Please enable JavaScript.
Coggle requires JavaScript to display documents.
Risk Management and Internal Controls - Coggle Diagram
Risk Management and Internal Controls
Internal Control Functions
Preventive Controls
Authorizing
recording
custody
Detective Controls
Corrective Controls
Internal Control Classification
Application Controls
Implementing Controls
manual
automated
Continuous Monitoring
Is the control in a computer environment?
No
Physical
Yes
IT General
It Application
Assessing Internal Control
Management: First and Second Lines of Defense
Actions (including managing risk) to achieve organizational objective
First line roles
Provisions of products/services to clients; managing risk
Second line roles
Expertise, support, monitoring, and challenge on risk-related matters
BPMM
Phase 1 Limited
informal process
localized efforts
ad hoc controls
reactive management
reliance on key individuals
Phase 2 Informal
some defined processes
some defined controls
lack of documentation
reliance on key individuals
Phase 3 Defined
clearly defined processes
clearly defined controls
formal documentation
mix o manual and automated controls
no reliance on key individuals
Phase 4 Optimized
enterprise-wide risk management
enterprise-wide control environment
top-down, proactive approach
clearly defined processes
internal audit provides strategic value
Internal Audit: Third Line of Defense
Independent assurance
Third line roles
Independent and objective assurance and advice on all matters related to the achievement of objectives
assurance
objectivity
insight
Selecting a Framework
Sarbanes-Oxley Act of 2002 (SOX)
publicly traded companies in the US and their subsidiaries
Foreign companies that are publicly traded and do business in the US
Private companies planning their initial IPO to become a publicly traded company
Accounting firms performing audits of the above SOX regulated companies
COSO Internal Control- Integrated Framework
Key Part of the COSO Framework
Control objectives
operations
reporting
compliance
Components and related principles
control environment
risk assessment
control activities
information and communication
monitoring activities
COSO Cube
COSO Enternprise Risk Management Framework
government and culture
strategy and objective setting
performance
review and revisions
information, communication and reporting