Leveraging COSO across the three lines of defense
- Slides: 19
Leveraging COSO across the three lines of defense Jean-Pierre Garitte Tbilisi, 29 October 2018
Remember the three lines of defense Three Lines of Defense in Effective Risk Management and Control, (Altamonte Springs, FL: The Institute of Internal Auditors Inc, January 2013.
Remember the COSO principles Internal Control – Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission (Jersey City, NJ: American Institute of Certified Public Accountants, May 2013.
Who is mainly responsible for the control environment?
Control environment 1. 2. 3. 4. 5. Demonstrates commitment to integrity and ethical values Exercises oversight responsibility Establishes structure, authority and responsibility Demonstrates commitment to competence Enforces accountability
Who is mainly responsible for risk assessment? Risk Assessment
Risk assessment 6. 7. 8. 9. Specifies suitable objectives Identifies and analyzes risk Assesses fraud risk Identifies and analyzes significant change
Who is mainly responsible for control activities? Risk Assessment Control Activities
Control activities 10. Selects and develops control activities 11. Selects and develops general controls over IT 12. Deploys through policies and procedures
Who is mainly responsible for information and communication? Risk Assessment Control Activities Information & Communication
Who is mainly responsible for information and communication? Information & Communication Risk Assessment Control Activities Information & Communication
Information & Communication 13. Uses relevant information 14. Communicates internally 15. Communicates externally
Who is mainly responsible for monitoring? Risk Assessment Control Activities Information & Communication Monitoring
Who is mainly responsible for monitoring? Risk Assessment Control Activities Information & Communication Monitoring
Who is mainly responsible for monitoring? Information & Communication Monitoring Risk Assessment Control Activities Information & Communication Monitoring
Who is mainly responsible for monitoring? Information & Communication Monitoring Risk Assessment Control Activities Information & Communication Monitoring: • Assurance • Reassurance
Monitoring 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
Leveraging COSO across the three lines of defense Adapted from the Leveraging COSO Across the Three Lines of Defense, commissioned by The Committee of Sponsoring Organizations of the Treadway Committee (Lake Mary, FL: The Institute of Internal Auditors Inc and, July 2015).
Questions?
Coso three lines of defense
Leveraging coso across the three lines of defense
Qué coso
Three lines of defense
Nonspecific defense mechanisms
What are the immune systems 3 lines of defense
3 lines of defense immunity
Three line of defense in security
Roman empire theme
International business strategy
Brand leveraging strategies
Leveraging social media for talent acquisition
Ingredient branding examples
Co-branding meaning
Creation of new brand associations
Analyzing and leveraging decoupled l1 caches in gpus
Leveraging educational assistance partnership
Leveraging threat intelligence
Leveraging network effects
The strategy of international business chapter 13
