Presentation is loading. Please wait.

Presentation is loading. Please wait.

Changes to the Internal Control Integrated Framework Cliff Flood.

Published byJoshua Lynch Modified over 8 years ago

Similar presentations

Presentation on theme: "Changes to the Internal Control Integrated Framework Cliff Flood."— Presentation transcript:

1 Changes to the Internal Control Integrated Framework Cliff Flood

2 Discussion Items Historical Analysis Overview of the 2013 Integrated Framework Changes to the 2015 AICFR

3 Historical Analysis In the mid 70’s, the SEC investigates questionable or illegal payments by U.S. companies to foreign government officials, politicians, and political parties – Results in The Foreign Corrupt Practices Act of 1977

4 Historical Analysis In the spring of 1985, Congress conducts hearings regarding fraudulent financial reporting as a result of company failures in the early 80’s – The accounting and auditing professions were under the spotlight

5 Historical Analysis As a result, accounting and auditing professional associations came together in June 1985 to sponsor a National Commission on Fraudulent Financial Reporting – Treadway Commission – Committee of Sponsoring Organizations American Accounting Association American Institute of Certified Public Accountants Institute of Management Accountants The Institute of Internal Auditors Financial Executives International

6 Historical Analysis In Oct 1987, COSO releases The Report of the National Commission on Fraudulent Financial Reporting – Recommendations For the Public Company For the Independent Public Accountant For the Oversight, Regulatory and Legal Environment For Education

7 Historical Analysis Recommendations for the Public Company – Establish a Good Control Environment and Tone at the Top – Assess Risk and Establish Internal Controls – Improve Accounting and Internal Audit Functions – Establish Independent Audit Committees – Report Management Responsibilities COSO to Provide Guidance on Internal Control

8 Historical Analysis Detail Recommendations for the Independent Public Accountant – Recognize responsibility – Improve detection capabilities – Improve audit quality – Communicate the auditor’s role Is complimentary of the exposure drafts on the AICPA expectation GAP auditing standards

9 Historical Analysis Detail Recommendations for Oversight, Regulatory and Legal Environment – Improve SEC Enforcement Remedies – Increase Criminal Prosecution – Improve Regulation of the Public Accounting Profession – Enhance Enforcement by the State Boards of Accountancy

10 Historical Analysis Detail Recommendations for Education – Business and Accounting Curricula – Professional Certification Examinations and Continuing Education

11 Historical Analysis In Apr 1988, the AICPA issues its Expectation Gap Standards – SAS 53 The Auditor’s Responsibility to Detect and Report Errors and Irregularities – SAS 54 Illegal Acts by Clients – SAS 55 Consideration of Internal Control in a Financial Statement Audit – SAS 56 Analytical Procedures – SAS 57 Auditing Accounting Estimates

12 Historical Analysis – SAS 58 Reports on Audited Financial Statements – SAS 59 The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern – SAS 60 Communication of Internal Control Related Matters Noted in an Audit – SAS 61 Communication With Audit Committees

13 Historical Analysis In Sep 1992, COSO completes its study and publishes the Internal Control Integrated Framework – Defines Internal Control, Is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives related to operations, reporting and compliance – Identifies Five Components for Internal Control Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities

14 Historical Analysis BANG!!!! In Oct 2001, The Enron failure occurs – Major issues discovered in the accounting and auditing practices of Enron – Arthur Anderson was found guilty of illegally destroying documents relevant to the SEC investigation which voided its license to audit public companies – Was the basis for new regulation and legislation to enhance the accuracy of financial reporting for public companies

15 Historical Analysis July 2002 Sarbanes Oxley Act – Title I – Public Company Accounting Oversight Board – Title II – Auditor Independence Section 201 – Public accounting firms are prohibited from performing non-audit services to financial statement audit clients Section 204 – Public accounting firms must reports to the audit committee – Title III – Corporate Responsibility Section 301 – Audit Committee requirements Section 302 – CEO and CFO certifications

16 Historical Analysis Jul 2002 Sarbanes Oxley Act – Title IV – Enhanced Financial Disclosures Section 404 – Each annual report shall contain an internal control report (An assessment by management with attestation and reporting by the public accounting firm) Section 407 – At least one member of the audit committee must be a “financial expert”

17 2013 Integrated Framework The COSO integrated framework is widely used by companies and organizations to evaluate their internal controls and for the section 404 assessment and audit required by SOX Due to the many changes over the past 20 years since the 1992 release of the original guidance, COSO released the 2013 update

