COSO Based Internal Auditing (Implementation By Internal Audit)

Focus and Features

The updated COSO Internal Control – Integrated Framework released in the middle of 2013, is intended to supersede the original 1992 version on December 15, 2014. Thus, organizations that have been using or intend to use COSO, should now transition to or adopt the new COSO 2013.

This 3-day seminar is a consolidated but condensed version of the following 3 separate courses on COSO 2013, which normally require a total of 6 days. The shortened version is possible as it is presumed that the participants have solid prior knowledge and experience in applying the original COSO Framework in their company/organization and their COSO-based Internal Audit process.

Understanding the New COSO 2013

A logical starting point is to have solid understanding of COSO 2013, as embodied in the 4 volume document released by the COSO Board. This seminar aims to facilitate participants' understanding of the new COSO 2013 Framework, its basic concepts, and how its principles-based approach can be used as guide in the design, implementation, and evaluation of an internal control system.

Implementing COSO 2013

Equipped with a good understanding COSO 2013, the next logical step is to implement the COSO 2013 Framework in the organization. Critical to a successful COSO implementation is the acceptance and commitment of all the members of the organization, not just the Internal Audit Team. This seminar aims to deepen the participants' understanding of COSO 2013, see best practices in implementing a control model, and how to develop a COSO Implementation or Transition Plan.

2013 COSO Based Auditing

Subsequent to implementing or transitioning an organization into COSO 2013, the next step following a "Plan-Do-Check-Act" management process, is to conduct an assessment of the adequacy and effectiveness of the internal control system. The seminar aims to assist Internal Auditors and other parties charged with the responsibility for the evaluation and continuous improvement of the internal control system in an organization, and how the COSO Frameworks can be used in their evaluation and in the internal audit process.

What You Will Learn

Day 1 - Understanding COSO 2013

Introduction

COSO Background & History

• The COSO Organization & Its Origin
• Overview of COSO Frameworks & Guidance
• Comparative Overview: COSO 2013 vs. COSO 1992

COSO Internal Control – Integrated Framework

• The Need for a Control Model
• COSO Internal Control Fundamental Concepts

Closer Look at COSO Elements

• COSO Categories of Objectives
• Control Environment Principles & Points of Focus
• Risk Assessment Principles & Points of Focus
• Control Activities Principles & Points of Focus
• Information & Communication Principles & Points of Focus
• Monitoring Activities Principles & Points of Focus

Day 2 - Implementing COSO 2013

COSO 2013 Control Mapping

• The 3 Categories of Objectives
• Control Environment
• Risk Assessment
• Control Activities
• Information & Communication
• Monitoring Activities

Evaluating Internal Control

• Requirements for Effective Internal Control
• Overall Assessment of a System of Internal Control
• Assessment Template Walk-Through
• Illustrative Scenarios Applying the Rules of:
• Present, Functioning & Operating in an Integrated Manner
• Deficiency, Major Deficiency, Material Weakness

Day 3 – COSO Based Auditing

COSO-Based Auditing Application

• Internal Audit Process
• Entity & Activity Level Evaluations
• COSO-Based Audit & Engagement Planning
• Implementation Best Practices

Summary & Next Steps

• Next Steps and Action Plans
• COSO Mapping Results & Gap Analysis
• Implementation & Transition Project Planning
• Self-Assessment & Revisit of Objective

COURSE PREREQUISITES:

1. Participants should already have good working knowledge of the original COSO 1992 as applied in the internal audit process, and some familiarity with COSO 2013.

2. Documentation and Presentation of your organization's current COSO-Based Auditing Process, Tools & Techniques

• Strategic, Business & Annual Audit Planning Processes
• Internal Audit Risk Assessment Process
• Mapping of Current Internal Controls into the COSO 1992 Components

3. Audit Engagement Process - Planning, Fieldwork, Communicating, Monitoring, & QAIP

4. Pre-work required:

• Participants identify a Business or Functional Unit actual audit engagement which they can use as their "live case study" for purposes of illustration:
• Mapping controls into the COSO Components, Principles & Points of Focus
• Evaluating Internal Controls
• The following information should be available for discussion at the Entity/Corporate, Business/Functional Unit, and Process Levels
• Objectives, Risks & Controls
• Risk Management Framework