coso webinar slides - assessing fraud risk - september 2014

COSO 2013: Assessing Fraud Risk

© 2014 Protiviti Inc. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

2

Today’s Presenters

Keith Kawashima is a Managing Director in Protiviti’s Silicon Valley office. Keith has over 25 years of experience in finance and accounting including 15+ years with Protiviti/Arthur Andersen’s Internal Audit practice and more than 10 years corporate experience in both Finance and Operations prior to joining Protiviti. He has been involved in all aspects of a company’s internal audit function from establishing a charter and developing a risk-based internal audit plan, to developing and executing work programs, through reporting at the audit committee and board level. Email: [email protected]

Keith Kawashima, Managing Director, California

mailto:[email protected]


3


Pamela Verick is a Director in Protiviti’s Investigations & Fraud Risk Management solution. Pam has over 22 years of risk management experience, including creation of fraud governance systems and fraud risk management programs, planning and execution of fraud risk assessments, and conducting investigations to address fraud, misconduct and potential violations of the Foreign Corrupt Practices Act as well as equivalent anti-bribery laws and regulations. She also assists with compliance and ethics programs for both the public and private sector. Email: [email protected]

Pamela Verick, Director, McLean, Virginia




4


Scott Moritz is the leader of Protiviti’s Fraud, Anti-Corruption and Investigations practice. He has more than 27 years of investigative and regulatory compliance experience working with a variety of organizations, government and regulatory agencies to identify, triage, investigate and remediate a wide variety of risks. With extensive experience investigating transnational crime, corruption and money laundering, Scott is widely regarded as a leading authority on the evaluation, design, remediation, implementation and administration of corporate compliance programs, codes of conduct, training and internal audit programs. Email: [email protected]

Scott Moritz, Managing Director, New York



5


Jeff Tecau is a Director with Protiviti in Orlando, FL and has 16 years of Audit and Consulting experience. At Protiviti, Jeff has focused on internal auditing and financial and accounting related consulting and helps lead Protiviti’s Internal Audit and Financial Advisory practice in the Florida market. Prior to Protiviti, Jeff spent time in external audit with PricewaterhouseCoopers and was a Senior Analyst in the Financial Planning and Analysis group of a Fortune 500 energy companyEmail: [email protected]

Jeff Tecau, Director, Orlando



6

Today We Will Cover…

Fraud Principle 8

Historic View of Fraud Documentation for SOX

Fraud Risk Assessment Frequently Asked Questions

Fraud Risk Assessment Case Study

Historic View of Fraud Documentation for SOX


8

Common Definitions of Fraud

Any illegal acts characterized by deceit, concealment or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by parties and organizations to obtain money, property or services; to avoid payment or loss of services; or to secure personal or business advantage.

- Institute of Internal Auditors

All means by which one individual can get an advantage over another by false suggestions or suppression of the truth. It includes all surprise, trick, cunning or dissembling, and any unfair way by which another is cheated.

- Black’s Law Dictionary

“

”

”

An intentional act that results in a material misstatement in financial statements that are the subject of an audit. Two types of misstatements are relevant to the auditor’s consideration of fraud: fraudulent financial reporting and misappropriation of assets.

- AU Sec. 316 / Statement on Auditing Standards No. 99 (“SAS 99”)

“

”

The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.

- 2014 Report to the Nations on Occupational Fraud and Abuse

“

”

“

Any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and / or the perpetrator achieving a gain.

- Managing the Business Risk of Fraud: A Practical Guide

“

”


9

Fraud Assessment Embedded Within Overall Risk Assessment

Phase I: Assess Current State and

Identify Relevant Processes

Phase II:Document Critical

Processes and Controls

Phase III:Evaluation &

Testing Controls

Phase IV: Remediation of

Control Weaknesses

Set Foundation

Project Management Knowledge Sharing Communication Continuous Improvement

Planning & Scoping Stage Design, Document, & Testing Stage

Select financial reporting elements

Define control units

Prioritize financial reporting elements

Define process classification scheme

Link business processes to priority financial reporting elements

Select and prioritize business processes

Inventory existing policies & procedures

Map processes to locations

Select processes and controls to document and test

Baseline reports

Consider controls across all levels

• Entity-level

• Process level

• IT controls

• Anti-fraud

• Outsourced processes


10

Linking to Key Business Processes

Equity Fln Report Fixed Assets Inventory Payroll Procure to Pay Revenue Tax Treasury IT

