WHAT ARE THE 3 INTERNAL AUDIT FRAMEWORKS
1 - INTERNAL CONTROL INTEGRATED FRAMEWORK (COSO)
2 - GUIDANCE ON CONTROL (COCO - CANADIAN)
3 - INTERNAL CONTROL: REVISED GUIDE FOR DIRECTORS ON THE COMBINED CODE (TURNBULL REPORT)
WHAT DOES SOX REQUIRE OF THE CFO AND CEO?
THE SEC REQUIRES THE CFO AND CEO OF PUBLICLY TRADED COMAPNIES OPINE ON THE DESIGN ADEQUACY AND OPERATING EFFECTIVENESS OF INTERNAL CONTROLS OVER FINANCIAL REPORTING (ICFR)
OPINION MUST BE BASED IN A SUITABLE FRAMEWORK
REQUIREMENTS OF A SUITABLE CONTROL FRAMEWORK
- FREE FROM BIAS
- PERMIT CONSISTANT QUAL AND QUANT MEASURE OF A COMPANY’S IC ENVIRONMENT
- BE COMPLETE TO REDUCE OR ELIMINATE OMISSIONS
- BE RELEVANT TO A REVIEW OF ICFR
WHAT IS THE BENEFIT OF USING STANDARDS IN REVIEWING ICFR
PROMOTE COMPARABILITY OF THE IC REPORTS OF DIFFERENT COMPANIES
COSO DEFINITION OF INTERNAL CONTROL
A PROCESS, EFFECTED BY AN ENTITY’S BOD, MGMT, AND OTHER PERSONNEL, DESIGNED TO PROVIDE REASONABLE ASSURANCE REGARDING ACHIEVEMENT OF OBJECTIVES RELATING TO OPERATIONS, REPORTING AND COMPLIANCE
WHO IS ULTIMATELY RESPONSIBLE FOR THE IC OF AN ORGANIZATION
THE CEO
WHAT ARE THE 3 CATEGORIES OF COSO OBJECTIVES
- OPERATIONS OBJECTIVES
- REPORTING OBJECTIVES (INTERNAL & EXTERNAL)
- COMPLIANCE OBJECTIVES
WHAT ARE THE 5 COMPONENTS OF IC COVERED BY THE COSO FRAMEWORK
- CONTROL ENVIRONMENT
- RISK ASSESSMENT
- CONTROL ACTIVITIES
- INFORMATION AND COMMUNICATION
- MONITORING ACTIVITIES
WHAT IS THE CONTROL ENVIRONMENT COMPRISED OF
SOFT CONTROLS
- INTEGRITY AND ETHICAL VALUES OF THE ORG
- PARAMETERS ENABLING THE BOD TO CARRY OUT ITS GOV OVERSIGHT RESPONSIBILITIES
- ORG STRUCTURE AND ASSIGNMENT OF AUTH AND RESP
- PROCESS FOR RECRUITING THE RIGHT PEOPLE
- RIGOR AROUND PERFORMANCE MEASURES AND PAY
WHAT IS A PRECONDITION TO RISK ASSESSMENT
ESTABLISHMENT OF OBJECTIVES LINKED AT DIFFERENT LEVELS OF THE ENTITY
WHAT IS INVOLVED IN RISK ASSESSMENT
PROCESS FOR IDENTIFYING AND ASSESSING RISKS TO THE ACHIEVEMENT OF OBJECTIVES
SUCCESSES THAT MUST BE ACCOMPLISHED FOR OBJECTIVES TO BE ACHIEVED
CRITICAL SUCCESS FACTORS
ACTIONS TAKEN BY MGMT, THE BOD, AND OTHER PARTIES TO MITIGATE RISK AND INCREASE LIKELIHOOD THAT ESTABLISHED OBJECTIVES AND GOALS WILL BE ACHIEVED
CONTROL ACTIVITIES
8 TYPES OF CONTROLS THAT ARE PRESENT IN A WELL DESIGNED IC ENVIRONMENT
- PERFORMANCE REVIEWS
- AUTHORIZATIONS
- IT ACCESS CONTROL ACTIVES
- DOCUMENTATION
- PHYSICAL ACCESS CONTROL ACTIVITIES
- IT APPLICATION
- INDEPENDENT VERIFICATION AND RECONCILIATIONS
- SEGREGATION OF DUTIES
4 ACTIONS THAT SHOULD BE SEPARATED
- TRANSACTION AUTH
- ACCOUNTING FOR TRANS
- ASSET CONTROLLERSHIP
- RECONCILING FUNCTION
WHAT IS MEANT BY HIGH QUALITY INFORMATION?
RELEVANT
ACCURATE
TIMELY
WHY MUST HIGH QUALITY INFORMATION BE COMMUNICATED?
INFORMATION MUST BE PROVIDED AS APPROPRIATE TO ACHIEVE OPERATING, REPORTING, AND COMPLIANCE REPORTING OBJECTIVE RESPONSIBILITIES
2 TYPES OF MONITORING ACTIVITIES
ONGOING EVALUATIONS (CONTINUOUS MONITORING) SEPARATE EVALUATIONS
WHEN ARE MONITORING ACTIVITIES MOST EFFECTIVE
WHEN A LAYERED APPROACH IS USED (3 LINES OF DEFENSE MODEL)
WHAT IS INCLUDED IN LAYERED ACTIVITY MONITORING
- EVERYDAY ACTIVITIES PERFORMED BY MGMT OF A GIVEN AREA
- SEPARATE EVALUATION ON A REGULAR BASIS TO ENSURE DEFICIENCIES ARE ADDRESSED AND FIXED TIMELY
- INDEPENDENT ASSESSMENT BY OUTSIDE AREA OR FUNCTION
WHO IS ULTIMATELY RESPONSIBLE FOR ENSURING AN IC ENVIRONMENT IS PUT INTO PLACE
BOD
WHAT IS THE ROLE OF MGMT (CEO) IN THE IC ENVIRONMENT
- PRIMARY RESPONSIBILITY FOR THE SYSTEM OF IC
- THE IC ENVIRONMENT IS ADEQUATELY DESIGNED AND IS OPERATING EFFECTIVELY
- TONE AT THE TOP IS SET BY UPPER LEVEL MGMT
WHAT IS THE ROLE OF THE BOD IN THE IC ENVIRONMENT
- OVERSEES MGMT AND PROVIDES DIRECTION REGARDING THE IC SYSTEM
- ULTIMATELY HAS RESP FOR OVERSEEING THE SYSTEM OF IC
WHAT IS THE ROLE OF THE INTERNAL AUDITOR IN THE IC ENVIRONMENT
- VERIFYING MGMT HAS MET IS RESPONSIBILITIES FOR IC
2. INDEPENDENTLY VALIDATE MGMT ASSERTIONS OF THE IC ENVIRONMENT
