پارسی   English   العربیه

Executive's Guide to COSO Internal Controls: Understanding and Implementing the New Framework



Every corporation filing its year-end financial reports must eventually be in compliance with the new COSO 2013 standard just released. A guide written expressly for the executive who needs to get quickly up to speed on the specifics of the new COSO framework and how it's changed from the previous version, Executive's Guide to COSO Internal Controls examines the components of the new COSO 2013 framework, ensuring that you put in place a practical, no-nonsense framework for identifying, planning, delivering, and implementing effective internal controls in your business.

Take a look inside for guidance on:

  • COSO 2013 Internal Controls and Components
  • COSO 2013 Reporting Objectives
  • COSO 2013 Legal, Regulatory. and Compliance Objectives
  • Internal Control Entity and Organizational Relationships
  • COSO 2013, Service Management, and Effective IT Controls
  • Cloud Computing, Virtualization, and Wireless Networks
  • Understanding and Using COBIT
  • ISO Internal Control and Risk Management Standards
  • COSO 2013 Internal Controls in the Boardroom
  • Implementing the Revised COSO 2013 Internal Control Framework

An enterprise at all levels needs to understand the new COSO framework and comply with it as part of its Sarbanes-Oxley attestation, following the required transition rules outlined in the book. Executive's Guide to IT Governance details every aspect of the newly revised COSO framework, giving business executives invaluable guidance on what they and their enterprises need to do to transition to compliance.

ROBERT R. MOELLER, CPA, CISA, CISSP, is an internal audit specialist and project manager with a strong understanding of information systems, corporate governance, and security. He has over twenty-five years of experience in internal auditing, ranging from launching new internal audit functions in several companies to serving as audit director for a Fortune 50 corporation. He held positions with Grant Thornton (National Director of Computer Auditing) and Sears Roebuck (Audit Director). He is the former president of the Institute of Internal Auditors' Chicago chapter and has served on the IIA's International Advanced Technology Committee. He is also the former chair of the AICPA's Computer Audit Subcommittee. Moeller has written six other books.