Stock Comp and Administration

Recording Stock Compensation

Presentation and Disclosure

Overall

Period-end Close

Consolidation

Financial Reporting and Disclosure

Overall

Asset Acquisition/Capitalization

Asset Depreciation

Asset Disposal

Asset Management

Overall

Standard Cost

Inventory Valuation

Inventory Reserves

Inventory Management

Overall

Employee Master File Maintenance

Payroll Master File Maintenance

Time and Expense Reporting

Payroll Processing and Recording

Incentive Compensation

Overall

Purchasing

Receiving

Accounts Payable and Cash Disbursements

Manage Travel & Entertainment Expense

Month-end Accrual

Overall

Order Management

Revenue Recognition(Shipping & Billing)

AR Aging & Collections

AR Reserves

Revenue Reserves

Overall

Income Taxes, Sales & Use Taxes and Property Taxes

Overall

Cash Management

Investments

Borrowings

Overall

IT - General Controls

Overall

L M M M M M M M L L L L L M M M M M M M M M M M L L M M M M H H H H H H M M M M M M M M

M M L M M M H M M M

ASSETS

CURRENT ASSETS

Cash and cash equivalents M M M M M M M M M M M M M M M M M M

Short Term Investment M M M M M M

Account Receivable H H H H H H H

Allowance for accounts receivable H H H H H

Accounts receivable, net of allowances

Raw Materials

Inventory Material in transit

Finished Goods M M M M M M

Inventory reserve M M

Inventories


11

• Controls specifically established to prevent and detect fraud that is reasonably possible to result in a material misstatement of the financial statements

• Identification of specific controls that mitigate the risk of material fraud within key processes

Scope of Anti-Fraud Program

Evaluation should take place at both the Company level and the Process level

Misappropriation of assetsEmbezzlement and theft that could materially affect the financial statements

Expenditures and liabilities incurred for improper or illegal purposes

Bribery and Influence payments that can result in reputation loss

Fraudulently obtained revenue and assets and/or avoidance of costs and expenses

Scams and tax fraud that can result in reputation loss

Fraudulent financial reportingInappropriate earnings management or “cooking the books” - e.g., improper revenue recognition, intentional overstatement of assets, understatement of liabilities, etc.


12

Audit Standard 5 (“AS5”)Fraud Considerations

Focus on potential fraud that could result in a material misstatement of the financial statements

Management is responsible to prevent, detect, and deter fraud

Anti-fraud control deficiencies are considered at least a significant deficiency

Identification of fraud on the part of senior management (whether or not material) is an indicator of a material weakness


13

Documentation Objectives

• The PCAOB required objectives for documentation are:

– Understand the flow of transactions related to relevant assertions

– Verify that all points have been identified within the company’s processes at which a misstatement could arise that, individually or in combination with other misstatements, would be material

– Identify the controls that management has implemented to address these potential misstatements

– Identify the controls that management has implemented over the prevention or timely detection of unauthorized acquisition or disposition of the company's assets that could result in a material misstatement of the financial statements

• Process documentation is used by external auditors for walkthroughs


14

Which SOX Requirements Have FCPA Implications?

SOX Section 302 - Responsibility of Corporate Officers for the Accuracy and Validity of Corporate Financial Reports

SOX Section 404 - Reporting on the State of a Company’s Internal Controls over Financial Reporting

SOX Section 802 - Criminal Penalties for Altering Documents

Referenced From A Resource Guide to the U.S. Foreign Corrupt Practices Act Department of Justice and Securities and Exchange Commission (2012)

Fraud Principle 8


16

What’s Driving Today’s Fraud Risk Assessment Activities?

COSO Internal Control – Integrated Framework – Principle 8 (May 2013)

The organization considers the potential for fraud in assessing risks to the achievement of objectives. This includes management’s

assessment of the “risks relating to the fraudulent reporting and safeguarding of the entity’s assets,” along with “possible acts of

corruption” by entity personnel and outsourced service providers.

Managing the Business Risk of Fraud: A Practical Guide (July 2008)

Non-binding guidance on topic of fraud risk management issued in collaboration

between IIA, AICPA and ACFE. Includes consideration of fraud risk assessment.

IIA Standard 2120.A2 (January 2009)

The internal audit activity must evaluate the potential for the occurrence for fraud and how the organization manages fraud risk.

