Executive's guide to COSO internal controls : understanding and implementing the new framework

Essential guidance on the revised COSO internal controls framework Need the latest on the new, revised COSO internal controls framework? Executive's Guide to COSO Internal Controls provides a step-by-step plan for installing and implementing effective internal controls with an emphasis on building improved IT as well as other internal controls and integrating better risk management processes. The COSO internal controls framework forms the basis for establishing Sarbanes-Oxley compliance and internal controls specialist Robert Moeller looks at topics including the importance of effective systems on internal controls in today's enterprises, the new COSO framework for effective enterprise internal controls, and what has changed since the 1990s internal controls framework. Written by Robert Moeller, an authority in internal controls and IT governance Practical, no-nonsense coverage of all three dimensions of the new COSO framework Helps you change systems and processes when implementing the new COSO internal controls framework Includes information on how ISO internal control and risk management standards as well as COBIT can be used with COSO internal controls Other titles by Robert Moeller: IT Audit, Control, and Security, Executives Guide to IT Governance Under the Sarbanes-Oxley Act, every corporation has to assert that their internal controls are adequate and public accounting firms certifying those internal controls are attesting to the adequacy of those same internal controls, based on the COSO internal controls framework. Executive's Guide to COSO Internal Controls thoroughly considers improved risk management processes as part of the new COSO framework; the importance of IT systems and processes; and risk management techniques.

Preface ix Chapter 1: Importance of the COSO Internal Control Framework 1 The Importance of Enterprise Internal Controls 2 What Are Enterprise Internal Controls? 3 Understanding the COSO Internal Control Framework: How to Use This Book 4 Chapter 2: How We Got Here: Internal Control Background 5 Early Defi nitions of Internal Controls: Foreign Corrupt Practices Act of 1977 7 The FCPA and Internal Controls Today 8 Events Leading Up to the Treadway Commission 9 Earlier AICPA Auditing Standards: SAS Nos. 55 and 78 10 The Treadway Committee Report 11 The Original COSO Internal Control Framework 12 The Sarbanes-Oxley Act and Internal Accounting Controls 15 Notes 28 Chapter 3: COSO Internal Controls: The New Revised Framework 29 Understanding Internal Controls 30 Revised Framework Business and Operating Environment Changes 32 The Revised COSO Internal Control Framework 35 COSO Internal Control Principles 37 COSO Objectives and Business Operations 38 Sources for More Information 40 Chapter 4: COSO Internal Control Components: Control Environment 41 Importance of the Control Environment 41 Control Environment Principle 1: Integrity and Ethical Values 43 Control Environment Principle 2: Role of the Board of Directors 48 Control Environment Principle 3: The Need for Authority and Responsibility 49 Control Environment Principle 4: Human Resource Strengths 51 Control Environment Principle 5: Individual Internal Control Responsibilities 54 COSO Control Environment in Perspective 56 Chapter 5: COSO Internal Control Components: Risk Assessment 59 Risk Assessment Component Principles 60 Risk Identification and Analysis 62 Risk Response Strategies 66 Fraud Risk Analysis 69 COSO Risk Assessment and the Revised Internal Control Framework 70 Notes 71 Chapter 6: COSO Internal Control Components: Control Activities 73 COSO Control Activity Principles 74 COSO Control Activities Today 85 Chapter 7: COSO Internal Control Components: Information and Communication 87 Information and Communications: What Has Changed? 87 Information and Communication Principle 1: Use of Relevant Information 89 Information and Communication Principle 2: Internal Communications 96 Information and Communication Principle 3: External Communications 100 The Importance of COSO Information and Communication 102 Notes 103 Chapter 8: COSO Internal Control Components: Monitoring Activities 105 Importance of COSO Monitoring Internal Control Activities 106 COSO Monitoring Principle 1: Conduct Ongoing and Separate Evaluations 108 COSO Monitoring Principle 2: Evaluate and Communicate Deficiencies 112 COSO Internal Control Monitoring in Perspective 115 Note 115 Chapter 9: COSO Internal Control GRC Operations Controls 117 COSO Operations Objectives 117 Planning and Budgeting Operations Controls 119 IT Systems Operations Controls 123 Operations Procedure Controls and Service Catalogs 133 Importance of COSO Operations Controls 135 Note 135 Chapter 10: COSO Reporting Processes 137 COSO Reporting Objectives 137 COSO External Financial Reporting Controls 139 COSO Internal Financial Reporting Controls 141 COSO External Nonfinancial Reporting Controls 149 COSO Internal Nonfinancial Reporting Controls 149 Importance of COSO Reporting Controls 150 Note 151 Chapter 11: COSO Legal, Regulatory, and Compliance Objectives 153 Importance of Enterprise Compliance Controls 153 Regulatory Compliance Control Issues 155 Internal Controls and Legal Issues 157 Compliance with Professional and Other Standards 158 Chapter 12: Internal Control Entity and Organizational GRC Relationships 161 Internal Controls from an Organizational GRC Perspective 161 Enterprise Governance Overall Concepts 163 Business Entity-Level Internal Controls 167 Divisional and Functional Unit Internal Controls 175 Department- and Unit-Level Internal Controls 178 Organization and GRC Controls in Perspective 179 Note 179 Chapter 13: COSO, Service Management, and Effective IT Controls 181 Importance of IT General Controls 181 IT Governance General Controls 183 IT Management General Controls 184 Client-Server and Smaller Systems General IT Controls 188 ITIL Service Management Best Practices 191 Service Delivery Best Practices 200 Notes 201 Chapter 14: Cloud Computing, Virtualization, and Wireless Networks 203 Internal Controls for IT Wireless Networks 204 Cloud Computing and COSO Internal Controls 208 Storage Management Virtualization 214 COSO Internal Controls and Newer Technologies 215 Note 215 Chapter 15: Another Framework: COSO ERM 217 ERM Definitions and the ERM Portfolio View of Risk 218 The COSO ERM Framework Model 222 Other Dimensions of the ERM Framework 239 COSO ERM and the Revised Internal Control Framework 240 Notes 241 Chapter 16: Understanding and Using COBIT 243 An Executive's Introduction to COBIT 244 Using COBIT to Assess Enterprise Internal Controls 252 Mapping COBIT to COSO Internal Controls 256 Notes 257 Chapter 17: ISO Internal Control and Risk Management Standards 259 Background and Importance of ISO Standards in a Global Commerce World 259 ISO Standards Overview 262 ISO Standards and the COSO Internal Control Framework 269 Notes 270 Chapter 18: COSO Internal Controls in the Board Room 271 Board Decisions and Internal Control Processes 272 Board Organization and Governance Rules 275 Corporate Charters and the Board Committee Structure 276 The Audit Committee and Managing Internal Controls 279 Board Member Internal Control Knowledge Requirements 281 COSO Internal Controls and Corporate Governance 282 Notes 283 Chapter 19: Service Organization Control Reports and COSO Internal Controls 285 Importance of Service Organization Internal Controls 286 Early Steps to Gain Assurance: SAS 70 287 Service Organization Control (SOC) Reports 288 Right-to-Audit Clauses 290 Internal Control Limitations 292 Chapter 20: Implementing the Revised COSO Internal Control Framework 293 Understanding What Is New in the 2013 Framework 293 Transitioning to the New COSO Guidance 295 Steps to Begin Implementing the New COSO Internal Control Framework 296 Index 297