IT Risk and Internal Control Frameworks University of Washington October24 th, 2013 Michael Isensee Partner, Advisory.

Published byHilary Black Modified over 8 years ago

Similar presentations

Presentation on theme: "IT Risk and Internal Control Frameworks University of Washington October24 th, 2013 Michael Isensee Partner, Advisory."— Presentation transcript:

1 IT Risk and Internal Control Frameworks University of Washington October24 th, 2013 Michael Isensee Partner, Advisory

2 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 1 Outline My Background IT Risk COBIT – Introduction to COBIT – Components – Principles COSO – Introduction to COSO – COSO vs. COBIT – COSO framework Q & A

3 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 2 My background and experience German University “MBA” graduate – 1996, accounting, finance, and information systems Thesis Paper on Controlling IS for Mercedes Benz Intern at Arthur Andersen & Co. Joined Arthur Andersen & Co. full time in 1996 Joined KPMG in 2003 Became CISA in 1999, CPA in 2001, CITP in 2006, PMP in 2007, CGEIT in 2009 Diverse career experience in accounting & IT Clients included Costco Wholesale, Gap, Nordstrom, Ross Stores, Siemens, Washington Mutual, and Weyerhaeuser

4 IT Risk

5 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 4 Assessing risk, including IT Risk LowModerate to Low ModerateModerate to High High Magnitude of Impact Almost Certain Likely Moderate Unlikely Rare Likelihood of Occurrence Acquisitions Corp. Governance Unions Inventory Control & Management Procurement Sales Finance Human Resources Information Technology Logistics Outsourcing Central Transaction Processing Treasury

6 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 5 What is IT Risk? Any risk related to information technology. IT risk incidents have the potential to produce substantial business consequences that touch a wide range of stakeholders. Examples include: – Critical business processes, such as order processing, disrupted. – Customers unable to contact call centers. Lost business, reduced profits, and damage to an organization’s reputation are at stake. Encompasses not only the negative impact of operations, but also the benefit\value of risks associated with missing opportunities to use technology to enhance business objectives Goal: Turn business threats into a competitive advantage. Example: Risk of unauthorized access to a system. – What are the business impacts?

7 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 6 Business Continuity (BC) – Includes Elements of IT Risk Key BC activities as selected from the BS 25999 standard and the respective logical flow are represented below. BC Management covers both IT and other business risk Risk Assessment Emergency Response Plan Crisis Management Plan Business Continuity Plan Disaster Recovery Plan Project Initiation Business Impact Analysis Design Strategy Strategy Implementation Develop Plans Training and Awareness Exercise/Test On-going Validation and Maintenance Understand the organization Determining BCM strategy Developing and implementing BCM response Exercising, maintaining, and reviewing Embedding in BCM culture

8 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 7 Key IT Risk Issues for the External Auditor Key issues for the external auditor (where IT risk is concerned) include: – Logical Security – Physical Security – Changes to Software – Backups to recover from Hardware and Software Malfunction – Batch Processing External auditors will also be increasingly concerned with emerging risks such as: – Cloud Computing – Mobile Platforms

9 Control Objectives for Information and Related Technology

10 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 9 Brainstorm examples of controls in your life “Internal Controls” are an everyday part of our lives AutomobilesFootball GameAir Travel

11 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 10 What is COBIT? Framework created by ISACA for IT management and IT governance that was first released in 1996. Supports governance of IT by defining and aligning business goals with IT goals and IT processes. Mission – to research, develop, publish and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals and assurance professionals. Latest revision (COBIT 5) was recently released in April 2012.

12 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 11 COBIT Key concepts Bridges the gaps amongst business requirements, control needs, and technical issues. Helps management and business process owners understand and manage the risks associated with IT. Focuses on IT processes rather than functions or applications. Not just for the IT Department, applies to the business as a whole.

13 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 12 COBIT components Framework: organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements Process descriptions: a reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor. Control objectives: provide a complete set of high-level requirements to be considered by management for effective control of each IT process. Management guidelines: help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes Maturity models: assess maturity and capability per process and helps to address gaps.