18 2013 Integrated Framework 17 principles have been added to clarify the required considerations related to each of the five components of internal control – In addition to the considerations from the 1992 version, consideration of change risk as well as fraud risk have been added

19 2013 Integrated Framework Individual assessments are now required for each component and each relevant principle In addition, an overall assessment is required to determine whether the five components and relevant principles are working together

20 2013 Integrated Framework The new release provides for considerable guidance, considerations and examples. The new release includes the following publications: – As Executive Summary – The 2013 Internal Control – Integrated Framework – Illustrative Tools for Assessing Effectiveness of Internal Controls – Internal Control over External Financial Reporting: A Compendium of Approaches and Examples The revised guidance is effective for periods ending after December 31, 2014

21 2013 Integrated Framework Reporting and Deficiencies in Internal Control – When a major deficiency exists, the integrated framework indicates that an organization cannot conclude that it has met the requirements for an effective system of internal control – A major deficiency in one component cannot be mitigated by the presence and functioning of another component. – A major deficiency in a relevant principle cannot be mitigated by the presence and functioning of other principles

22 2013 Integrated Framework Under the Integrated Framework, Each Relevant Principle and Component is Evaluated Based on the Consideration of Points of Focus. – Points of focus provide attributes, conditions or control characteristics that are associated with the various relevant principles and components

23 2013 Integrated Framework The Control Environment - Principle 1 The organization demonstrates a commitment to integrity and ethical values Points of Focus – Tone at the Top – Standards of Conduct – Adherence to Standards of Conduct

24 2013 Integrated Framework The Control Environment – Principle 2 The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control Points of Focus – Has Oversight Responsibilities – Has Relevant Expertise – Is Independent – Exercises Oversight of the System of Internal Control

25 2013 Integrated Framework The Control Environment – Principle 3 Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives Points of Focus – Establishes the Organizational Structure – Authorizes Reporting Relationships – Determines Authorities and Responsibilities

26 2013 Integrated Framework The Control Environment – Principle 4 The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives Points of Focus – Establishes Human Resource Policies and Practices – Requires Competence and Addresses Shortcomings – Attracts, Develops, and Retains Individuals

27 2013 Integrated Framework The Control Environment – Principle 5 The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives Points of Focus – Has a Performance Management Program – Performance is Evaluated – Performance Measures, Incentives, and Rewards are Evaluated – As necessary, Individuals are Disciplined

28 2013 Integrated Framework The Risk Assessment – Principle 6 The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives Points of Focus (External Financial Reporting) – Complies with Appropriate Accounting Standards – Considers Risk Tolerance / Materiality – Considers Related Business Processes

29 2013 Integrated Framework The Risk Assessment – Principle 7 The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed Points of Focus – Determines risk at the appropriate levels of the organization – Considers Internal and External Factors – Consults Appropriate Levels of Management – Identifies Risks – Determines Risk Response

30 2013 Integrated Framework The Risk Assessment – Principle 8 The organization considers the potential for fraud in assessing risks to the achievement of objectives Points of Focus – Identifies Instances or Potential for Fraud – Considers Incentive and Pressures – Considers Opportunities – Considers Attitudes and Rationalizations

31 2013 Integrated Framework The Risk Assessment – Principle 9 The organization identifies and assesses changes that could significantly impact the system of internal control Points of Focus – Identifies and Evaluates Changes – Considers Changes in Accounting Requirements, Technology and Funding – Considers Changes in Leadership

32 2013 Integrated Framework Ways that Fraudulent Reporting Can Occur Fraud schemes Unusual or complex transactions Overrides Opportunities for inappropriate acts Attitudes

33 2013 Integrated Framework The most common fraud techniques as reported in the 2010 COSO Fraudulent Financial Reporting Study Report includes – Improper revenue recognition – Overstatement of existing assets or capitalization of expenses

34 2013 Integrated Framework Types of Risk Response – Acceptance – Avoidance – Reduction – Sharing

35 2013 Integrated Framework Control Activities – Principle 10 The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels Points of Focus – Interacts with the Risk Assessment – Considers Factors that are Specific to the Entity – Considers Relevant Business Processes – Considers Various Control Activity Types – Address Segregation of Duties

36 2013 Integrated Framework Control Activities – Principle 11 The organization selects and develops general control activities over technology to support the achievement of objectives Points of Focus – Considers the Use of Technology in the Organization’s Business Processes and Technology General Controls – Policies and Procedures Relative to Technology Infrastructure and General Controls – Policies and Procedures Relative to Technology and Data Security Management – Policies and Procedures Relative to Oversight and Direction over Technology Acquisition, Development, and Maintenance Processes

