This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1. Managing Risk In NonprofitOrganizationsCharles F. Tate,
CPAManaging PartnerTate & Tryon, CPAs and
ConsultantsWashington, DCJanuary 13, 2012
2. What Well Discuss Today1. Overview of COSO and
Publications2. COSOs ERM3. COSOs Internal Control4. Relationship of
COSO to Auditing Standards
3. 1. Overview of COSO and Publications
4. COSO is the Acronym For:A. Class of Service OverridesB.
Combat Oriented Supply OperationsC. Committee of Sponsoring
Organizations Answer C: Committee Of Sponsoring Organizations of
the Treadway Commission
5. What is the Treadway Commission?A. Governmental CommissionB.
Presidential CommissionC. Congressional CommissionD. All of the
AboveE. None of the Above Answer E: The Treadway Commission is a
Joint Private Sector Initiative
6. Which Organization is not Part of the Private
SectorInitiative (i.e., a Sponsoring Organization)?A. American
Accounting Association (AAA)B. American Institute of CPAs (AICPA)C.
Association of Financial Professionals (AFP)D. Financial Executives
International (FEI)E. Institute of Internal Auditors (IIA)F.
Institute of Management Accountants (IMA) Answer C: AFP is not part
of the 5 member Sponsoring Committee
7. COSO Publications
8. COSO Publications
9. Which Prominent Accounting FirmAuthored a COSO
Publication?A. Price Waterhouse Coopers (PWC)B. Grant Thornton
(GT)C. Tate & Tryon (T&T)D. Coopers & Lybrand
(C&L)E. Both A. and D.F. Bothe A. B. and D. Answer F: PWC, GT,
and C&L all authored a COSO Publication
10. COSOs Definitions and ObjectivesA process, effected by an
entitys board of directors,management and other personnel, designed
to providereasonable assurance regarding the achievement
ofobjectives in the following categories: ERM Internal Control1.
Strategy setting 1. Effectiveness and2. Identify & manage
efficiency of operations. potential events 2. Reliability of
financial3. Manage risks to be reporting. within its risk appetite
3. Compliance with laws and regulations.
11. Which Individual Did Not Influence SOXLegislation? A. B. C.
D. Answer D: Michael M. Tryon Had No Influence on SOX
12. 2. COSOs ERM
13. COSO Enterprise Risk Management Integrated Framework
Componentsunique to ERM
14. COSO Internal Control Integrated Framework
15. Comparison of COSO IC and ERM
16. Relationship of COSO Objectives Internal ControlEnterprise
Risk Internal Control Over Financial Management (1992) Reporting
(2004) (2006) Strategic Operations Operations Compliance Compliance
Financial Financial Financial Reporting Reporting Reporting
17. ERM Expands on Internal Control AddingThree Components
Control Environment ERM Objective Control Activities Setting ERM
Event Identification Monitoring ERM Risk Information & Response
Communication Risk Assessment
18. ERM Expands on Internal Control Objective Setting Strategic
Objectiveshigh level Related Objectivesoperations, reporting, &
compliance Achievement of Objectivesreasonable assurance Risk
Appetiteguidepost in strategy setting Risk Tolerancesacceptable
levels of variation
20. ERM Expands on Internal Control Event Identification Events
can be positive, negative impact, or both Events are
interdependentnot isolated Events are driven by external and
internal factors
21. Implementation Event IdentificationExternal FactorsExternal
Internal Economic Infrastructure Natural Environment Personnel
Political Process Social Technology Technological
22. COSO Components & PrinciplesERM Risk Response
Avoidance, reduction, sharing, acceptance Evaluation of risk
likelihood and impact Assessing costs versus benefits Opportunities
in response to options Portfolio view
23. Implementation Risk ResponseAvoidance Sharing Disposing of
a program Buy insurance Deciding not to engage in Joint
venture/outsource new initiatives/activities Hedging risks Risk
ResponseReduction Acceptance Diversifying/rebalance Self insure
Limits/processes Accept risk that conforms to risk tolerance
24. Simplified Process For ERM Strategy & Objectives Event
Identification & Likelihood Risk Response & Quantification
Financial Model
25. Financial Impact of Key ScenariosMajor Annual Increase
Potential Scenario ProbabilityActivity (H-M-L) Amount (Decrease)
(in millions) Terrorist or political uprising H 100Donations 1,000
Donation mismanagement L -20Biomedical Virus M -400 2,400Services
War, natural disaster H -600Fundraising Weather L 50 -0-Events
Pandemic LGovernment Economic downturn H -40 60Grants Contract
mismanagement M -0-Investments Financial meltdown M -30 90&
other Fraud (Madoff or Stanford) M -10Total 3,600 -1,000
26. 3. COSOs Internal Control
27. COSO ComponentsInternal Control Control Environment Risk
Assessment Control Activities Information & Monitoring
Communication
28. COSO Internal Control Components &Principles
Environment Principles Management Philosophy Board of Directors
Integrity and Ethical Values Commitment to Competence
Organizational Structure Assignment of Authority and Responsibility
Human Resource Standards Risk Appetite
29. Control Environment/Internal Environment isthe Foundation
of the 5 Components
30. COSO Internal Control Components &Principles Risk
Assessment Principles Specify objectives Risk identification &
analysis Inherent and residual risk
31. Risk Assessment Matrix Characteristics As % Entity- Impact
Fraud OverallBalance Sheet Account of Business wide on F/S Account
Risk Rating Total Process FactorsASSETSCash & cash equivalents