14 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 13 COBIT principles COBIT 5 is based on five key principles for governance and management of enterprise IT. Enterprises of all sizes, whether commercial, not-for-profit or in the public sector, can benefit from using the COBIT 5 principles. COBIT 5 has become the standard for overall control of IT. 1. Meeting Stakeholder Needs 2. Covering the Enterprise End-to-end 3. Applying a Single Integrated Framework 4. Enabling a Holistic Approach 5. Separating Governance From Management COBIT 5 Principles

15 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 14 Case Study You are developing an IT Policy framework for Solo Cup and have decided to use COBIT. In evaluating the layout of the framework, consider the following: – What are some control environment characteristics of the organization? – What are the major IT general computer control areas? – What risk factors should be considered? – What processes are integral to the business? – How and to whom does the organization communicate information? – What components should be in place to help oversee the organization?

16 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 15 Sample IT Controls Framework for Solo Cup IT Policies

17 COSO Internal Control Framework

18 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 17 What is COSO? The Committee of Sponsoring Organizations of the Treadway Commission. Formed in 1985 as an alliance of five professional organizations to serve as one voice on issues related to fraudulent financial reporting. Mission – to improve the quality of financial reporting through business ethics, effective internal control and corporate governance 1987 – Treadway Commission issued the Report of National Commission on Fraudulent Reporting. 1992 – issued the initial Internal Control-Integrated Framework 2013 – issued evolutionary Control Framework Update (supersedes old standard in December 2014)

19 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 18 COSO Key concepts Principles-based approach Being “In Control” helps drive business success Control and business performance tie directly with the concept of an “Upside” in managing risk – control helps an entity achieve its goals! Taking risks “Smartly” is a good thing To take risks you have to understand, embrace, and manage them Risk Objective Control

20 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 19 COSO Key concepts (continued) Internal control is a process. It is a means to an end, not an end in itself. Internal control is effected by people. It’s not merely policy manuals and forms, but people at every level of an organization. Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board. Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.

21 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 20 COSO vs. COBIT COSO and COBIT cater to different audiences: – COSO: management at large – COBIT: management, users, and auditors (mostly IT auditors) Both COSO and COBIT view control as an entity-wide process, but COBIT specifically focuses on IT controls. This distinction helps determine the scope of each control framework. COBIT is often referred to as the industry “integrator” (due to its high level, broad coverage, and acceptance), bringing other recognized best practices and standards under one umbrella. COBIT does not replace COSO in an engagement. It is intended to emphasize what control is required in the IT environment while working with and building on the strengths of other control models.

22 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 21 Case study You are executives for a large banking firm. In evaluating the control framework for your business consider the following: – What are some control environment characteristics of the organization? – What risk factors should be considered? – What key controls should be in place? – How and to whom does the organization communicate information? – What components should be in place to help oversee the organization?

23 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 22 2013 Version - Significant changes to the original Framework Applying a Principles- Based Approach : The Framework focuses greater attention on principles by explicitly identifying 17 that were implicit in the original Framework. These represent the fundamental concepts associated with the components of internal control, and apply to all organizations. Each of the five components and 17 principles must be present and functioning – the components must operate together in an integrated manner. Attributes that represent characteristics associated with the principles are included.

24 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 23 A control framework – COSO summary Control Environment Example: http://www.intel.com/intel/finance/corp_gov.htmhttp://www.intel.com/intel/finance/corp_gov.htm The Control Environment Comprises Factors That Include: The Entity’s mission, strategy, objectives, and the establishment of a “culture of control”; Management’s integrity and ethical values; Board and Audit Committee activities in governing and monitoring management’s execution of strategy; Management’s philosophy and operating style; Organizational structure; and Assignment of authority, responsibility, and accountability through HR policies, practices and other process supports. OPERATIONS FINANCIAL REPORTING COMPLIANCE Unit AUnit BActivity 1Activity 2 Information & Communication Monitoring Control Activities Risk Assessment Control Environment © Source: 1992 “Internal Control – Integrated Framework” (COSO Report).

25 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 24 A control framework – COSO summary (continued) Risk Assessment Risk Assessment – risks take many forms, understanding and managing risks helps the entity ensure the achievement of its objectives. Risk assessment factors include: Established objectives for the entity’s operations, financial reporting, and compliance; Process that identifies critical risks from external and internal sources – and establishes risk appetites; Assignment of responsibility for managing risks; and Alignment of control activities to specific risks and objectives using a continuous process. OPERATIONS FINANCIAL REPORTING COMPLIANCE Unit AUnit BActivity 1Activity 2 Information & Communication Monitoring Control Activities Risk Assessment Control Environment © Source: 1992 “Internal Control – Integrated Framework” (COSO Report).

