top 5 pitfalls to avoid implemeting coso 2013

2012 Regulatory update

Compliance Made Simple ©

Compliance Made Simple © 2

Agenda

COSO 2012 Massive ProjectMajor Concerns - ACTop 5 PitfallsHow to WIN!


COSO 2012 Project Participants

COSO Board of Directors

COSO Advisory Council

• AICPA• AAA• IIA• FEI• IMA• Regulatory Observers• Public Accounting Firms• Others (IFAC, GAVI Alliance,

ISACA)

PwCAuthor and Project

Leader

Stakeholder Input

Survey of over 700 stakeholders and users of the 1992 Internal Control – Integrated Framework


What’s Staying & What’s Leaving?

What is not changing... What is changing...

1. Definition of internal control

2. Five components of internal control

3. The fundamental criteria used to assess effectiveness of systems of internal control

4. Use of judgment in evaluating the effectiveness of systems of internal control

1. Codification of principles with universal application for use in developing and evaluating the effectiveness of systems of internal control

2. Expanded financial reporting objective to address internal and external, financial and non-financial reporting objectives

3. Increased focus on operations, compliance and non-financial reporting objectives based on user input

Compliance Made Simple © (see appendix for AICPA Toolkit changes)

5

A changing business environment...

Drives updates to the Framework...

Expectations for governance oversight

Globalization of markets and operations

Changes in business models

Demands and complexity of rules, regulations and standards

Expectations for competencies and accountabilities

Use and reliance on evolving technology

Expectations for preventing and detecting fraud

Updated COSO Cube

COSO-2012: Summary of UpdatesNot

limited to FINANCIA

L


Agility

Cla

rity

Confidence

Benefits of the Updated Framework Management

and Board of Directors

Other

Users

External Parties

Performance

• Improve governance

• Expand use beyond financial reporting

• Improve quality of risk assessment

• Strengthen anti-fraud efforts

• Adapt controls to changing business needs

• Greater applicability for various business models

Control Environment

Risk Assessment

Control Activities

Information & Communication

Monitoring Activities

COSO 2012: CODIFICATION OF 17 PRINCIPLES

1.Demonstrates commitment to integrity and ethical values2.Exercises oversight responsibility3.Establishes structure, authority and responsibility4.Demonstrates commitment to competence5.Enforces accountability6.Specifies relevant objectives7.Identifies and analyzes risk8.Assesses fraud risk9.Identifies and analyzes significant change

10.Selects and develops control activities11. Selects and develops general controls over technology12.Deploys through policies and procedures

13.Uses relevant information14.Communicates internally15.Communicates externally

16.Conducts ongoing and/or separate evaluations17.Evaluates and communicates deficiencies

C O M P L I A N C E M A D E S I M P L E © 7

COSO 2006 Vs. 2012 (proposed)


New Fraud Considerations Changes to “Oversight functions” In-Depth questions regarding forecasting

impact of changes to ICFR and Operations

Major Impact to A/C


AICPA Gold StandardPart I: Audit Committee Administration Audit Committee Roles and ResponsibilitiesAudit Committee Charter MatrixAudit Committee Financial Expert Decision TreeSample Request for Proposal Letter for CPA Services (Public Company)AICPA Peer Reviews and PCAOB Inspections of CPA Firms: An OverviewGuidelines for Hiring the Chief Audit Executive (CAE)Engaging Independent Counsel and Other Advisers

Part II: Key Responsibilities Part III: Performance Evaluation Part IV: Other Tools

Template Type of Change that may be Expected

#1 AC Member role & responsibilities.

Minor updates related to AC members role to assist the BOD in its role of oversight for internal control and other whistleblower findings and their investigation and related action implementation including the consideration of the impact of a board members continued social relationship with company executives.

#2 AC Charter Minor updates related to investigative authority and its implementation by the AC.

#7 Engaging CouncilMinor updates as they relate to consideration of long standing social relations and their impact on independence in the light of the current SEC filings based on the Dodd-Frank Act.

