stays the same?
15
Definition of internal control
Five framework components
![Page 16: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/16.jpg)
What changes?
16
Principles-based approach to evaluating the effectiveness of internal control Principles Fundamental concepts associated with each component of internal
control
Points of focus Important characteristics of principles
Guidance on evaluating effectiveness Components and principles must be present and functioning Components must be operating together
![Page 17: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/17.jpg)
Part 2
17
Entity Objectives
![Page 18: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/18.jpg)
Background
18
All entities have a purpose
Entity’s goal = to achieve that purpose
Performance subject to constraints
![Page 19: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/19.jpg)
Three basic objectives
19
1. Operations objectives Effectiveness Efficiency Safeguarding of assets against loss
2. Reporting objectives Financial + nonfinancial External + internal
3. Compliance objectives
![Page 20: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/20.jpg)
1. Operations: effectiveness
20
Meaning Is the entity achieving its purpose?
Risk Presuming that past practice is effective without reference to
mission, goals, and objectives
![Page 21: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/21.jpg)
1. Operations: efficiency
21
Meaning Is the government making the best use of scarce resources?
Risk Focusing upon efficiency without first determining effectiveness Something that is not effective cannot be efficient
![Page 22: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/22.jpg)
1. Operations: safeguarding of assets against loss Meaning Has the government taken appropriate steps to prevent the
unauthorized acquisition, use, or disposition of assets Not intended to encompass loss through waste, inefficiency, or poor
business decisions
Risk Theft or misappropriation
22
![Page 23: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/23.jpg)
2. Reporting
23
Meaning Does management have a reasonable basis for making
assertions?
Risk Assuming responsibility without having a reasonable basis for doing
so
![Page 24: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/24.jpg)
3. Compliance
24
Meaning Ensure compliance (before the fact) Demonstrate compliance (after the fact)
Risk Being satisfied with demonstrating compliance after the fact
![Page 25: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/25.jpg)
Part 3
25
Comprehensive Framework: Overview
![Page 26: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/26.jpg)
Component 1: Control environment Controls do not function in a vacuum Is the environment favorable to internal control?
Profoundly affects other components of internal control
26
![Page 27: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/27.jpg)
Component 2: Risk assessment
27
Ongoing process Current risk exposure Future changes
![Page 28: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/28.jpg)
Component 3: Control activities
28
Policies and procedures to address identified risks Detection Prevention
![Page 29: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/29.jpg)
Component 2: information and communication
29
Providing, sharing, and obtaining necessary information Internally and externally Upward and downward within the organization
Essential to effectiveness of other components
![Page 30: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/30.jpg)
Component 3: Monitoring activities
30
Were controls implemented?
Do they remain effective?
Management’s response
![Page 31: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/31.jpg)
Inherent limitations
31
Judgment
External events outside the organization’s control
Breakdowns
Management override
Collusion
![Page 32: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/32.jpg)
Part 4
Individual Framework Components
32
![Page 33: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/33.jpg)
1.Control environment
Five related principles
33
![Page 34: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/34.jpg)
Definition of control environment Set of standards, processes, and structures that provide the basis
for carrying out internal control
34
![Page 35: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/35.jpg)
Responsibility for control environment Governing body and senior management Establish tone at the top regarding the importance of internal
control Including expected standards of conduct
Management Reinforces expectations at various levels of the organization
35
![Page 36: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/36.jpg)
Relative importance of control environment Pervasive impact on the overall system of internal control Importance impossible to exaggerate Good environment - controls likely to function well
Bad environment - controls unlikely to function properly
36
![Page 37: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/37.jpg)
Principle 1 The organization demonstrates a commitment to
integrity and ethical values
Points of focus (4)A. Organization sets the tone at the top Governing body and management at all levels demonstrate importance of
integrity and ethical values through
Directives
Actions
Behavior
37
![Page 38: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/38.jpg)
Principle 1 (cont.)B. Organization establishes standards of conduct Understood at all levels, as well as by providers of outsourced services
and by partners
C. Organization evaluates adherence to standards of conductD. Organization addresses deviations in a timely manner
38
![Page 39: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/39.jpg)
Practical observations Attitude: essential tool or “red tape” “Easier to ask forgiveness than permission” “The talk” on “how things really work around here”
Evidence of attitude Time + money How management deals with violations
Force of bad example
39
![Page 40: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/40.jpg)
Principle 2 The governing body exercises oversight of the
development and performance of internal control
Points of focus (4)A. Governing body establishes oversight responsibilitiesB. Governing body applies relevant expertiseC. Governing body operates independentlyD. Governing body oversees management’s design,
implementation and conduct of internal control
40
![Page 41: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/41.jpg)
Audit committee Practical tool to allow governing body to exercise oversight
