robert r. moeller
TRANSCRIPT
hing company in Australia, Wiley
Inic products and understanding. insights to corpo:ir company, from ;ement.
ROBERT R. MOELLER
WILEY
BIBLIOTECA DO SENADO FEDERAL
or transmitted in ~, scanning, or States Copyright ~ation through [nc., 222 .
oron the Web lddressed to the 1, NJ 07030, (201) ssions.
lye used their best 'ith respect to the m any implied ty may be created ld strategies vith a professional .s of profit or any onsequentiaI. or
lpport, please -2974, outside
~mand. Some ~d in e-books or )t included in the t.wiley.com. For
Preface ix
Chapter 1: Importance of the COSO Internal Control Framework 1
The Importance of Enterprise Internal Controls 2 What Are Enterprise Internal Controls? 3 Understanding the COSO Internal Control Framework: How to
Use This Book 4
Chapter 2: How We Got Here: Internal Control Background 5
Early Definitions of Internal Controls: Foreign Corrupt Practices Act of 1977 7 The FCPA and Internal Controls Today 8 Events Leading Up to the Treadway Commission 9 Earlier AICPA Auditing Standards: SAS Nos. 55 and 78 10 The Treadway Committee Report 11 The Original COSO Internal Control Framework 12 The Sarbanes-Oxley Act and Internal Accounting Controls 15 Notes 28
Chapter 3: COSO Internal Controls: The New Revised Framework 29
Understanding Internal Controls 30 Revised Framework Business and Operating Environment Changes 32 The Revised COSO Internal Control Framework 35 COSO Internal Control Principles 37 COSO Objectives and Business Operations 38 Sources for More Information 40
Chapter 4: COSO Internal Control Components: Control Environment 41
Importance of the Control Environment Control Environment Principle 1: Integrity and Ethical Values Control Environment Principle 2: Role of the Board of Directors Control Environment Principle 3: The Need for Authority and
Responsibility Control Environment Principle 4: Human Resource Strengths Control Environment Principle 5: Individual Internal Control
Responsibilities COSO Control Environment in Perspective
41 43 48
49 51
54 56
v
vi • Contents
Chapter 5: COSO Internal Control Components: Risk Assessment 59 Chaptl
Risk Assessment Component Principles 60 Imf Risk Identification and Analysis 62 Re~
Risk Response Strategies 66 Intt
Fraud Risk Analysis 69 Co
COSO Risk Assessment and the Revised Internal Control Framework 70 Notes 71 Chapt.
Relatic Chapter 6: COSO Internal Control Components: Control Activities 73 Int.
COSO Control Activity Principles 74 En1
COSO Control Activities Today 85 Bu: Dh
Chapter 7: COSO Internal Control Components: De Information and Communication 87 Or·
Nc Information and Communications: What Has Changed? 87 Information and Communication Principle 1: Use of Relevant Information 89 Chapt Information and Communication Principle 2: Internal Communications 96 Effect Information and Communication Principle 3: External Communications 100 The Importance of COSO Information and Communication 102 1m Notes 103 IT
IT
Chapter 8: COSO Internal Control Components: Cli Monitoring Activities 105 ITI
Se Importance of COSO Monitoring Internal Control Activities 106 Nc COSO Monitoring Principle 1: Conduct Ongoing and
Separate Evaluations 108 Chapt COSO Monitoring Principle 2: Evaluate and Communicate Deficiencies 112 Wirel. COSO Internal Control Monitoring in Perspective 115 Note 115 Int
