Focus and Features
COSO's landmark frameworks, Internal Control – Integrated Framework (2013) and Enterprise Risk Management – Integrated Framework (2017), offer guidance to ensure effective controls and proficient risk management. These frameworks can contribute value to strategic business planning, governance, and execution, monitoring, and adapting processes for any organization.
This course provides an opportunity for internal auditors to develop the level of understanding of the COSO frameworks needed to carry out their roles and responsibilities. Participants will explore how to leverage the COSO frameworks in their audit process through various activities.
The International Standards for the Professional Practice of Internal Auditing (Standards) require internal audit activities to "evaluate and contribute to the improvement of governance, risk management, and control processes." The course will deliver ideas for value-added services to enhance organizational performance and governance for sustainable success and for conforming to the Standards.
The first day of the course focuses on developing an understanding of the internal control and risk management frameworks. The second day of the course focuses on using the frameworks in the internal audit process.
- Compare and contrast the COSO Internal Control and ERM frameworks.
- Develop the level of knowledge of the COSO Internal Control Framework needed to carry out internal audit roles and responsibilities.
- Develop the level of knowledge of the COSO ERM Framework needed to carry out internal audit roles and responsibilities.
- Clarify the implications that the COSO frameworks present to the internal audit profession and individual internal audit activities.
- Demonstrate the use of COSO principles and practices in overall and audit engagement planning.
- Develop the skills needed to use COSO principles and practices to perform the work on audit engagements.
- Develop the skills needed to use COSO principles and practices to communicate the results of audit engagements.
What You Will Learn
COSO Frameworks: The Basics
- Discuss COSO background/history.
- Examine COSO's definitions of Internal Control and ERM.
- Review COSO Internal Control and ERM objectives and components.
- Discuss the updated COSO Internal Control from an internal audit perspective.
- Understand the relationship between Governance, Risk Management and Internal Control.
- Discuss the IA implications for "Turning the Principles into Positive Action."
COSO Internal Control: A Closer Look
- Review Control Environment Principles.
- Examine Risk Assessment and Control Activities Principles.
- Discuss Information/Communication and Monitoring Activities Principles.
- Demonstrate the importance of "soft controls."
- Discuss the "Three Lines of Defense in Effective Risk Management and Control." Examine the implications for Internal Auditors.
COSO ERM: A Closer Look
- Compare COSO ERM factors and Internal Control principles.
- Understand key ERM concepts and terms.
- Discuss "ERM Risk Assessment in Practice/Thought Leadership."
- Examine the implications for Internal Auditors.
IPPF & COSO Framework Connections
- Show where IPPF Standards and the COSO Frameworks are connected – and discussing potential opportunities/challenges for Internal Auditors.
- Examine a COSO-based Internal Audit process.
- Use IPPF and IIA resources to develop COSO-based IA tools.
COSO-Based Audit and Engagement Planning
- Compare approaches and techniques used establish the IA activity's risk-based plan and priorities.
- Compare tools and techniques used to plan IA engagements.
- Apply COSO-based practices on overall IA activity and individual engagement planning case studies.
Using COSO in Performing the Work
- Discuss the COSO-based skills and practices used in performing the work.
- Examine the types of information that may be needed to support conclusions. Compare approaches used to evaluate soft controls.
- Demonstrate how to use COSO in root cause analysis. Use COSO-based practices on case study applications.
Using COSO in Communicating the Results
- Compare approaches and techniques used to communicate individual engagement and overall IA activity results.
- Use COSO-based practices on case study applications.
- Discuss opportunities to increase that value of IA services and emerging issues.