responsibility for all aspects of internal control and financial reporting
Direct line of communication between the governing body and the independent auditors
Necessary for any government, regardless of size or type
Membership Members of the governing body Assisted by financial expert
41
![Page 42: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/42.jpg)
Audit committee (cont.) Must establish policy for dealing with complaints Specifically provide for the confidential, anonymous submission
by employees
Provision for private meetings To meet with independent auditors apart from management To deliberate privately on conclusions
42
![Page 43: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/43.jpg)
Principle 3 Management establishes, with governing body
oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives
Points of focus (3)A. Management considers all structures of the entity Operating units
Legal entities
Geographic distribution
Outsourced service providers
43
![Page 44: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/44.jpg)
Principle 3 (cont.)B. Management establishes reporting lines Management designs and evaluates lines of reporting
Execution
Flow of information
C. Management and governing body define, assign, and limit authorities and responsibilities
Delegate authority
Define responsibilities
Use processes and technology to assign responsibility and segregate duties as necessary
44
![Page 45: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/45.jpg)
Internal audit Practical tool to allow management to meet its internal
control responsibilities Additional time and expertise
Structure options Separate function Outsourced Regular staff
Lines of reporting Report to top management Report to audit committee
45
![Page 46: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/46.jpg)
Principle 4 The organization demonstrates a commitment to
attract, develop, and retain competent individualsin alignment with objectives.
Points of focus (4)A. Organization establishes policies and practices that reflect
expectations of competenceB. Governing body and management evaluate competence and
address shortcomings
46
![Page 47: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/47.jpg)
Principle 4 (cont.)C. Organization attracts, develops, and retains individuals The organization provides the mentoring and training needed to attract,
develop, and retain sufficient and competent personnel and outsourced service providers
D. Senior management and governing body plan and prepare for succession
Contingency plans for assignment of responsibility
47
![Page 48: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/48.jpg)
Practical observations Need for Up-to-date job descriptions Due diligence in hiring Verifying credentials
Checking references
Ongoing training
48
![Page 49: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/49.jpg)
Principle 5 The organization holds individuals accountable for
their internal control responsibilities in the pursuit of objectives
Points of focus (5):A. Organization enforces accountability through structures,
authorities, and responsibilities Establishes mechanisms to communicate and hold individuals
accountable for performance
Implements corrective action as necessary
49
![Page 50: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/50.jpg)
Principle 5 (cont.)B. Organization establishes performance measures, incentives,
and rewardsC. Organization evaluates ongoing relevance of performance
measures, incentives, and rewards D. Organization considers excessive pressuresE. Evaluates performance and rewards or disciplines individuals
50
![Page 51: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/51.jpg)
Practical observations Ensure that performance reviews are meaningful
51
![Page 52: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/52.jpg)
2. Risk assessment
Four related principles
52
![Page 53: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/53.jpg)
Risk Definition Possibility that an event will occur and adversely affect the
achievement of objectives
Sources External Internal
Assessment Iterative process for identifying and assessing risks
53
![Page 54: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/54.jpg)
Principle 6 The organization specifies objectives with sufficient
clarity to enable the identification and assessment of risks relating to objectives Organized consistent with three basic objectives Operations objectives
Reporting objectives
Compliance objectives
15 points of focus Appropriate point of reference
Allowable variance
Representational faithfulness
54
![Page 55: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/55.jpg)
Principle 7 The organization identifies risks to the achievement
of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.
Points of focus (5)A. Organization includes entity, subsidiary, division, operating
unit, and functional levels Identifies and assesses risks at each level
B. Organization analyzes internal and external factors
55
![Page 56: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/56.jpg)
Principle 7 (cont.)C. Organization involves appropriate levels of managementD. Organization estimates significance of risks identified Likelihood of risk occurring
Potential impact
Speed of impact
Duration of impact
E. Organization determines how to respond to risks Accept, avoid, reduce, or share
56
![Page 57: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/57.jpg)
Practical considerations Two goals Assess current risk exposure Anticipate future changes in risk exposure Options decrease with the passage of time
Chances of success decrease with the passage of time
57
![Page 58: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/58.jpg)
Practical considerations Inherent risk Complexity Cash receipts Direct third-party beneficiaries Prior Problems Prior unresponsiveness to identified control weaknesses
58
![Page 59: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/59.jpg)
Principle 8 The organization considers the potential for fraud
in assessing risks to the achievement of objectives
Points of focus (4)A. Organization considers various types of fraudB. Organization assesses incentive and pressuresC. Organization assesses opportunitiesD. Assesses attitudes and rationalizations
59
![Page 60: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/60.jpg)
Principle 9 The organization identifies and assesses changes
that could significantly impact the system of internal control.
