Internal Control Integrated Framework - IFAC

1 0 Internal Control Integrated FrameworkAn IAASB OverviewSeptember 20161 Table of Contents COSO & Project Overview Internal Control - Integrated Framework IllustrativeDocuments Illustrative Tools for Assessing Effectiveness of a System of Internal Control Internal Control over External Financial Reporting: A Compendium of Approaches and examples Transition & Impact Recommended Actions Questions 2 COSO & Project Overview3 Originally formed in 1985, COSO is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management (ERM) Internal Control and fraud deterrence.

2 9,300 386,000 15,000 > 600,00067,000 180,0004 COSO Overview Internal Control Publications19922006200920135 Original FrameworkCOSO s Internal Control Integrated Framework (1992 Edition)Refresh ObjectivesUpdated FrameworkCOSO sInternal Control Integrated Framework (2013 Edition)Broadens ApplicationClarifies RequirementsArticulate principles to facilitate effective Internal Control Why updatewhat works The Framework has become the most widely adopted Control Framework worldwide. Updates ContextEnhancements Reflect changes in business & operating environmentsExpand operations and reporting objectives6 Project timetableAssess & Survey StakeholdersDesign & BuildPublic Exposure, Assess & RefineFinalize20102011201220137 Project participantsCOSO Board of DirectorsCOSO Advisory Council AICPA AAA FEI IIA IMA Public Accounting Firms Regulatory observers (SEC, GAO, FDIC, PCAOB) Others (IFAC, ISACA, others)

3 PwCAuthor &Project LeaderStakeholders Over 700 stakeholders in Framework responded to global survey during 2011 Over 200 stakeholders publically commented on proposed updates to Framework during first quarter of 2012 Over 50 stakeholders publically commented on proposed updates in last quarter of 20128 Project deliverable #1 Internal Control - Integrated Framework (2013 Edition) Consists of three volumes: Executive Summary Framework and Appendices Illustrative Tools for Assessing Effectiveness of a System of Internal Control Sets out: Definition of Internal Control Categories of objectives Components of Internal Control Requirements for effectiveness9 Project deliverable #2 Internal Control over External Financial Reporting.

4 A Approaches and Examples illustrate how principles are applied in preparing financial statements Considers changes in business and operating environments during past two decades Relevant for variety of entities public, private, not-for-profit, and government Consistent with updated Framework10 Internal Control Integrated Framework11 Update expected to ease use and applicationWhat is is Core definition of Internal Control Three categoriesof objectives and five components of Internal Control Eachof the five components ofinternal Control are required foreffective Internal Control Important role of judgment in designing, implementing and conducting Internal Control .

5 And in assessing its effectiveness Changes in businessand operatingenvironments considered Operations and reporting objectives expanded Fundamental conceptsunderlying five components articulated as principles Additional approaches and examples relevant to operations, compliance, and non-financial reporting objectives added12 Environments driven Framework updatesExpectations for governance oversightGlobalization of markets and operationsChanges and greater complexity in businessDemands and complexities in laws, rules, regulations, and standardsExpectations for competencies and accountabilitiesUse of, and reliance on, evolving technologiesExpectations relating to preventing and detecting fraud COSO Cube (2013 Edition)Update considers changes inbusiness and operating environments13 Control EnvironmentRisk AssessmentControl ActivitiesInformation & CommunicationMonitoring ActivitiesUpdate articulates principles of effective Internal commitment to integrity and ethical oversight structure, authority and commitment to and analyzes fraud and analyzes significant and develops Control activities11.

6 Selects and develops general controls over through policies and relevant ongoing and/or separate and communicates deficiencies14 Control EnvironmentUpdate articulates principles of effective Internal Control (continued) organization demonstrates a commitment to integrity and ethical values. board of directors demonstrates independence from management and exercises oversight of the development and performance of Internal establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.

7 Organization holds individuals accountable for their Internal Control responsibilities in the pursuit of The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 8. The organization considers the potential for fraud in assessing risks to the achievement of The organization identifies and assesses changes that could significantly impact the system of Internal Control .

8 Risk AssessmentUpdate articulates principles of effective Internal Control (continued)1610. The organization selects and develops Control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 11. The organization selects and develops general Control activities over technology to support the achievement of objectives. organization deploys Control activities through policies that establish what is expected and procedures that put policies into ActivitiesUpdate articulates principles of effective Internal Control (continued)1713. The organization obtains or generates and uses relevant, quality information to support the functioning of other components of Internal Control .

9 14. The organization internally communicates information, including objectives and responsibilities for Internal Control , necessary to support the functioning of other components of Internal Control . organization communicates with external parties regarding matters affecting the functioning of other components of Internal Control . Information & CommunicationUpdate articulates principles of effective Internal Control (continued)1816. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of Internal Control are present and functioning.

10 Organization evaluates and communicates Internal Control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. Monitoring ActivitiesUpdate articulates principles of effective Internal Control (continued)19 Update clarifies requirements for effective Internal Control Effective Internal Control provides reasonable assurance regarding the achievement of objectives and requires that: Each component and each relevant principle is present and functioning The five components are operating together in an Integrated manner Each principle is suitable to all entities.