IIA Standard 1210.A2 (revised January 2009)

Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary

responsibility is detecting and investigating fraud.


17

Evolving Perspectives on Fraud Risk

Fraudulent Financial Reporting

Misappropriation

of Assets

PCAOB

AS5,

AU Sec.316,

SAS 99Fraudulent Reporting

Safeguarding

of Assets

Corruption

Management Override

COSO 2013

Principle 8

“Financial Statements” “Objectives”(Operations, Reporting,

Compliance)


18

COSO 2013 – Principle 8Often Referred to as “Fraud Principle,” “Principle 8” or “Fraud Principle 8”

What it says:

1. “The organization considers the potential for fraud in assessing risks to the achievement of objectives.”

2. Actions conducted under Principle 8 are closely linked to Principle 7 (Identifies and Analyzes Risk).

What it doesn’t say:

1. How fraud should be defined.

Instead, the focus is placed on types of fraud to be considered.

2. What department within the organization should assess fraud risk.

States that risk assessment includes management’s assessment of the risks related to the fraudulent reporting and safeguarding of assets, as well as possible acts of corruption.

3. Which techniques should be used to assess fraud risk.

No specific fraud risk assessment methodology is prescribed.


19

COSO 2013 – Principle 8Linkage with Principle 7

Principle 7

Risk Assessm

ent

Principle 8

FraudRisk Identification

Risk Analysis

Risk Response


20

COSO 2013 – “Fraud Principle 8”Key Driver in Today’s Fraud Risk Assessment Activities

• POF 31: Considers various types of fraud

• POF 32: Assesses incentives and pressures

• POF 33: Assesses opportunities

• POF 34: Assesses attitudes and rationalizations

• Many organizations have integrated their assessment of fraud risks and controls with their ICFR assessment

• Approach to addressing will depend on how effectively the organization has considered and documented fraud risk in the past

• For those that have documented controls to address common fraud scenarios, this could be incorporated into the mapping:

‒ Inventory elements of the fraud risk management program currently in place (entity level)

‒ Document an overall summary of significant fraud risks (process level), along with assessment of their likelihood and potential impact

• Reconsider the existing fraud risk management program in context of current fraud risk profile


21

Factors Impacting Fraud Risk – COSO 2013 – Fraud Principle 8Key Characteristics Reflect “The Fraud Triangle”

OPPORTUNITYRefers to the ability of an

individual or group to “actually acquire, use or dispose of assets,

which may be accompanied by altering the entity’s records.” Often driven by thought that activities will be undetected,

opportunity is created by weak control and monitoring activities, poor management oversight, and management override of control.

ATTITUDES AND RATIONALIZATIONS

Can more easily rationalize, or justify, committing fraud based on

perception, right or wrong, of company’s fraud philosophy, state

of its internal control framework and “how business is done.”

INCENTIVE / PRESSUREIncentives to commit fraudulent acts or pressures that result in the intentional loss of assets, fraudulent reporting or

corruption.

THE FRAUD TRIANGLE


22

Elements of Fraud Risk Management ProgramSample Entity Level Control Activities

Control Environment

• Board / Audit Committee Oversight • Management roles and responsibilities • Code of Business Conduct• Conflicts of Interest Policy• Fraud Control Policy• Investigation Protocols / Policy• Ombudsman Program• Whistleblower Policy

Risk Assessment • Fraud risk assessment (including corruption / bribery)

Control Activities • Due diligence (employees and third parties)

Information & Communication

• Reporting mechanisms, including hotline• Ethics training• Fraud awareness training

Monitoring Activities

• Continuous monitoring (i.e., management)• Fraud/ ethics audit procedures (i.e., Internal Audit, Compliance)• Investigation / case management system• Discipline / remediation• Quality assurance review


23

COSO 2013 - Fraud Principle 8Types of Fraud

Fraudulent reporting – occurs when an organization’s reports are intentionally prepared with omissions or misstatements.

Safeguarding of assets – refers to protection from the unauthorized, inappropriate and intentional acquisition, use or disposal of organization’s assets.

Corruption – involves improper use of an employee’s influence in business transactions which violates duty to employer for purpose of obtaining benefit for themselves or someone else.

Management override – describes actions in which internal controls are intentionally overridden for an illegitimate purpose.


