Description
Introduction
This implementation guide which may be especially helpful to those who have not yet experience with implementing the COSO Framework will explore how financial institutions can apply the COSO Framework to evaluate their existing internal control structure, implement controls to assist in mitigating significant risks, and optimise the effectiveness of their control environments, governance, compliance, management, and assurance functions.
Objectives
The model COSO is extensively used by big corporations, banks and Central Banks in the World. COSO objectives help to implement an effective internal control system, the following five components work to support the achievement of an entity’s mission, strategies and related business objectives:
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
These components work to establish the foundation for sound internal control within the company through directed leadership, shared values and a culture that emphasises accountability for control. The various risks facing the company are identified and assessed routinely at all levels and within all functions in the organisation. Control activities and other mechanisms are proactively designed to address and mitigate the significant risks. Information critical to identifying risks and meeting business objectives is communicated through established channels across the company. The entire system of internal control is monitored continuously, and problems are addressed timely. COSO is used as an audit methodology to structure the critical approach of the auditor and share the same language with the Board, Management and the 3 lines of defence.
At the end of the sessions, participants will be able to:
Assess a system of internal control including the 3 lines model (IIA)
Apply key points related to the principles-based approach.
Recognise ways to identify, assess and respond to risks in your organisation
Identify areas for improvement based on the results of assessing internal control
Improve the audit approach used in your bank
Prepare a comprehensive audit plan and audit and control universe
Programme
The COSO framework
Origin
The COSO cube
Components and principles of internal controls
Benefits of the COSO framework
COSO and the responsibilities of the 3 lines of defence
Role of the first line of defence
Roles of the second line of defence
Roles of Audit
Challenging approach with the 5 lines of defence
The tone of the organisation
Business unit management and process owners
Independent risk management and compliance functions
Internal assurance providers
Board risk oversight and Executive management
Approaching the COSO framework implementation
Phase 1: Planning & scoping
Orientation
Planning
Scoping
Meeting with external auditor
Communicating the plan
Phase 2: Assessment and documentation
Assessing the existing control structure
Fraud risk assessment
Documenting current process and controls
Example of risk and control matrix
Performing the gap assessment
Phase 3: Remediation planning and implementation
Remediation
Remediation implementation
Phase 4: Design, testing and reporting of controls
Selecting controls for testing
Design test of controls
Perform test of controls and reporting
Phase 5: Optimisation of effectiveness of internal control
Alignment of risk and controls to the strategy and objectives of the organisation control structures
Preventive vs detective controls
Manual versus automated controls
Continuous monitoring
Determining the root causes of control failure
Conclusion
Target Audience
Internal auditors (all levels), operational risk analysts, compliance officers, business controllers, senior & middle level management officers who want to learn about the involvement of audit in the governance process.
Preferred: at least 3 years’ experience in Audit and/or business control of bank’s processes, operations, procedures and organization.
Remark
This is an intermediate course. Participants are required to have existing knowledge about COSO 2013 and COSO ERM.
Modalities
Course Material
No course materials are available for this for this course.
Contact
For further questions please contact our partner in your country