5% L M L H L LPledges receivable 15% M H H M M HInvestments 40% H H
H L L HProperty & equipment 35% H M M H M MPrepaid & other
assets 5% L L L L L L Total Assets 100%LIABILITIESAccounts Payable
5% L M M H M MDeferred Revenue 20% H H H L H HMortgage (IRB) 25% H
H L L M MPension & post retirement 10% M H H L H H Total
Liabilities 60%Net Assets 30% H M L L L LTotal Liabilities and Net
Assets 100%
32. Implementation Risk Assessment Significant Assertions
Significant AssertionsBalance Sheet Account Valuation or Rights
& Presentation Existence Completeness Allocation Obligations
& DisclosureCash & cash equivalents Pledges receivable
Investments Property & equipment Prepaid & other assets
Accounts Payable Deferred Revenue Mortgage (IRB) Pension & post
retirement Net assets
33. COSO Internal Control Components &Principles Control
Activities Principles Integration with risk assessment Selection
and development of control activities Controls over information
systems/technology Policies and procedures are communicated
34. COSO Internal Control Components &Principles
Information & Communication Principles Quality of information
Internal & external communication Means of communication
Strategic and integrated systems
37. Auditing Standards Risk Assessment Identifying risks
through considering: The entity and its environment, including its
internal control Classes of transactions, account balances, and
disclosures Relating the identified risks to what could go wrong at
the relevant assertion level
38. Intersection of COSO and the AuditorsResponsibilities COSO
(2004) Broader Objectives Enterprise Risk More than Internal
Control Management COSO (1992) Operations Financial Reporting
Internal Control Compliance with Integrated Framework
Laws/Regulations COSO (2006) Internal Control over Financial
Reporting Financial Reporting SAS 109 Understand Five Components
Understanding of the Focus on Controls Relevant Entity &
Environment to Financial Reporting
39. Summary of Risk Assessment StandardsNo. Concept Expands the
definition of reasonable assurance as a high level of104 assurance
Internal control is replaced by the entity and its environment,105
including its internal control Use of managements assertions in
obtaining audit evidence 106 recognition, measurement, presentation
and disclosure Reduce audit risk to a low level that is, in the
auditors professional judgment,107 appropriate for expressing an
opinion on the financial statements108 Adequately plan the work and
must properly supervise any assistants Sufficient understanding of
the entity and its environment, including109 its IC, to assess the
risk of material misstatement Sufficient appropriate audit evidence
to afford a reasonable basis for an110 opinion111 Enhanced guidance
on tolerable misstatement
40. Auditors Assessment of Material Misstatement SAS 106
Classes of Presentation and Account Balances Transactions
Disclosures Occurrence/Rights and Occurrence Existence obligations
Completeness Rights and obligations Completeness Classification and
Accuracy Completeness understandability Cutoff Valuation and
allocation Accuracy and valuation Classification
41. GAAS & COSO Use of FinancialStatement Assertions to
Assess Risk GAAS COSO Risk Assessment Standards Internal Control
Over Financial SAS 106 Reporting/1. Existence Existence or
Occurrence Occurrence Completeness Completeness Rights and
Obligations Valuation and Allocation Rights and Obligations
Accuracy Cutoff Valuation or Allocation Classification Presentation
and Disclosure Understandability/1. Source: SAS 31, Evidential
Matter prior to amendment by SAS 106
42. Audit Risk Assessment and COSO Financial Statements
Investments & Receivables & Real Estate & Payables
& Deferred Net Assets & Income Revenue Debt Expenses
Revenue Restrictions Assertions Rights & Presentation &
Completeness Existence Valuation Obligations Disclosure Risks
Processes Competency IT Infrastructure Fraud Risk Entity-Wide
Factors Control Objectives Appropriate Statements Classification
Reflect Transactions Reflect Materiality Accounting Informative
Appropriate Entity-Wide Controls Process-Level Controls Preventive
or Detective Manual or AutomatedAdapted from an article by Michael
Ramos CPA, entitled Risk-Based Audit Practices, Journal of
Accountancy, Dec., 2009
43. COSO is the Acronym For:A. Class of Service OverridesB.
Combat Oriented Supply OperationsC. Committee of Sponsoring
Organizations Answer C: Committee Of Sponsoring Organizations of
the Treadway Commission
44. What is the Treadway Commission?A. Governmental
CommissionB. Presidential CommissionC. Congressional CommissionD.
All of the AboveE. None of the Above Answer E: The Treadway
Commission is a Joint Private Sector Initiative
45. Which Organization is not Part of the Private
SectorInitiative (i.e., a Sponsoring Organization)?A. American
Accounting Association (AAA)B. American Institute of CPAs (AICPA)C.
Association of Financial Professionals (AFP)D. Financial Executives
International (FEI)E. Institute of Internal Auditors (IIA)F.
Institute of Management Accountants (IMA) Answer C: AFP is not part
of the 5 member Sponsoring Committee
46. Which Prominent Accounting FirmAuthored a COSO
Publication?A. Price Waterhouse Coopers (PWC)B. Grant Thornton
(GT)C. Tate & Tryon (T&T)D. Coopers & Lybrand
(C&L)E. Both A. and D.F. Bothe A. B. and D. Answer F: PWC, GT,
and C&L all authored a COSO Publication