Description
Introduction
This implementation guide which may be especially helpful to those who have not yet experience with implementing the COSO Framework will explore how financial institutions can apply the COSO Framework to evaluate their existing internal control structure, implement controls to assist in mitigating significant risks, and optimize the effectiveness of their control environments, governance, compliance, management, and assurance functions.
Objectives
The model COSO is extensively used by big corporations, banks and Central Banks in the World. COSO objectives help to implement an effective internal control system, the following five components work to support the achievement of an entity’s mission, strategies and related business objectives:
1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring
These components work to establish the foundation for sound internal control within the company through directed leadership, shared values and a culture that emphasizes accountability for control. The various risks facing the company are identified and assessed routinely at all levels and within all functions in the organization. Control activities and other mechanisms are proactively designed to address and mitigate the significant risks. Information critical to identifying risks and meeting business objectives is communicated through established channels across the company. The entire system of internal control is monitored continuously, and problems are addressed timely. COSO is used as an audit methodology to structure the critical approach of the auditor and share the same language with the Board, Management and the 3 lines of defense.
At the end of the sessions, participants will be able to
· Assess a system of internal control including the 3 lines model (IIA)
· Apply key points related to the principles-based approach.
· Recognize ways to identify, assess and respond to risks in your organization.
· Identify areas for improvement based on the results of assessing internal control.
· Improve the audit approach used in your bank
Prepare a comprehensive audit plan and audit and control universe
Programme
This content will be divided in 4 sessions of 3.5 hours each delivered via a virtual classroom.
The COSO framework
· Origin
· The COSO cube
· Components and principles of internal controls
· Benefits of the COSO framework
COSO and the responsibilities of the 3 lines of defence
· Role of the first line of defence
· Roles of the second line of defence
· Roles of Audit
Challenging approach with the 5 lines of defence
· The tone of the organization
· Business unit management and process owners
· Independent risk management and compliance functions
· Internal assurance providers
· Board risk oversight and Executive management
Approaching the COSO framework implementation
· Phase 1: Planning & scoping
· Orientation
· Planning
· Scoping
· Meeting with external auditor
· Communicating the plan
· Phase 2: Assessment and documentation
· Assessing the existing control structure
· Fraud risk assessment
· Documenting current process and controls
· Example of risk and control matrix
· Performing the gap assessment
· Phase 3: Remediation planning and implementation
· Remediation
· Remediation implementation
· Phase 4: Design, testing and reporting of controls
· Selecting controls for testing
· Design test of controls
· Perform test of controls and reporting
· Phase 5: Optimization of effectiveness of internal control
· Alignment of risk and controls to the strategy and objectives of the organization control structures
· Preventive vs detective controls
· Manual versus automated controls
· Continuous monitoring
· Determining the root causes of control failure
Conclusion
Target Audience
Internal auditors (all levels), operational risk analysts, compliance officers, business controllers, senior & middle level management officers who want to learn about the involvement of audit in the governance process.
Preferred: at least 3 years’ experience in Audit and/or business control of bank’s processes, operations, procedures and organization.
Modalities
Course Material
Please note that for environmental reasons no paper version of the training material will be provided for your training. The course material can be downloaded free of charge via your portal before the start of the course (download the Client Portal User’s Guide here ). You will be able to view it on the screen of your mobile device or print it if necessary. If your registration has been made by a training manager of your company please contact him/her so that he/she can give you access to it or send it to you.
Exam
No exam is available for this course.
Contact
For further questions please contact our partner in your country