coso 2013: what you need to know
DESCRIPTION
Originally a webcast given by Protiviti expert Jim DeLoach, this presentation focuses on key changes in the COSO 2013 framework, with its implications for SOX compliance. This presentation is also available on the FEI website at http://www.financialexecutives.org/eweb/upload/fei/events/replay/tc_131017/TRANSCRIPT
Slide 1
2013: What YOU Need to Know
October 17, 2013 | 12:00 p.m. ET | 1 hour | 1 CPE credit
What YOUNeed to Know
2013:
CONTROL ENVIRONMENT
Slide 2
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Housekeeping• If you experience technical difficulties, please use:
• use the “Ask a Question” Tab or • use the “Help” Tab or• call 1.866.490.5412 or• email [email protected]
• Experiencing difficulty hearing today's broadcast?Dial-in: (Toll Free) 877-445-9761 (Int’l) 201-689-8592Passcode: 421488
• Use the “Download Tab” below to download a handout of the today’s presentation.
• Use the “Ask a Question” Tab to ask questions at any time duringthe presentation. Questions will be addressed at the end of the presentation.
Slide 3
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• Today’s webcast is worth one (1.0) CPE credit.
• To qualify for CPE, one must have registered via FEI’s website, as well as,meet both duration, poll requirements and complete an on-line survey evaluation.
• In accordance with the standards for the National Registry of CPE Sponsors, CPE credit will be granted based on a 50-minute hour.
• You must answer at least 3 polling questions (during the webcast) to qualify for CPE credit.
• Qualifying participants will have access to the NASBA required survey, in FEI’s CPE Center, within 2-3 business days and the online certificate for CPE credit is available immediately upon completion of this survey.
• Additional information will be provided in a follow-up email after today’s webcast.
CPE Credit
Slide 4
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
About the Speaker
Jim DeLoachManaging Director|
With over 35 years of experience and a member of the Protiviti’s Solutions Leadership Team, Jim DeLoach assists organizations in responding to government mandates, shareholder demands and a changing business environment in a cost-effective and sustainable manner. His focus is on managing risk and integrating risk with strategy setting, business planning with performance management.
DeLoach was one of 25 recipients of the “Consultant of the Year” award from Consulting Magazine in 2011. In 2012 and again in 2013, he was named to the National Association of Corporate Directors’ Directorship 100 list, recognizing him as one of the 100 most influential people in the boardroom community. DeLoach has authored several books, including Enterprise-wide Risk Management: Strategies for linking risk and opportunity, which was published by Financial Times in June 2000 and was the first book written on the subject of enterprise risk management. Widely quoted in the press, he has published numerous articles and thought papers over the last 15 years covering various aspects of governance, managing business risk and effective internal controls. He has served on the COSO Advisory Board for 10 years contributing to the development of several frameworks and projects.
Slide 5
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Why Focus on the Control Environment?
Key Changes in 2013 Framework – Control Environment
Key Principles
Interdependencies with Other Components
Implications to Sarbanes-Oxley Applications
Conclusion
Agenda
Slide 6
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
“The set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.”
Where It All Starts
Slide 7
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• Company history and ethical values
• Industry considerations
• Management's philosophy and operating style
• Competence of the entity's people at all levels and the standards, processes, and structures that guide them
• Effectiveness of board oversight
Internal and External Factors Influence It…
Slide 8
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• Is the foundation for all other components of internal control
• Sets the tone of an organization
• May help an organization be more resilient when facing pressures
Why Focus on the Control Environment?