#8 Internal Control Major updates to align the principles and attributes under each of the 5 areas of COSO based on the new Integrated Framework.

#9 – Fraud Responsibilities Minor (core issues have already been addressed)

#10 WhistleblowerModerate –(needs to include in the template/log how to track when SEC investigations have come to attention of Audit Committee)

#12 Executive SessionMinor updates to the suggested questions to include queries related to assessment and impact of significant changes on the internal controls.

#14 Responding to ID of Material Weakness

Moderate – (needs to update language for needs of Dodd-Frank related issues)

#15 – Evaluating the Internal Audit Team

Moderate (currently no mention of Whistleblower complaint analysis or material weakness follow-up, this could be issues for AC given the new Dodd-Frank act)

#17 Self Evaluation Minor update related to AC responsibilities per the Dodd Frank Act.

Appendix A

Dodd-Frank Act: PoteAICPA Tool Kit Impact on AC Toolkit by AICPA


Top 5 Implementation Pitfalls

1.Pitfall – Deliverables Not Defined

40% of projects fail completely (failure defined as not delivered expectations or unusable1)

1 Standish Group's 1996 IT survey



2. Pitfall – No Link

Over 90% of strategies never meet fulfillment of original intent2.

Primary driver – planning never linked to key deliverables and overall quantifiable impact. (i.e. # of key controls drops by 10%, External auditor use of IA work increase by 15%, ELC controls reduce 25% of detailed transaction testing)

Key Success formula Motivation=Project SUCCESS!2a

2 JP Kotter, “Leading Change: Why Transformation Efforts Fail,” Harvard Business Rev., Mar.-Apr. 1995, pp. 59-672 a Data on 290 completed projects from software engineering practitioners based in Australia, Chile, and USA. By June Verner



3. Pitfall – CultureMulti-Location Organizations have over 80% of

projects fail because of cultural issues3. (Rolls Royce Case Study)

Primary drivers 1. People don’t do as they say2. Ineffective leaders3. Competing Priorities4. Insufficient resources

3 Enterprise information systems projectimplementation:: A case study of ERP in Rolls-Royce Yahaya Yusufa, , , A Gunasekaranb, Mark S Abthorpec

http://www.sciencedirect.com/science/article/pii/S0925527303002974





4. Pitfall – Insufficient Resources

People are the most unstable set of resources (i.e. change position, turnover, CPE, life changes) and major projects typically under estimate over 86% the need of “human resources) on all project4.

Primary drivers 1. Budget – Ineffective (incorrect assumptions)2. Infrequent Timeline reviews3. Timeliness of budget vs. actual corrections

4 Project management effectiveness: The Choice - formal or informal controls, University of Canberra, Susilo, A. Heales, J. Rohde, F.



5. Pitfall – “Team B” Syndrome

87% of C-Level Execs know the team leader function but NOTHING ELSE.5

Staff augmentations without clear sense of futureSubcontactors never fully integrated within the

project much less the organization

5 “Modern Approach” by Petty, 2009; Juli, 2010


1. Discuss cultural issues upfront (what will work and what won’t…& “why”)

2. Create low & high estimates with checks & balances on estimates

3. Accountability structures for project leader and team members

4. Never use Team B for a Top priority project

5. Clearly define deliverables

6. Link Deliverables to people’s performance and overall corporate goals (quantify major categories)

7. Updates on timelines and ETC (estimate to complete by person, by task)

8. Get “perceived percentages” from team members and “weed out” weak players

9. Frequent project updates (more in the beginning and fewer towards end)

10.Present deliverables in a GRAND way!

How to win the COSO Implementation Project?


Sonia Luna, President, [email protected]

700 S. Flower Street #1100Los Angeles, CA 90017P: (213) 250-5700 x206

Contact Information

top 5 pitfalls to avoid implemeting coso 2013

Self Improvement