Preface ix

Chapter 1: Importance of the COSO Internal Control Framework 1

The Importance of Enterprise Internal Controls 2

What Are Enterprise Internal Controls? 3

Understanding the COSO Internal Control Framework: How to Use This Book 4

Chapter 2: How We Got Here: Internal Control Background 5

Early Defi nitions of Internal Controls: Foreign Corrupt Practices Act of 1977 7

The FCPA and Internal Controls Today 8

Events Leading Up to the Treadway Commission 9

Earlier AICPA Auditing Standards: SAS Nos. 55 and 78 10

The Treadway Committee Report 11

The Original COSO Internal Control Framework 12

The Sarbanes-Oxley Act and Internal Accounting Controls 15

Notes 28

Chapter 3: COSO Internal Controls: The New Revised Framework 29

Understanding Internal Controls 30

Revised Framework Business and Operating Environment Changes 32

The Revised COSO Internal Control Framework 35

COSO Internal Control Principles 37

COSO Objectives and Business Operations 38

Sources for More Information 40

Chapter 4: COSO Internal Control Components: Control Environment 41

Importance of the Control Environment 41

Control Environment Principle 1: Integrity and Ethical Values 43

Control Environment Principle 2: Role of the Board of Directors 48

Control Environment Principle 3: The Need for Authority and Responsibility 49

Control Environment Principle 4: Human Resource Strengths 51

Control Environment Principle 5: Individual Internal Control Responsibilities 54

COSO Control Environment in Perspective 56

Chapter 5: COSO Internal Control Components: Risk Assessment 59

Risk Assessment Component Principles 60

Risk Identification and Analysis 62

Risk Response Strategies 66

Fraud Risk Analysis 69

COSO Risk Assessment and the Revised Internal Control Framework 70

Notes 71

Chapter 6: COSO Internal Control Components: Control Activities 73

COSO Control Activity Principles 74

COSO Control Activities Today 85

Chapter 7: COSO Internal Control Components: Information and Communication 87

Information and Communications: What Has Changed? 87

Information and Communication Principle 1: Use of Relevant Information 89

Information and Communication Principle 2: Internal Communications 96

Information and Communication Principle 3: External Communications 100

The Importance of COSO Information and Communication 102

Notes 103

Chapter 8: COSO Internal Control Components: Monitoring Activities 105

Importance of COSO Monitoring Internal Control Activities 106

COSO Monitoring Principle 1: Conduct Ongoing and Separate Evaluations 108

COSO Monitoring Principle 2: Evaluate and Communicate Deficiencies 112

COSO Internal Control Monitoring in Perspective 115

Note 115

Chapter 9: COSO Internal Control GRC Operations Controls 117

COSO Operations Objectives 117

Planning and Budgeting Operations Controls 119

IT Systems Operations Controls 123

Operations Procedure Controls and Service Catalogs 133

Importance of COSO Operations Controls 135

Note 135

Chapter 10: COSO Reporting Processes 137

COSO Reporting Objectives 137

COSO External Financial Reporting Controls 139

COSO Internal Financial Reporting Controls 141

COSO External Nonfinancial Reporting Controls 149

COSO Internal Nonfinancial Reporting Controls 149

Importance of COSO Reporting Controls 150

Note 151

Chapter 11: COSO Legal, Regulatory, and Compliance Objectives 153

Importance of Enterprise Compliance Controls 153

Regulatory Compliance Control Issues 155

Internal Controls and Legal Issues 157

Compliance with Professional and Other Standards 158

Chapter 12: Internal Control Entity and Organizational GRC Relationships 161

Internal Controls from an Organizational GRC Perspective 161

Enterprise Governance Overall Concepts 163

Business Entity-Level Internal Controls 167

Divisional and Functional Unit Internal Controls 175

Department- and Unit-Level Internal Controls 178

Organization and GRC Controls in Perspective 179

Note 179

Chapter 13: COSO, Service Management, and Effective IT Controls 181

Importance of IT General Controls 181

IT Governance General Controls 183

IT Management General Controls 184

Client-Server and Smaller Systems General IT Controls 188

ITIL Service Management Best Practices 191

Service Delivery Best Practices 200

Notes 201

Chapter 14: Cloud Computing, Virtualization, and Wireless Networks 203

Internal Controls for IT Wireless Networks 204

Cloud Computing and COSO Internal Controls 208

Storage Management Virtualization 214

COSO Internal Controls and Newer Technologies 215

Note 215

Chapter 15: Another Framework: COSO ERM 217

ERM Definitions and the ERM Portfolio View of Risk 218

The COSO ERM Framework Model 222

Other Dimensions of the ERM Framework 239

COSO ERM and the Revised Internal Control Framework 240

Notes 241

Chapter 16: Understanding and Using COBIT 243

An Executive’s Introduction to COBIT 244

Using COBIT to Assess Enterprise Internal Controls 252

Mapping COBIT to COSO Internal Controls 256

Notes 257

Chapter 17: ISO Internal Control and Risk Management Standards 259

Background and Importance of ISO Standards in a Global Commerce World 259

ISO Standards Overview 262

ISO Standards and the COSO Internal Control Framework 269

Notes 270

Chapter 18: COSO Internal Controls in the Board Room 271

Board Decisions and Internal Control Processes 272

Board Organization and Governance Rules 275

Corporate Charters and the Board Committee Structure 276

The Audit Committee and Managing Internal Controls 279

Board Member Internal Control Knowledge Requirements 281

COSO Internal Controls and Corporate Governance 282

Notes 283

Chapter 19: Service Organization Control Reports and COSO

Internal Controls 285

Importance of Service Organization Internal Controls 286

Early Steps to Gain Assurance: SAS 70 287

Service Organization Control (SOC) Reports 288

Right-to-Audit Clauses 290

Internal Control Limitations 292

Chapter 20: Implementing the Revised COSO Internal Control Framework 293

Understanding What Is New in the 2013 Framework 293

Transitioning to the New COSO Guidance 295

Steps to Begin Implementing the New COSO Internal Control Framework 296

Index 297