Slide 9
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• It’s often where the problems start
• The core of any business is its people and the environment in which they operate
• Without an effective control environment, it’s game over
Importance of the Control Environment
Slide 10
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
(1) Pressure to meet unrealistic performance targets, particularly short-term results
(2) Unbalanced compensation structures that encourage excessive risk taking
(3) Passive boards that fail to exercise effective oversight
(4) Inadequate board communications
(5) Selective consideration of facts to fit management’s bias
(6) Lack of transparency into what matters
(7) Inability to manage conflicting objectives and metrics
(8) Board waiver of conflict of interests policy
(9) Poor escalation processes
(10) Management override of controls
The “Usual Suspects”: 10 Examples
Slide 11
The New Framework 2013: What YOU Need to Know
Polling Question 1
The control environment:
a. Consists of a set of standards, processes, and structures b. Is the foundation for carrying out internal control across the organizationc. Sets the tone for the organization’s internal controld. May help an organization be more resilient when facing external and internal
pressurese. All of the above
Slide 12
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• Combines the SEVEN factors into FIVE underlying principles
• Provides in-depth account on what is involved in an effective control environment
• Explains interdependencies and linkages between components
• Covers implications of extended business models utilizing external parties
Key Changes in the 2013 Framework
Slide 13
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• Expands on the concepts of governance in an organization
• Clarifies the expectations of integrity and ethical values to reflect lessons learned and new developments
Key Changes in the 2013 Framework
Slide 14
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Commitment to integrity and ethical valuesCommitment to integrity and ethical values1
Independence board of directors exercising oversight of internal controlIndependence board of directors exercising oversight of internal control
2
Structures, reporting lines, and appropriate authorities and responsibilitiesStructures, reporting lines, and appropriate authorities and responsibilities
3
Commitment to attract, develop, and retain competent individualsCommitment to attract, develop, and retain competent individuals
4
Individuals held accountable for their internal control responsibilitiesIndividuals held accountable for their internal control responsibilities
5
Key Principles Under Control Environment
Slide 15
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Sets the Tone at the Top
Establishes Standards of Conduct
Evaluates Adherence to Standards of Conduct
Addresses Deviations in a Timely Manner
Commitment to Integrity and Ethical Values
Points of
Focus
Slide 16
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Sets the Tone at the Top
Evaluates Adherence to Standards of
Conduct
Establishes Standards of
Conduct
Addresses Deviations
in a Timely Manner
Using the Points of Focus as Guidance…
Slide 17
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• Set the tone from the top for day-to-day actions and decision making across the organization
• Consider legal, ethical, and other expectations in the conduct of business and financial reporting to establish expected standards of conduct
• Train new and existing employees on the entity’s standards of conduct
Principle 1: Suggested Approaches
Slide 18
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• Analyze issues and trends from hotlines and help lines made available within the organization that could indicate potential fraud occurrences
• Make explicit the consequences for deviations from standards of conduct at any level in the organization
• Establish, communicate and enforce standards of conduct throughout the organization
Principle 1: Suggested Approaches
Slide 19
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
The senior management of a publicly traded company maintains and distributes the company’s code of business conduct and ethical standards to all employees and external parties acting on its’ behalf. It also provides for a supplier code of conduct to its vendors as part of its agreements, which provide for a basis of evaluation along with product/service delivery evaluation.
Source: COSO; Internal Control over External Financial Reporting: A Compendium of Approaches and Examples
Case in Point #1
Slide 20
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
A not-for-profit organization conducts scheduled audits to determine whether employees are receiving and understanding the board approved standards of conduct when they are first hired and as part of ongoing communications. This helps to determine if there are any instances of non-compliance and to use those findings to assess and correct any deficiencies in the organization’s new-hire orientation, communications, training, and employee review processes.
Source: COSO; Internal Control over External Financial Reporting: A Compendium of Approaches and Examples
Case in Point #2
Slide 21
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Establishes Oversight Responsibilities
Applies Relevant Expertise
Operates Independently
Provides Oversight
Independent Board Exercises Oversight
Points of
Focus
Slide 22
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Polling Question 2
Under the 2013 New Framework, the control environment consists of 7 important principles.
a. Trueb. False
Slide 23
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Polling Question 3
Under the 2013 New Framework, the points of focus provided for each principle are intended to provide helpful guidance but are not required to be evaluated separately.
a. Trueb. False
Slide 24
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
The audit committee of an electricity transmission and distribution company meets, at least annually, in executive session to discuss its assessment of the risks of management override of internal control, including motivations, opportunities, and rationalizations for management override and how those activities might be concealed. It also collects information whenever any concerns are expressed about ethics or possible management override of internal controls. The process of questioning continues until resolution is reached.
Source: COSO; Internal Control over External Financial Reporting: A Compendium of Approaches and Examples
Case in Point
Slide 25
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Considers All Structures of the Entity
Establishes Reporting Lines
Defines, Assigns, and Limits Authorities / Responsibilities
Appropriate Structures, Reporting Lines, Authorities and Accountabilities
Points of
Focus
Slide 26
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Defines, Assigns, and Limits Authorities / Responsibilities:•Board of Directors•Senior Management•Management•Personnel•Outsourced Service Providers
Third Point of Focus
Points of
Focus
Slide 27
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• Management periodically considers the impact on the control environment and the importance of effectively segregating duties, as part of reviewing the assignment of authorities and responsibilities
• Job descriptions outlining financial reporting responsibilities are maintained and are updated when necessary when circumstances change
• Management provides sufficient direction to ensure that the appropriate employees recognize their responsibility for internal control and the importance of applying appropriate diligence / business judgment when they carry out their assigned job responsibilities
Principle 3: Suggested Approaches
Slide 28
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
The senior management at a games software developer, has recognized that the company’s recent significant growth is causing many of the roles and responsibilities of its management executives to be no longer relevant. In response, the senior managers have initiated a project to realign responsibilities among its leadership team. The goals are to adequately support financial reporting objectives, with clear lines of reporting supported by new written job descriptions.