26 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 25 Risk definitions Inherent Risk (IR): risk that an assertion is susceptible to a material misstatement, assuming there are no related controls. Detection Risk (DR): risk that the auditor will not detect a material misstatement that exists in an assertion. Control Risk (CR): risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by the entity’s internal control. Audit Risk: risk that the auditor will provide an inappropriate opinion on the financial statements. – Audit Risk = IR x DR x CR

27 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 26 A control framework – COSO summary (continued) Control Activities Control Activities are the policies and procedures that help ensure that objectives are achieved. These occur at all levels and in all functions, not just finance and accounting but throughout the organization. They include: Authorizations and approvals Periodic verifications of results Reconciliation of balances Formal reviews of operating performance Security of assets Segregation of duties IT system and other reporting features OPERATIONS FINANCIAL REPORTING COMPLIANCE Unit AUnit BActivity 1Activity 2 Information & Communication Monitoring Control Activities Risk Assessment Control Environment © Source: 1992 “Internal Control – Integrated Framework” (COSO Report).

28 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 27 Example Employees enter time into the time/expense module. Timesheets are signed by employees and forwarded to their supervisor. Supervisor approves timesheets for payment. Supervisor prints, signs, and disburses checks. Timesheets are posted from the time/expense module to the GL module. End

29 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 28 Example (continued) Employees enter time into the PR time/expense module. Timesheets are signed by employees and forwarded to their supervisor. Supervisor approves timesheets for payment. Supervisor prints, signs, and disburses checks. Timesheets are posted from the time/expense module to the AR module. Management Review System Access Control Gap – no segregation of duties Interface/Conversion controls Mapping/Account Configuration Validation and Edit Checks System Access

30 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 29 Example control classifications AutomatedManual Preventative Detective

31 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 30 Example control categories Control categoriesDescriptionExamples AuthorizationApproval of transactions executed and access to assets and records only in accordance with management’s general or specific policies and procedures. Designated approval lists Authorization limits Signatures on purchase orders Check signing limits Configuration/account mapping “Switches” to secure data against inappropriate processing. Posting limits Validations and edit checks Screen layout with required fields Exception/edit reportReports are generated to monitor something and exceptions are followed up to resolution. (Exception – a violation of a set standard, Edit – a change to a master file) Reports of sales over credit limits Reports of changes to price master file

32 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 31 Example control categories (continued) Control categoriesDescriptionExamples Interface/conversion controls Controls over moving data between computer systems. Process used to migrate data from a legacy system. Interface between accounts payable system and general ledger system captures only unpaid invoices. General ledger balances are moved from old account numbers to correct new account numbers Key performance indicators Financial and non-financial quantitative measurements that are collected by the entity and used to evaluate progress toward meeting objectives. Gross margin analysis A/R over 90 days Salary and benefits per full time equivalent employee Management reviewA person different from the preparer analyzing and performing oversight of activities performed. Manager review of reconciliations Dual signature on checks Co-workers reviewing each others’ work

33 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 32 Example control categories (continued) Control categoriesDescriptionExamples ReconciliationCheck whether two items (account balances, computer systems) are consistent Cash reconciliation from general ledger to bank Reconciliation of A/R aging to general ledger Segregation of dutiesSeparation of duties and responsibilities of authorizing transactions, recording transactions and maintaining custody to prevent individuals Person who prepares bank reconciliations is not a signer on bank accounts Persons who bill accounts receivable do not post cash collections System accessAbility that individual users or groups of users have within a computer information system as determined by access rights is configured in the system. Password protection linked to level of access.

34 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 33 A control framework – COSO summary Information and Communication Information and Communication – how data and information about the business is captured, processed, reviewed, and shared up, down, and across the entity. Factors include: IT systems and management reporting External data on markets and competitors and economic factors that affect entity risks Management communications with employees and customers, suppliers, regulators and stakeholder owners Impacted by a culture that encourages open, and honest communication of good and bad news that must travel up, down, and through the entity OPERATIONS FINANCIAL REPORTING COMPLIANCE Unit AUnit BActivity 1Activity 2 Information & Communication Monitoring Control Activities Risk Assessment Control Environment © Source: 1992 “Internal Control – Integrated Framework” (COSO Report).

