COSO Frameworks and Control SelfAssessment GSIA 5201 Internal
- Slides: 57
COSO Frameworks and Control Self-Assessment GSIA 5201 Internal Audit 1 : Conceptual and Institutional Framework �������� 1: ����������������������������� ����������� 23 ������� 2551 16: 00 -19: 00�. 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 1
����������� 1. ������������ COSO Internal Control – Integrated Framework (1992( 2. �������������� COSO Enterprise Risk Management (2004( 3. �������������� (Control Self. Assessment ���� CSA( 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 2
����� l l l 1977: Foreign Corrupt Practice Act 1985: ������� National Commission on Fraudulent Financial Reporting 1987: ������� Committee of Sponsoring Organization of the Treadway Commission (COSO( 1992 : COSO ����� Internal Control – Integrated Framework 2004 : COSO ����� Enterprise Risk Management Framework 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 5
���������� COSO (1992( 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 6
����������� l Compliance l Accomplishment of Goals & Objectives l Reliability & Integrity of Information l Economical & Efficient Use of Resources l Safeguarding of Assets 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 9
COSO Internal Control – Integrated Framework 1. ������� (Control Environment( 2. ������� (Risk Assessment( 3. ������� (Control Activities( 4. ������� (Information and Communication( 5. ������ (Monitoring( 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 10
Risk Map 100 High Impact vs. Likelihood Medium Risk High Risk o การซอสนคา o สงจายเงนเพ ไมไดถกบนท I กรายการ m Monitor p 50 Low Risk a o บนทกรายการซ c อสนคาผดห t อสนคาทไม ไดรบจรง Mitigate & Control Medium-High Risk o สงซอสนค าเกนอำนาจอน มต Control นวยงาน Accept 0 Low 2/11/2563 50 Likelihood COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 100 High 13
����������� Preventive Controls l Detective Controls l Directive Controls l IT – l 2/11/2563 General Controls Preventive, Detective or Directive Application Controls Preventive, Detective or Directive COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 14
4. Information and Communication l l ���� (Information) �������������� ��������� ����� (Communication) �������������� 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 18
Information Flow Down: Top o Goals / objectives Management o Directives o Policies / procedures Senior Managers Up: o Progress reports o Problem identification o Improvement suggestions Supervisors Line Staff Across: o Daily work information —all levels 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 19
������������ COSO ERM (2004( 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 21
Risk Management Concept • การบรหารเพอลดความเสยงลงมาอยในระดบทยอ มรบไดตองพจารณาความคมคาระหวาง ตนทนก บประโยชน Effective Control Inherent Risk Residual Risk Effective Control ระดบความเส Treatment ยง Plan ทยอมรบได Residual Risk 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th )Risk Appetite( 22
����� l COSO Enterprise Risk Management (2004) "Enterprise Risk Management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise. It is designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. " 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 24
ERM vs. Control Framework Enterprise Risk Management l Expands on elements – Internal environment – Objective setting – Event identification – Risk assessment – Risk response – Control activities – Information & communication – Monitoring 2/11/2563 Internal Control Framework q Core elements – Control environment – Risk assessment – Control activities – Information & communication – Monitoring COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 26
COSO Frameworks 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 27
COSO ERM Road Map Objectives Assessment Governance )Identify& Assess( )Monitoring( Environment Monitor )Information – Communication &Monitoring( 2/11/2563 Respond )Control Activities & Response( COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 36
���� Risk Map CONSEQUENCE / IMPACT HIGH 5 LOW 3 1 3 5 LOW HIGH LIKELIHOOD Risk Level : 2/11/2563 Extreme High COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th Moderate Low 37
������������ 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 38
����������� 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 39
Control Self-Assessment ������������� l ����� Gulf Canada ���� 1987 l Facilitated Meeting Control Assessment l �������������� l ������ (Empowerment ( l ����������� (Continuous Improvement( l ��������������������������� 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 40
CSA Process Information Goals & Objectives Perform Establish Risk & & Monitor Control Performance. Environment Assessment Implement Control Activities Communication 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 42
������ CSA 1. ����� (Facilitated Meeting Control Assessment ( 2. ����� (Questionnaires ( 3. ������������ (Management produced analysis ( 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 47
CSA Workshop Flow วตถประสงคหลก Objective 1 วตถประสงครอง Sub-obj 1 Objective 2 Sub-obj 2 Major Inherent Risk(s) Major Risk 1 Major Risk 2 Associated Risk(s) Assoc. Risk 1 Assoc. Risk 2 การควบคมทมอย Control A Control B Control C ความเสยงคงเหลอ Residual Risk A Residual Risk B ปรบปรง 2/11/2563 /เพม การควบคม COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th Control X Control Y 50
2. Questionnaires l ��������� l ������ ��� /������ l Process Owners �������� l ����������� 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 51
3. Management Produced Analysis l ������������ l CSA Specialist) �������������� ������ Process Owners �������������� 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 53
���� CCSA l l l l l CCSA -Certification in Control Self-Assessment Specialty certification program for CSA practitioners ������� IIA ������� 1999 �������� CCSA ���� 2, 700 �� * �������� ���� web site IIA (* Information as of Mar 2007) ��� 1 Part (3: 15 hr( ������ 125 ��������� 75% (600/750( ���������� CIA Part IV ���� 40 ��. CPE ��� 2/11/2563 COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 56
Q&A Mobile Office Email 2/11/2563 PAIRAT SRIVILAIRIT SVP Head of Internal Audit TISCO Bank Public Company Limited : +668 1903 1457 : +66 2633 6051 : pairat@tisco. th COSO Frameworks and Control Self-Assessment ไพรช ศรวไลฤทธ pairat@tisco. th 57