Implementing COSO 2013:
Real-world Applications & Best Practices


What you will gain from this seminar:

  • A clear understanding of the new framework, what has changed, what is the same
  • Simple guidelines for scoping compliance with SOX or similar financial reporting regulations
  • Practice applying the new framework to a case study company
  • Implementation practices of four leading organizations, taken from an IIA research study conducted by the instructor, James Roth, to be published in early 2016
  • A preliminary assessment of your own organization
  • A game plan for applying the new framework to your organization

Who should attend: CAEs, audit managers, experienced auditors, anyone involved in designing or evaluating internal control
______________________________________________________________________________________________

Two-Day Seminar Outline

What’s the Same and What’s New

  • Why a new Framework?
  • The same: key points in the definition, fundamental concepts, and components
  • What’s changed in the categories of objectives and throughout the framework
  • What’s new: 17 principles and related points of focus
  • Summary of what’s changed (and not)

Control Environment
  • Discussion and analysis of control environment principles and points of focus
  • Application to SOX and similar financial reporting regulations
  • Example from IIA research: Vectren Corporation’s audit of executive leadership team’s behavior
  • Exercise: Identifying control environment strengths and deficiencies in Envirofungi (a case study)
  • Exercise: Preliminary assessment of your own organization: strengths, possible deficiencies, and what more you need to know

Risk Assessment
  • Discussion and analysis of risk assessment principles and points of focus
  • Application to SOX and similar financial reporting regulations
  • Example from IIA research: management assessment and testing of risks and controls in all significant processes and for all objectives, not just financial reporting
  • Exercise: Preliminary assessment of your own organization: strengths, possible deficiencies, and what more you need to know
  • Exercise: Identifying risk assessment strengths and deficiencies in Envirofungi

Control Activities
  • Discussion and analysis of control activity principles and points of focus
  • Application to SOX and similar financial reporting regulations
  • Example from IIA research: Linking every risk and control to a COSO 2013 component, principle, and its points of focus
  • Exercise: Preliminary assessment of your own organization: strengths, possible deficiencies, and what more you need to know
  • Exercise: Identifying control activity strengths and deficiencies in Envirofungi
Information and Communication
  • Discussion and analysis of information and communication principles and points of focus
  • Application to SOX and similar financial reporting regulations
  • Exercise: Preliminary assessment of your own organization: strengths, possible deficiencies, and what more you need to know
  • Exercise: Identifying information and communication strengths and deficiencies in Envirofungi

Monitoring Activities
  • Discussion and analysis of monitoring principles and points of focus
  • Application to SOX and similar financial reporting regulations
  • Example from IIA research: Using COSO 2013 during audit projects and to aggregate results
  • Exercise: Preliminary assessment of your own organization: strengths, possible deficiencies, and what more you need to know
  • Examples from IIA research: Sample monitoring tools for the other components
  • Exercise: Using a monitoring tool to identify strengths and deficiencies in Envirofungi
  • Exercise: Determine whether all components are operating together in an integrated manner at Envirofungi

Summary and Take-aways
  • Quiz on key points
  • Benefits and challenges of implementing or converting to COSO 2013
  • Game plan for applying the framework to your own organization