Professional Documents
Culture Documents
Victoria COSO Presentation
Victoria COSO Presentation
What’s different?
FMI – Victoria
December 9, 2013
Agenda
Introductions
Framework comparisons: 1992 vs. 2013 Release
Next steps
Questions and Wrap-Up
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 1
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Introductions
John Heskin
Partner, Risk Consulting
(604) 691-3540
jheskin@kpmc.ca
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 2
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Update Triggers
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 3
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
COSO Framework
There are five key elements outlined in the framework which are represented
below:
COSO 2013
The definition of internal control and these five elements used to assess the
effectiveness of a system of internal controls remain consistent
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 4
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
COSO 2013 Framework – Summary of Changes
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 5
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
2013 Framework Structure
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 6
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Control Environment
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 7
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Risk Assessment
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 8
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Control Activities
10. The organization selects and develops control • Updated discussion on ITGCs from 1992 to
activities that contribute to the mitigation of risks today’s technology .
to the achievement of objectives to acceptable
levels. • Expanded discussion of the relationship between
automated controls and ITGCs and how they link
11. The organization selects and develops general to the business processes.
control activities over technology to support the
achievement of objectives. • Clarifies that control activities are actions
established by policies and procedures rather
12. The organization deploys control activities than the policies and procedures themselves.
through policies that establish what is expected
and procedures that put policies into place.
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 9
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Information and Communication
13. The organization obtains or generates and uses • Obtaining quality information not only from the
relevant, quality information to support the organization, but also from its partners,
functioning of internal control. particularly for subcontracted operations.
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 10
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Monitoring Activities
16. The organization selects, develops, and • Makes the difference between ongoing and
performs ongoing and/or separate evaluations separate evaluations.
to ascertain whether the components of internal
control are present and functioning. • The organization must focus on the criteria
defined by applicable regulations (e.g., Sox,
17. The organization evaluates and communicates 52-109).
internal control deficiencies in a timely manner
to those parties responsible for taking corrective • Deficiencies are grouped into major and other
action, including senior management and the deficiencies.
board of directors, as appropriate.
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 11
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Major Deficiency and Material Weakness
Look across components and principles for mitigating • Cannot conclude that internal controls are
controls to reduce the severity effective under the 2013 Framework if a
material weakness exists
Concept of material misstatement does not exist
■ COSO determined the 2013 Framework will supersede 1992 Framework effective
December 15, 2014
– SEC has not stated a transition date.SEC has stated plans to monitor transition
phase.
– CSA has not made any public statements on transition.
■ Assess the implications of the 2013 Framework as soon as feasible
■ Impact of adopting the updated Framework will vary by entity
■ COSO recommends that entities disclose whether the 1992 or 2013 version of the
Framework was used during the transition period
■ Opportunity to take a fresh look
– at the efficiency and effectiveness of business processes, risk assessments, and
controls responsive to the risks
– at the ICFR assessment prepared under the 1992 Framework
■ Treat 2013 assessment as a “Dress Rehearsal”!
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 13
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Anticipated Impacts – Management Perspective
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 14
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Impact to Management’s Control Certifications
The use of the COSO framework is stated in Canadian quarterly and annual
certifications. COSO FAQ #6 “ The COSO Board believes…that any
application of its Internal Control-Integrated Framework that involves external
reporting should clearly disclose whether the original or 2013 version was
utilized.”
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 15
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Anticipated Impacts – Auditor Perspective
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 16
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Next Steps
■ Understand the guidelines discuss and with management and the board
■ Assess the impacts – current state assessment
■ Document position taken
■ Roadmap to action plans as required
■ Confirm certifiers’ collaboration on approach and extent of work
■ Update your audit committee
© 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with 17
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The information contained herein is of a general nature and is
not intended to address the circumstances of any particular
individual or entity. Although we endeavor to provide accurate
and timely information, there can be no guarantee that such
information is accurate as of the date it is received or that it will
continue to be accurate in the future. No one should act on
such information without appropriate professional advice after
a thorough examination of the particular situation.