35 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 34 A control framework – COSO summary (continued) Monitoring Monitoring – operations need to be monitored to assess the quality of performance over time. Includes: Regular management and supervisory activities Actions people take in performing their duties Scope and frequency depends on the assessment of risks and the effectiveness of controls Control deficiencies reported upstream, serious matters reported to top management and the board. OPERATIONS FINANCIAL REPORTING COMPLIANCE Unit AUnit BActivity 1Activity 2 Information & Communication Monitoring Control Activities Risk Assessment Control Environment © Source: 1992 “Internal Control – Integrated Framework” (COSO Report).

36 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 35 Other Significant changes to the original Framework Reflection of the Increased Relevance of Technology: Technology has evolved substantially since 1992 from large stand-alone mainframe computers that process batches of transactions to highly sophisticated, decentralized, and mobile applications involving multiple real-time activities that can operate across many systems. Technology can affect how all components of internal control are implemented. Enhancing Governance Concepts: The new Framework includes more content on governance related to the board of directors and its committees including audit, compensation, nomination, and governance. Enhancing Consideration of Anti-fraud Expectations. The Framework contains a principle that management considers the potential for fraud when assessing risks to achieve its objectives. This was always required under SEC rules, but is new to the Framework. The Framework is much more explicit than the SEC rules. Considering Different Business Models and Organizational Structures. Business models and structures have evolved. An increasing number of companies are using third parties to provide products or services necessary to their operations. Competition, globalization, dynamic industry and technological changes, new business models, competition for talent, cost management, and other factors have required management to look beyond internal operations to obtain necessary services. More specific requirements with respect to documentation. The Framework contains more discussion on the type of documentation needed by management, particularly with respect to controls that involve judgment.

37 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 36 What is not changing...What is changing... Core definition of internal control Three categories of objectives and five components of internal control Each of the five components of internal control are required for effective internal control Important role of judgment in designing, implementing and conducting internal control, and in assessing its effectiveness Updated for changes in business and operating environments Expanded operations and reporting objectives Implicit fundamental concepts underlying five components codified as 17 principles Updated for increased relevance and dependence on IT Addresses fraud risk assessment and response COSO 2013 Framework – Summary of Changes

38 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 37 Limitations of internal control Human Errors – Human errors may arise from misunderstanding of instructions, mistakes of judgment, and personal carelessness, distractions, or fatigue. Collusion – Collusion may circumvent the separation of duties. Management Override – Management may override the structure to commit fraud or misstate the financial statements. Changing Conditions – Conditions may change, weakening a system that was adequate at a point in time. Segregation of duties – An employee is performing conflicting job duties.

39 © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 38 Evaluating internal control deficiencies – Financial Reporting Deficiencies can range from inconsequential to material weaknesses Significant deficiency * – is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting. Material weakness * – is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis. A deficiency may result from: – A missing control (design) – A control objective is not met by the control (design) – A control is not operating as designed (operating) – The person performing the control does not have the authority or qualifications needed to perform the control (operating) * AS 5 Definitions.

40 Thank you! Michael J Isensee Phone: (206) 913 4229 Email: misensee@kmg.com

Download ppt "IT Risk and Internal Control Frameworks University of Washington October24 th, 2013 Michael Isensee Partner, Advisory."

Similar presentations

Similar presentations

Internal Control–Integrated Framework

Internal Control–Integrated Framework
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditing Concepts.

Auditing Concepts.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
COSO Framework Update IIA Columbus Chapter May 17, 2013

COSO Framework Update IIA Columbus Chapter May 17, 2013
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Chicagoland IASA Spring Conference

Chicagoland IASA Spring Conference
Fraud & Internal Control Frank M. Klaus, CPA. Fraud Definition  Fraud is the misappropriation of assets for the benefit of an individual.  “Willful.

Fraud & Internal Control Frank M. Klaus, CPA. Fraud Definition  Fraud is the misappropriation of assets for the benefit of an individual.  “Willful.
The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Ads by Google