24

COSO 2013 – Fraud Principle 8Fraudulent Reporting – Examples of Common Fraud Scenarios

Fraudulent Non-Financial Reporting

Misappropriation of Assets

Illegal Acts

2

3

4

Fraudulent Financial Reporting1


25

COSO 2013 – Fraud Principle 8Safeguarding of Assets – Examples of Common Fraud Scenarios

Inappropriate use benefits an individual or group2

Unauthorized and willful acquisition, use or disposal of assets or other resources1


26

COSO 2013 – Fraud Principle 8Management Override – Examples of Common Fraud Scenarios

Significantly influenced by control environment2

Intentional override of internal controls for illegitimate purposes1

Not to be confused with Management Intervention for legitimate purposes3


27

COSO 2013 – Fraud Principle 8Corruption – Examples of Common Fraud Scenarios

Conflicts of Interest

Bribery

Illegal Gratuities

2

3

4

Illegal Acts1

Solicitation5

Fraud Risk Assessment Frequently Asked Questions

(“FAQs”)


29

FAQ 1: Who’s Typically Involved in a Fraud Risk Assessment?

Audit Committee(provides oversight on behalf of Board of Directors)

Project SponsorGeneral Counsel (if privileged)

CFO or Internal Audit Director

Steering Committee(Optional)

C-Suite

Senior Management

Project CoordinatorIA Resource

Controller

ParticipantsAccounting / Finance

Compliance / Legal

Human Resources

Operations (Sales, Marketing, R&D, Engineering, Supply Chain, Plant Manager, etc.)


30

FAQ 2: What Techniques Are Used to Identify Fraud Risk?One or More Work Steps May Be Utilized in Combination / Various Sequences

Document review and analysis

Fraud risk brainstorming session

Fraud risk workshop

Interviews

Survey

Data analysis


31

FAQ 3: What Risk Factors Should Be Considered During Fraud Risk Assessment? Examples include…

• Degree of estimates and judgments in external financial reporting

• Methodology for recording and calculating inventory and shrinkage

• Reductions in allowances• Fraud schemes and scenarios

impacting industry / market sectors

• Geographic regions where the organization conducts business

• Incentives that may motivate fraudulent behavior

• Nature of automation• Unusual or complex

transactions subject to significant management influence, especially period-end

• Poor compliance culture• Lack of management oversight• “Controlling” or “domineering”

management personalities• “Abnormal” management

involvement in selection of accounting principles

• Unusual ratios• Unexpected profitability• Rapid growth compared to

peers• Recurring negative cash flows

during periods of earnings growth

• Last minute transactions• Inconsistencies in gross

margin activity• Unsupported pricing discounts

• Intentional inaccuracies or omissions in financial statements

• Recording sales of goods and services that did not occur

• Omissions of expenses or liabilities

• Capitalized expenses− If capitalized as assets and not

expensed during current period, income will be overstated.

− As assets are depreciated, income in subsequent periods be understated.

• Allowances that do not align with industry practices

• Write-offs for loans to directors, officers and management

• “Shifting” expenses between entities

• “Off-books” accounts / “off balance sheet” entities


32

FAQ 4: What Criteria Are Used to Assess Significance and Likelihood of Fraud Risk? Examples include…

Significance / Impact Likelihood / Probability

Low / inconsequential Low or remote

Medium / more than inconsequential Medium or reasonably possible

High / material High or probable

Samples from Client Engagements(“3-box”)

Significance / Impact Likelihood / Probability

Insignificant Rare

Minor Remote

Moderate / serious Reasonably possible

High / major Probable

Major / operational suspension Almost certain

Samples from Client Engagements(“5-box”)


33

FAQ 5: How Do Organizations Document Fraud Risk Assessment Activities? Examples include…

Process Narrative1

Process Map (fraud risk assessment methodology)2

Fraud Risk and Controls Matrix (“Fraud RCM”)3

Report4

Fraud Risk Heat Map5


34

FAQ 6: How Does IT “Fit” Into Types of Fraud Outlined in Principle 8? Examples include…

Fraudulent Reporting

• Proper accounting and reporting of liabilities associated with IT infrastructure, systems and upgrades.

• Appropriate disclosures regarding losses suffered as a result of cybercrime.

Safeguarding of Assets

• Loss of intellectual property, confidential data, sensitive data, personally identifiable information, etc.