0 Chapter 9: COSO Internal Control GRC Operations Controls 117 St.
C< COSO Operations Objectives 117
N< Planning and Budgeting Operations Controls 119 IT Systems Operations Controls 123 Chap1 Operations Procedure Controls and Service Catalogs 133 Importance of COSO Operations Controls 135 EF Note 135 n
0 Chapter 10: COSO Reporting Processes 137 C<
N. COSO Reporting Objectives 137 COSO External Financial Reporting Controls 139 Chap· COSO Internal Financial Reporting Controls 141 COSO External Nonfinancial Reporting Controls 149 AI
COSO Internal Nonfinancial Reporting Controls 149 U: Importance of COSO Reporting Controls 150 M Note 151 N
Contents • vii
·essment 59 '. 1 Chapter 11: COSO Legal, Regulatory, and Compliance Objectives 153
60 Importance of Ent~rprise Compliance Controls 153 62 Regulatory Compliance Control Issues 155 66 Internal Controls and Legal Issues 157 69 Compliance with Professional and Other Standards 158
ework 70 71 Chapter 12: Internal Control Entity and Organizational ORC
Relationships 161 Activities 73 1. 1
Internal Controls from an Organizational GRC Perspective 161 74 1. 1 1' Enterprise Governance Overall Concepts 163 85 Business Entity-Level Internal Controls 167
Divisional and Functional Unit Internal Controls 175 Department- and Unit-Level Internal Controls 178
87 ~ .' I: Organization and GRC Controls in Perspective 179
87 Note 179
formation 89
~I I Chapter 13: COSO, Service Management, and
cations 96 ications 100
Effective IT Controls 181
102 Importance of IT General Controls 181 103 IT Governance General Controls 183
IT Management General Controls 184 Client-Server and Smaller Systems General IT Controls 188
105 1. ,1 ITIL Service Management Best Practices 191
106 Service Delivery Best Practices 200 Notes 201
108 Chapter 14: Cloud Computing, Virtualization, and
:iencies 112 115
Wireless Networks 203
115 I, Internal Controls for IT Wireless Networks 204 Cloud Computing and COSO Internal Controls 208
,Is 117 1:. :1 Storage Management Virtualization 214
117 1. ,1 COSO Internal Controls and Newer Technologies 215
119 f\lote 215
123
II' Chapter 15: Another Framework: COSO ERM 217 133 135 ERM Definitions and the ERM Portfolio View of Risk 218 135 The COSO ERM Framework Model 222
Other Dimensions of the ERM Framework 239 137 • • 1: COSO ERM and the Revised Internal Control Framework 240
137 Notes 241
139 Chapter 16: Understanding and Using COBIT 243
141 149 An Executive's Introduction to COBIT 244 149 Using COBIT to Assess Enterprise Internal Controls 252 150 Mapping COBIT to COSO Internal Controls 256 151 Notes 257
viii • Contents
Chapter 17: ISO Internal Control and Risk Management Standards
Background and Importance of ISO Standards in a Global Commerce World
ISO Standards Overview
ISO Standards and the COSO Internal Control Framework Notes
Chapter 18: COSO Internal Controls in the Board Room
Board Decisions and Internal Control Processes Board Organization and Governance Rules
Corporate Charters and the Board Committee Structure The Audit Committee and Managing Internal Controls Board Member Internal Control Knowledge Requirements COSO Internal Controls and Corporate Governance Notes
Chapter 19: Service Organization Control Reports and COSO Internal Controls
Importance of Service Organization Internal Controls Early Steps to Gain Assurance: SAS 70 Service Organization Control (SOC) Reports Right-to-Audit Clauses Internal Control Limitations
Chapter 20: Implementing the Revised COSO Internal Control Framework
Understanding What Is New in the 2013 Framework Transitioning to the New COSO Guidance
Steps to Begin Implementing the New COSO Internal Control Framework
Index 297
259
259 262 269 270
271
272 275 I NTERNA 276 enterprist 279 systems a 281 sions where 282 internal cont 283 of professiol
tute of Certi
285 of Sponsori: concept of iJ
286 After a 287 initial cose 288 or a setofg< 290 concepts of 292 was soon ad
statement il
293 Act (SOx) C(
Althou 293 release, th 295 changes in
296 internatior prise goven framework internal COl
This be framework work and tl Wehaveah explain tht chapters a internal co implement
One of control fra nal control processes, :