Source: COSO; Internal Control over External Financial Reporting: A Compendium of Approaches and Examples
Case in Point
Slide 29
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Establishes Policies and PracticesEvaluates Competence and Addresses ShortcomingsAttracts, Develops and Retains Individuals
Plans and Prepares for Succession
Attract, Develop and Retain Competence
Points of
Focus
Slide 30
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• Management identifies the required skills and experience necessary to support the entity’s objectives
• Training needs are identified / delivered to targeted personnel
• Senior management evaluates the sufficiency and competency of the personnel involved in recording and reporting financial information and in designing and developing financial reporting systems
Principle 4: Suggested Approaches
Slide 31
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• The Board of Directors identifies essential roles for functioning of the business and, for those roles, management defines succession plans
• Management sets expectations that personnel raise issues or questions relating to the application of defined standards
• Performance evaluation processes and incentives are established to promote expected standards of behavior consistent with entity objectives
Principle 4: Suggested Approaches
Slide 32
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
The bylaws of the board of a metal products company specify the responsibility of the audit committee of the board for reviewing the principal roles and responsibilities of key financial reporting senior management. To this end, the audit committee chair meets annually with the company’s human resources director, chief audit executive, and legal counsel to review the roles, responsibilities, and performance of the various company managers. The review focuses on aligning respective managerial responsibilities with the company’s organization chart.
Source: COSO; Internal Control over External Financial Reporting: A Compendium of Approaches and Examples
Case in Point
Slide 33
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Enforces Accountability Through Structures, Authorities and Responsibilities
Establishes Performance Measures, Incentives, and Rewards
Evaluates Performance Measures, Incentives, Rewards for Ongoing Relevance
Considers Excessive Pressures
Evaluates Performance and Rewards or Disciplines Individuals
Hold Individuals Accountable
Points of
Focus
Slide 34
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• Senior management defines performance measures / rewards aligned with ethical values and inclusive of financial and non-financial measures
• The board of directors and management periodically evaluate appropriateness of performance measures
• Management designs objective employee evaluation and compensation systems that periodically provide individual rewards or disciplinary action
Principle 5: Suggested Approaches
Slide 35
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• Communicating and reinforcing the accountability for responsible conduct of all personnel
• Policies that stress interactions with suppliers, customers, and other external parties reflect fair and honest dealings
• Anomalies in key performance indicators and internal analytical reviews of operational and financial information that could be a potential indicator of fraud or other misconduct are considered
Principle 5: Suggested Approaches
Slide 36
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
A forest products company, structures its bonus plan to have 30% of the potential incentive award directly related to the demonstration of the company’s core values. Information items that the company values are specific comments on how management does or does not reflect values are captured through employee feedback.Source: COSO; Internal Control over External Financial Reporting: A Compendium of Approaches and Examples
Case in Point #1
Slide 37
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Source: COSO; Internal Control over External Financial Reporting: A Compendium of Approaches and Examples
A private company that researches, develops, produces, and markets medical scanning equipment, encourages its employees to identify and submit suggestions for improving internal control, including internal control over financial reporting. Employees are rewarded in the form of company awards and/or cash bonuses for ideas that are used.
Case in Point #2
Slide 38
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• All components must operate together in an integrated manner
• Components are interdependent with a multitude of interrelationships and linkages among them
• Examples of components operating together: − The organization establishes expected standards of conduct
and sets performance incentives within the Control Environment that may impact the assessed level of fraud risk evaluated within Risk Assessment
− The communication of internal control deficiencies as part of Monitoring Activities requires a full understanding of the entity’s structures, reporting lines, authorities and responsibilities as set forth in the Control Environment
Interdependencies with Other Components
Slide 39
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• For established companies, existing documentation must be converted to the principles-based approach− For the Control Environment, the 7 factors under the original
1992 version can be organized easily under the 5 principles
• A separate ICEFR compendium may be useful to companies complying with Sarbanes-Oxley− For newly public companies or IPO companies, the ICFRE
Compendium provides useful guidance for getting started
− For established companies, use the ICEFR Compendium selectively or in situations involving changes in conditions and processes
Implications to Sarbanes-Oxley Applications
Slide 40
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Polling Question 4
To support a conclusion that internal control is effective, all components must be present and functioning and operate together.
a. Trueb. False
Slide 41
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
• The explicit listing of underlying principles increases the framework’s utility
• The control environment has a pervasive impact on the overall system of internal control
• A strong control environment positions organizations to respond and adapt to internal and external pressures
• Organizational culture supports and is influenced by the control environment
In Conclusion
Slide 42
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Slide 43
Principles and Points of Focus: The New Framework 2013: What YOU Need to Know
Thank you for your participation!
In 2-3 business days, a follow-up emailwill provide instructions on accessing
your CPE credits.
Our series continues… COSO 2013 : What YOU Need to Know – Control Environment
Thursday, October 17 at 12:00 p.m. Eastern