• Misuse or abuse of IT network / assets that result in loss of employee time and productivity.

• Intentional misuse / abuse of company’s software licenses.

Corruption

• Bribery and kickbacks involving third parties and employees.

• Illegal gratuities provided to IT personnel following system implementation.

• Extortion related to the security of data and IT infrastructure.

Management Override

• Intentional override of controls to obtain unauthorized or otherwise impermissible access to accounting or information systems.

• Intentional override of controls that results in destruction of electronic files.

Fraud Risk Assessment Case Study


36

Case Study Overview

• Protiviti, acting as outsourced Internal Auditor, performed a fraud risk assessment for a closely held, NASDAQ traded client to evaluate the ways in which fraud could be perpetrated within the company.

• The purpose of the fraud risk assessment was to (1) identify likely fraud scenario risks, (2) identify internal controls, management, or other governance-related activities that mitigate these risks, (3) determine if the controls mitigating these risks were documented in the SOX documentation, and (4) identify control gaps where fraud scenarios are not directly controlled.

• This review focused on the risk assessment and review of control design as represented by management. Testing of the operating effectiveness of controls was not performed as part of this review as a majority of the client’s anti-fraud controls were to be tested later in FY2014 as part of SOX 404.

• As the company had adopted the 2013 COSO Framework for purposes of Sarbanes-Oxley 404 compliance efforts, the 2013 COSO Framework was used to categorize the company’s anti-fraud activities.


37

Components and Principles of Internal Control – Risk Assessment

Risk Assessment

Description: Involves the identification and analysis by management of relevant risks to achieving predetermined objectives.

The 2013 COSO Framework sets out seventeen principles representing the fundamental concepts associated with each component of internal control. The principles supporting the RISK ASSESSMENT component of internal control are:

Risk AssessmentPrinciples

1The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.

2The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.

3The organization considers the potential for fraud in assessing risks to the achievement of objectives.

4The organization identifies and assesses changes that could significantly impact the system of internal control.

AppendixControl ActivitiesRisk Assessment Information & CommunicationControl EnvironmentExecutive Summary Monitoring

Sample Deliverable


38

Fraud Risk Assessment Process Overview

Risk Assessment

Description: Involves the identification and analysis by management of relevant risks to achieving predetermined objectives.

Identify Risk

INFORMATION FOR DECISION MAKING RISK

ENVIRONMENT RISK

FINANCIALCurrency Exposure

Reserves Adequacy

Investment

Treasury/ Cash Management

Taxation

Financial Reporting

Pension Fund Reporting

Regulatory Reporting

Tax Reporting

EMPOWERMENTPerformance Incentives

Leadership

Authority / Limit

Communications

OPERATIONSEnrollment/Disenrollment

Policy Processing

Claims/PDE Processing

Premiums

Rebate Billing

Agent commission processing

Agent performance

Marketing/Product Development

Customer Service

Contracts

Procurement

Project Management

Vendor Management

Member Services

Employee Expertise

Human Resources

INFORMATION TECHNOLOGY

Data Integrity

Data Security/Access

Availability of Information

IT Infrastructure

Program Change Control

System Implementations

PROCESS RISK

GOVERNANCEOrganizational Culture

Ethical Behavior

Board Effectiveness

Succession Planning

REPUTATIONImage & Branding

Direct to Customer Advertising

Stakeholder Relations

Product Integrity & Safety PROCESS INTEGRITYManagement/Employee Fraud

Claims Fraud

Illegal Acts/Unauthorized Use/Abuse

STRATEGIC DECISIONSInsurance Product Portfolio

Business Continuity & DR

M&A Integration

Organization Structure

Key Performance Indicators

Resource Allocation

OPERATIONAL DECISIONSReinsurance

Product/Service Pricing

Bid Modeling

Actuarial Reserve Development

Forecast, Budget, & Planning

REGULATORYSEC

CMS (Medicare/Medicaid)

Federal/StateHIPAA

Suppl. Health Insurance

CUSTOMERDemographic Shifts

Concentration

PreferencesDiscretionary Spending

Awareness

EXTERNALCompetitor

Fraud

Shareholder ExpectationsCapital AvailabilityInvestor Relations

Political

LegalCatastrophic Loss

Healthcare Advancements

COMPLIANCE/LEGALMarket Conduct

Claims/Litigation

Debt Covenants

Remediation

• Review and understand company operations and key fraud risk categories as suggested by management to develop a universe of potential fraud scenarios that may occur

