Leveraging COSO across the three lines of defense
- Slides: 19
Leveraging COSO across the three lines of defense Jean-Pierre Garitte Tbilisi, 29 October 2018
Remember the three lines of defense Three Lines of Defense in Effective Risk Management and Control, (Altamonte Springs, FL: The Institute of Internal Auditors Inc, January 2013.
Remember the COSO principles Internal Control – Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission (Jersey City, NJ: American Institute of Certified Public Accountants, May 2013.
Who is mainly responsible for the control environment?
Control environment 1. 2. 3. 4. 5. Demonstrates commitment to integrity and ethical values Exercises oversight responsibility Establishes structure, authority and responsibility Demonstrates commitment to competence Enforces accountability
Who is mainly responsible for risk assessment? Risk Assessment
Risk assessment 6. 7. 8. 9. Specifies suitable objectives Identifies and analyzes risk Assesses fraud risk Identifies and analyzes significant change
Who is mainly responsible for control activities? Risk Assessment Control Activities
Control activities 10. Selects and develops control activities 11. Selects and develops general controls over IT 12. Deploys through policies and procedures
Who is mainly responsible for information and communication? Risk Assessment Control Activities Information & Communication
Who is mainly responsible for information and communication? Information & Communication Risk Assessment Control Activities Information & Communication
Information & Communication 13. Uses relevant information 14. Communicates internally 15. Communicates externally
Who is mainly responsible for monitoring? Risk Assessment Control Activities Information & Communication Monitoring
Who is mainly responsible for monitoring? Risk Assessment Control Activities Information & Communication Monitoring
Who is mainly responsible for monitoring? Information & Communication Monitoring Risk Assessment Control Activities Information & Communication Monitoring
Who is mainly responsible for monitoring? Information & Communication Monitoring Risk Assessment Control Activities Information & Communication Monitoring: • Assurance • Reassurance
Monitoring 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
Leveraging COSO across the three lines of defense Adapted from the Leveraging COSO Across the Three Lines of Defense, commissioned by The Committee of Sponsoring Organizations of the Treadway Committee (Lake Mary, FL: The Institute of Internal Auditors Inc and, July 2015).
Questions?
- Coso three lines of defense
- Leveraging coso across the three lines of defense
- Qué coso
- Three lines of defense
- Nonspecific defense mechanisms
- What are the immune systems 3 lines of defense
- 3 lines of defense immunity
- Three line of defense in security
- Roman empire theme
- International business strategy
- Brand leveraging strategies
- Leveraging social media for talent acquisition
- Ingredient branding examples
- Co-branding meaning
- Creation of new brand associations
- Analyzing and leveraging decoupled l1 caches in gpus
- Leveraging educational assistance partnership
- Leveraging threat intelligence
- Leveraging network effects
- The strategy of international business chapter 13