Internal Control Integrated Framework Overview
The Framework views all components of internal control as suitable and relevant to all entities, and therefore requires that all components be present and functioning and operating together in an integrated manner. Evaluating whether each component of internal control is present and functioning and whether the components are operating together requires consideration of how components are being applied by the entity within the system of internal control. Each of the five components operating together help to collectively reduce, to an acceptable level, the risk of not achieving an objective. When a component is deemed not to be present and functioning, or when components do not operate together, a major deficiency exists.
Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated activities such as authorizations and approvals, verifications, reconciliations, and business performance reviews. Segregation of duties is typically built into the selection and development of control activities. Where segregation of duties is not practical, management selects and develops alternative control activities.
The course is an overview of the Internal Control Integrated Framework, 2013. The concepts and applications of the new Framework are explored with cases and exercises for practical understanding. The objective of the course is for participants to gain a basic understanding and solid foundation of the concepts, principles and points of focus for each of the components of the Internal Control Integrated Framework.
The course explores the complexities of the Framework from an overview perspective. A short overview of the 1992 Framework is presented in order to compare and contrast the definitions, concepts and approaches of the new Framework. Participants familiar with the prior Framework will be able to add to their knowledge and convert their perspectives to the principles based approach of the new Framework. Those with no prior exposure will be able to acquire a firm understanding of the Framework. This course serves as a prerequisite for the courses dealing with the detailed applications of each of the specific components.
The course was written by Michael L. Piazza, who is the primary presenter for the course. If date conflicts arise, the client will be given the option of a secondary instructor.
Who Should Attend:
Anyone in an organization who designs, implements, applies or reviews internal control will greatly benefit from the course and applications. These include: administrators; accountants; finance officers; managers; risk management officers; quality assurance personnel; internal auditors; and anyone providing assurance to internal control and risk management effectiveness.
Course Agenda Day One
9:00 - 10:15
Course Overview and Introductions:
Course outline with materials and case studies are presented to engage participants in the course direction and outcomes. Participants are asked to present their information and personal/professional expectations and objectives for the course.
10:30 - 10:45
Authoritative Pronouncements Requiring Internal Control Frameworks and Assurance:
An overview of the Sarbanes Oxley Act from the United States and the Institute of Directors of South Africa King III Report is accomplished to establish specific references of the external forces for internal control development, implementation and assurance of effectiveness.
10:45 - 11:15
Internal Control/Management Function Defined
Participants are invited to state their (or their organization's) definition of internal control.
Definitions from authoritative pronouncements are reviewed to establish a focus of the definition of internal control to be used as a working definition for the seminar.
11:15 - 11:30
The Committee of Sponsoring Organizations (COSO) Frameworks
The generally accepted authoritative frameworks for internal control and enterprise risk management are the publications and related pronouncements of COSO. Both models serve as the foundation for the course and will be explored in overview to establish the relationship between governance, risk and control.
11:30 - 12:00
COSO Internal Control Integrated Framework 1992 and 2013:
A brief review of the long standing 1992 Framework is explored. Comparison of the changes and additions to the new Framework is analyzed and explained. Emphasis is given to the change from "Factors" in the prior Framework to the "Principles" based approach of the 2013 Framework. The application of "points of focus" supporting the principles is explained.
1:00 - 2:45
Components of the COSO Internal Control - Integrated Framework:
The five components of the COSO Internal Control Integrated Framework are reviewed: Control Environment; Risk Assessment; Control Activities; Information and Communication; Monitoring Activities. The summary, definition and principles for each component are delineated.
3:00 - 4:30
The Control Environment:
Factors of the Control Environment are studied to establish a basis for understanding the responsibilities of all levels of the organization for internal control development and implementation. Special emphasis is placed on governance relationships to internal control monitoring and assurance. Case introduced with initial work on mission, goals and objectives.
Course Agenda Day Two
9:00 - 10:15
Increased emphasis is given to the objective setting process in the new Framework. Categories of objectives are restated to be simply: operations; reporting; and compliance. Reporting objectives have been recategorized as internal reporting and external reporting with divisions in each related to financial and non-financial. All categories of objectives and the objectives setting process is thoroughly covered.
10:30 - 12:00
Concepts of risk assessment are covered in depth to establish the foundation for control activities and the related assurance of adequate controls. Short cases are used for the participants to formulate a series of risks associated with the objectives stated in the case. Stakeholder analysis is emphasized to elaborate on the tenants of governance responsibilities.
1:00 - 2:45
The crux of the internal control framework is the construction of control activities to address risks enumerated in the risk assessment. Control activity concepts will be explored in relation to responsibility and authority of control objectives and development. Case continues as participants devise controls activities to address the risks defined in the prior section.
3:00 - 3:45
Information & Communication and Monitoring Activities:
The continuation of the control framework is ongoing and periodic monitoring. Management, employees and other functional organizational members exhibit ongoing monitoring. Internal audit, external audit and other specialists perform periodic monitoring of internal controls. These activities are applied in the case to determine the foundation for acceptable controls assurance.
3:45 - 4:30
Summary, Discussion and Conclusion:
The concepts and applications are reviewed to summarized the internal control integrated framework. Participant objectives and challenges are addressed.
Purchase and Schedule a Course Offering:
PDA courses are offered through the Institute for Internal Controls (IIC). To have an IIC representative contact you about conducting the course at your organization or chapter, please complete the Request for Information form. An IIC representative will contact within one business day to discuss the details and arrange a course date that suites your organization's needs.
The course can be modified for custom presentation including organizational specific cases, examples and concepts. A $5,000 customization fee covers all conversions and customizations and a one day consulting trip to the client location for interviews and sample analysis.