• Conduct interviews with certain members of the Management team

• Conduct limited surveying of the Management team

• Aggregate information, prioritize areas of fraud risk, and conceptualize focus areas

Assess and Prioritize Risk

• Evaluate and prioritize fraud risks on a heat map on an inherent basis according to management commentary and other available information

Select Focus Areas

• Develop an internal control map for fraud focus areas to identify management’s control activities

• Identify internal control recommendations where fraud scenarios are not directly controlled

• Validate and discuss results with Management

Internal Control Mapping

The approach utilized in conducting the fraud risk assessment process:


Sample Deliverable


39

Fraud Inherent Risk Map

Risk Assessment

FINANCIAL REPORTING1 Earnings management

2 Manual journal entries

DISBURSEMENTS3 Improper use of corporate credit cards

4 Payment of false invoices

5 Billing for work not performed/overbilling

6 Creation of ghost vendors

7 Vendor over-allocation of costs

8 Theft/misuse of corporate financial information

PAYROLL15 Falsification of hours worked

16 Unauthorized adjustment of salary/wages

17 Workers compensation claims

18 Failure to remove employees from payroll

19 Duplicate or ghost employees

Likelihood

MEDIUM

LOW

LOW MEDIUM HIGH

HIGH

1

4 5

129

Imp

ac

t

2 67

8 13

PROCUREMENT

9 Awarding of work to related parties

10 Bribery/kickback to award bids

11 Bid rigging

12 Split purchases to avoid delegation of authority

13 Material ordered in excess of requirement

14 Unauthorized vendor access to systems

11

1716

15

18 19MISAPPROPRIATION OF ASSETS

20 Theft of blank checks

21 Misuse of company assets / theft of company assets

22 Unauthorized wire transfers

23 Check fraud

24 Scrap sales/embezzlement

GOVERNANCE

25 Selective disclosure to Board or public

26 Management override of controls

27 Use of confidential information for personal gain

28 Decisions made to benefit the majority shareholder

21

22

23 24

25

26

27

28

14 20

Represents fraud risk scenarios selected for additional procedures. Note: Inherent risk rankings are those of management. Testing of the operating effectiveness of controls was not performed as part of this review.

103


Sample Deliverable


41

COSO Publications

Internal Control-Integrated Framework (2013 Edition)

Ordering COSO's framework online at www.coso.org (Guidance tab)

Internal Control - Integrated Framework(3 volume set)

Executive Summary, Framework and Appendices, and Illustrative Tools forAssessing Effectiveness of a System of Internal Control

Internal Control - Integrated Framework, Internal ControlOver External Financial Reporting - Compendium Only

A Compendium of Approaches and Examples

Internal Control-Integrated Framework, Compendium(4 volume set)

Executive Summary, Framework and Appendices, and Illustrative Tools for AssessingEffectiveness of a System of Internal Control A Compendium of Approaches and Examples


42

Resources on COSO 2013

COSO Internal Control-Integrated Framework Frequently Asked Questions

2

2013 Internal Control – Integrated Framework - Executive Summary

1

The 2013 COSO Framework & SOX Compliance – One Approach to an Effective Transition

3

Access COSO Guidance and Thought Papers at: www.coso.org and click on ‘guidance’

http://www.coso.org/

http://www.coso.org/documents/990025P_Executive_Summary_final_may20_e.pdf

http://www.imanet.org/PDFs/Public/SF/2013_06/06_2013_mcnally.pdf


43

Protiviti Resources on COSO 2013

The Updated COSO Internal Control Framework: Frequently Asked Questions

4

Source: http://www.protiviti.com/en-US/Pages/Resource-Guides.aspx

Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements – Frequently Asked Questions Regarding Section 404

5

Guide to the Sarbanes-Oxley Act: IT Risks and Controls

6

Board Perspectives: Risk Oversight - COSO 2013: Why Should You Care

7

http://www.protiviti.com/en-US/Documents/Resource-Guides/Updated-COSO-Internal-Control-Framework-FAQs-Second-Edition-Protiviti.pdf


44

coso webinar slides - assessing fraud risk - september 2014

Business

companys internal use

internal audit programs

protivitis internal

internal auditing

internal audit plan

years of audit

fraud risk management

occupational fraud