37 2013 Integrated Framework Control Activities – Principle 12 The organization deploys control activities through policies that establish what is expected and procedures that put policy into action Points of Focus – Establishment of Policies and Procedures – Establishment of Responsibility and Accountability to ensure Policies and Procedures are Adhered to and are Performed Timely – Control Activities are Assigned and Performed by Competent Personnel

38 2013 Integrated Framework Types of Control Activities – Authorizations and Approvals – Verifications and Reviews – Physical Controls – Reconciliations – Supervisory Controls – Segregating Duties

39 2013 Integrated Framework Information and Communication – Principle 13 The organization obtains or generates and uses relevant, quality information to support the functioning of internal control Points of Focus – Identifies Informational Needs and Crosswalk Requirements – Information is Accessible and Protected – Information is Provided Timely and is Current – Information is Accurate and Verifiable

40 2013 Integrated Framework Information and Communication – Principle 14 The organization internally communicates information, including objectives, and responsibilities for internal control, necessary to support the functioning of internal control Points of Focus – Policies and Procedures are Properly Authorized and Communicated – Communication Lines Relative to the Oversight and Execution of the Policies and Procedures are Established – Methods of Communication are Appropriate

41 2013 Integrated Framework Information and Communication – Principle 15 The organization communicates with external parties regarding matters affecting the functioning of internal control Points of Focus – Evaluates and Uses Communication with External Parties and Inbound Communication – Interacts with Appropriate Senior Management Levels, the Internal Auditor and Board of Trustees regarding external audit matters and the functioning of internal control

42 2013 Integrated Framework Monitoring Activities – Principle 16 The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning Points of Focus – Applies Ongoing and Separate Evaluations – Performs Reconciliations – Performs Validation Procedures – Considers Analytical Review Technics – Requires Reviews by Knowledgeable Personnel – Monitoring is Integrated with the Business Processes

43 2013 Integrated Framework Monitoring Activities – Principle 17 The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate Points of Focus – Determines Adherence to Established Controls – Determines and Communicates Deficiencies – Establishes and Monitors Corrective Action

44 2013 Integrated Framework What are Ongoing Monitoring Activities – Reconciliations – Analysis and Review of Accounts or Transactions – Scanning of Accounts or Transactions – Controller Monthly Verification of Key Account Reconciliations – Communication with Functional or Departmental Units Regarding Accuracy of Activities or Accounts – Review and Approval of Journal Entries – System Test for Duplicate Payments

45 2013 Integrated Framework What are Separate Evaluations – Internal Audits – External audits – UNC Monitoring Visits – Functional Compliance Reviews – Comparisons to Peer Institutions / Tier Institutions UNC System Average – Compliance Checklists

46 2013 Integrated Framework What are the Limitations Related to the Effectiveness of Internal Controls – Human judgment in decision making can be faulty or subject to bias – Unintentional misstates due to human failures – Management overrides – Circumvention of controls through collusion – Matters or events beyond the organization’s control

47 Changes to the 2015 AICFR Change and Fraud risk is already incorporated in the assessment document but need to evaluate for enhancement Need to incorporate the 17 principles As checklist items, the Points of Focus are already part of the assessment document so expect limited change in this area The objectives of the assessment need to be articulated, as well as materiality considerations, risk identification, and risk response Changes to the standards and procedural guidance need to be evaluated

48 Changes to the 2015 AICFR Need to consider risk related to bond ratings, continuing disclosures and changes to them Need to consider adding control activities for debt, endowment and investment functions Need to articulate the importance of the Internal Audit role and communication with the audit committee Need to evaluate adding the new assessment statements and identification of deficiencies as it relates to the new COSO requirements

49 Timeline on the 2015 AICFR GAP analysis in December Draft changes in January Work with Advisory Team in February (Include Controller, Internal Control Officer and Internal Auditor) Finalize by March

50 Questions?

Download ppt "Changes to the Internal Control Integrated Framework Cliff Flood."

Similar presentations

Internal Control–Integrated Framework

Internal Control–Integrated Framework
Post Award MUHAS, Dartmouth, UCSF Basics of Internal Controls Tuesday October 21, 2014.

Post Award MUHAS, Dartmouth, UCSF Basics of Internal Controls Tuesday October 21, 2014.
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.

Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Purpose of the Standards

Purpose of the Standards
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Chicagoland IASA Spring Conference

Chicagoland IASA Spring Conference
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing

Similar presentations

Ads by Google