Points of focus (3)A. Organization assesses changes in the external environment Regulatory, economic, and physical environment
B. Organization assesses changes in the business modelC. Organization assesses changes in leadership Attitudes and philosophies
60
![Page 61: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/61.jpg)
Practical observations Types of change Operating environment Personnel Information systems and technology Rapid growth New programs and services
61
![Page 62: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/62.jpg)
3. Control Activities
Three related principles
62
![Page 63: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/63.jpg)
Definition of control activities Actions established through policies and procedures that help
ensure that management’s directives to mitigate risks to the achievement of objectives are carried out
63
![Page 64: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/64.jpg)
Principle 10 The organization selects and develops control
activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
Points of focus (6)A. Organization integrates control activities with risk assessmentB. Organization considers entity-specific factors
64
![Page 65: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/65.jpg)
Principle 10 (cont.)C. Organization determines relevant business processes Completeness
Accuracy
Validity
D. Organization evaluates a mixture of control activity types Authorizations and approvals
Verifications
Physical controls
Controls over standing data
Reconciliations
Supervisory controls
65
![Page 66: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/66.jpg)
Principal 10 (cont.)E. Organization considers at what level activities are appliedF. Organization addresses segregation of duties
66
![Page 67: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/67.jpg)
Practical considerations Authorization and approvals Advance approval Documentation of that fact
Verifications Comparisons – analytical review Consistency with other financial data
Consistency with nonfinancial data
Consistency with expectations
Physical controls Assignment of responsibility for “walk-away” items
67
![Page 68: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/68.jpg)
Practical considerations (cont.) Segregation of incompatible duties Alternatives available when not cost effective
68
![Page 69: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/69.jpg)
Principle 11 The organization selects and develops general
control activities over technology to support the achievement of objectives.
Points of focus (4)A. Organization determines dependency between the use of
technology in business processes and technology general controls
B. Organization establishes relevant technology infrastructurecontrol activities
69
![Page 70: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/70.jpg)
Principle 11 (cont.)C. Organization establishes relevant security management
process control activitiesD. Organization establishes relevant technology acquisition,
development, and maintenance process control activities
70
![Page 71: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/71.jpg)
Principle 12 The organization deploys control activities through
policies that establish what is expected and procedures that put policies into action.
Points of focus (6)A. Organization establishes policies and procedures to support
deployment of management’s directives Policies = what is expected
Procedures = specific actions
B. Organization establishes responsibility and accountability for executing policies and procedures
71
![Page 72: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/72.jpg)
Principle 12 (cont.) Points of focus (cont.)
C. Organization performs in a timely mannerD. Organization takes corrective actionE. Organization performs using competent personnel Sufficient authority
Diligence and continuing focus
F. Organization assesses policies and procedures Continued relevance
Refresh as necessary
72
![Page 73: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/73.jpg)
4. Information and communication
Three related principles
73
![Page 74: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/74.jpg)
Information Needed For internal control To meet objectives
Sources Internal External
74
![Page 75: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/75.jpg)
Communication Providing, sharing, and obtaining information
Continual and iterative process
Internal Up, down, and across
External Inbound Outbound
75
![Page 76: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/76.jpg)
Practical considerations Relationship to other components of the internal control
framework Does not exist separately from other components
76
![Page 77: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/77.jpg)
Principle 13 The organization obtains or generates and uses
relevant, quality information to support the functioning of internal control.
Points of focus (5)A. Organization identifies information requirementsB. Organization captures internal and external sources of dataC. Organization processes relevant data into information
77
![Page 78: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/78.jpg)
Principle 13 (cont.)D. Organization maintains quality throughout processing
Timely
Current
Accurate
Complete
Accessible
Protected
Verifiable
Retained
Reviewed for relevance
E. Organization considers costs and benefits
78
![Page 79: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/79.jpg)
Principle 14 The organization internally communicates
information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
Points of focus (4)A. Organization communicates internal control information Information needed to understand and carry out responsibilities
B. Organization communicates with the governing body
79
![Page 80: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/80.jpg)
Principle 14 (cont.)C. Organization provides separate communications lines Fail-safe mechanisms to enable anonymous or confidential communication
when normal channels are inoperative or ineffective
D. Organization selects relevant method of communication Considers
Timing
Audience
Nature of information
80
![Page 81: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/81.jpg)
Practical considerations Direction of communication From top management down through the organization From lower levels up to top management Laterally within the organization
81
![Page 82: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/82.jpg)
Practical considerations (cont.) Documentation of policies and procedures Promulgate in a manner that emphasizes importance Update On predetermined schedule
When changes occur
Employee assigned for the purpose Management to oversee performance in this regard
Readily available Clear delineation of authority and responsibility Explanation of purpose and design
82
![Page 83: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/83.jpg)
Principle 15 The organization communicates with external parties
regarding matters affecting the functioning of internal control.
Points of focus (5)A. Organization communicates to external partiesB. Organization enables inbound communicationsC. Management communicates with the governing bodyD. Organization provides separate communications linesE. Organization selects relevant method of communication
83
![Page 84: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/84.jpg)
5. Monitoring
Two principles
84
![Page 85: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/85.jpg)
Types of evaluations Ongoing evaluations Built into business processes
Separate periodic evaluations Scope and frequency dependent upon Assessment of risks
Effectiveness of ongoing evaluations
Other management considerations
Combination
85
![Page 86: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/86.jpg)
Goal of evaluations Ascertain whether Each of the five components Present and functioning
Each of the principles within each component Present and functioning
86
![Page 87: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/87.jpg)
Findings of evaluations Evaluate against criteria Regulators Standard-setting bodies Management Governing body
Communicate deficiencies Management Board of directors
87
![Page 88: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/88.jpg)
Principle 16 The organization selects, develops, and performs
ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
Point of focus (7)A. Organization considers a mix of ongoing and separate
evaluationsB. Organization considers rate of changeC. Organization establishes baseline understanding
88
![Page 89: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/89.jpg)
Principle 16 (cont.)D. Organization uses knowledgeable personnelE. Organization integrates with business processes Builds in
Adjusts to changing conditions
F. Organization adjusts scope and frequency Dependent on risk
G. Organization objectively evaluates Separate evaluations performed periodically to provide objective feedback
89
![Page 90: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/90.jpg)
Practical considerations Establishing a baseline Essential elements Identification of risk
Determination of risk appetite
Determine that compensating controls are present and consistent with risk appetite
Determine whether the design of compensating controls is adequate
Determine whether compensating controls have been fully implemented
90
![Page 91: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/91.jpg)
Practical considerations (cont.) Updating the baseline To reflect changes in The processes that are the object of controls
The controls themselves
Elimination of use of lockbox for collections
Risk exposure
Process for updating Periodic reviews
When changes occur
91
![Page 92: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/92.jpg)
Practical considerations (cont.) How have identified deficiencies been resolved? Human response is an integral part of the effectiveness of the
control
92
![Page 93: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/93.jpg)
Principle 17 The organization evaluates and communicates
internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
Points of focus (3)A. Management and governing body assess results
93
![Page 94: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/94.jpg)
Principles 17 (cont.)B. Organization communicates deficiencies Parties responsible for taking corrective action
Senior management
Board of directors
C. Organization monitors corrective action Management tracks timely remediation
94
![Page 95: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/95.jpg)
Practical considerations Resolving deficiencies Focus on root cause of deficiencies Corrective action plan Timetable
Follow-up plan
Reporting Responsible individual
Individual at least one level above responsible individual
95
![Page 96: In Control: Getting Familiar with the New COSO Guidelinesconference.csmfo.org/files/2015/02/In-Control-Gauthier.pdf · In Control: Getting Familiar with the ... Reliability of financial](https://reader031.fdocuments.us/reader031/viewer/2022030412/5a9e4d177f8b9a6a218d681a/html5/thumbnails/96.jpg)
Summary COSO 2013 Expands COSO 1992 Associates principles and points of focus with individual framework
components
Provides guidance on how to evaluate results of an assessment
All components and principles must be present
Components must work together
Treats safeguarding of assets as a separate element within operations objectives
New GFOA Elected Officials Guide available
New full-length publication scheduled for 2016
96