Presentation is loading. Please wait.

Presentation is loading. Please wait.

Association of Government Accountants – Boston Chapter

Published byHugo Page Modified over 6 years ago

Similar presentations

Presentation on theme: "Association of Government Accountants – Boston Chapter"— Presentation transcript:

1 Association of Government Accountants – Boston Chapter
Office of Management and Budget  OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control  January 18, 2018 Association of Government Accountants – Boston Chapter 2018 Annual Winter Seminar

2 Session Objectives Define management’s responsibilities for Enterprise Risk Management (ERM) and internal control Recognize the need to integrate and coordinate risk management and internal control into existing business activities and as an integral part of managing an Agency Understand how to apply the concepts in the Circular to manage risks and improve accountability

3 Session Agenda Background and Overview of OMB Circular A-123
Establishing Enterprise Risk Management In Management Practices Establishing And Operating An Effective System Of Internal Control Assessing Internal Control Correcting Internal Control Deficiencies Reporting on Internal Control Appendix A (time permitting)

4 Background Federal Managers’ Financial Integrity Act of 1982
Requires Executive Branch agencies to establish and maintain effective internal control to provide reasonable assurance that: Obligations and costs are in compliance with applicable law Funds, property, and other assets are safeguarded Revenues and expenditures are properly recorded and accounted for Heads of agencies must annually evaluate and report on the effectiveness of the internal control (Section 2) and financial management systems (Section 4) The requirements of FMFIA serve as an umbrella under which other reviews, evaluations and audits should be coordinated Results of these reviews are considered and support management’s assertion about the effectiveness of internal control over efficient and effective operations, reliable financial reporting, and compliance with laws and regulations

5 Background GAO issued Standards:
Jan 1983: Standards For Internal Controls In The Federal Government (Green Book) OMB issued Guidance: Dec 1982: Guidelines for the Evaluation and Improvement of and Reporting on Internal Control Systems in the Federal Government Aug 1986: Circular No. A-123 Internal Control Systems

6 Background 1985 National Commission on Fraudulent Financial Reporting (the Treadway Commission) Jointly sponsored by five professional associations (COSO) FEI: Financial Executives International AAA: American Accounting Association AICPA: American Institute of Certified Public Accountants IIA: Institute of Internal Auditors IMA: Institute of Management Accountants Major objective to identify the causal factors of fraudulent financial reporting and make recommendations to reduce its incidence Treadway Commission issued Report: Oct 1987: Report of the National Commission on Fraudulent Financial Reporting

7 Background COSO issued Framework:
Sept 1992: Internal Control – Integrated Framework OMB issued revised Guidance June 1995: Circular No. A-123 Management's Accountability and Control GAO issued revised Standards: Nov 1999: Standards for Internal Control in the Federal Government

8 Background Sarbanes–Oxley Act of 2002
Section 302: CEO and CFO must certify to the accuracy of financial statements and effectiveness of internal disclosure controls. Section 404: Management must conduct annual evaluations of internal controls over financial reporting, and these must be attested to by external audit firm. OMB issued revised Guidance: Dec 2004: Circular No. A-123 Management’s Responsibility for Internal Control includes Appendix A

9 Background COSO issued updated ERM Framework* and updated IC Framework
May 2013: Internal Control – Integrated Framework (Updated) June 2017: Enterprise Risk Management—Integrating with Strategy and Performance GAO issued revised Standards: Sept 2014: Standards for Internal Control in the Federal Government OMB issued revised Guidance: July 2016: Circular No. A-123 Management's Responsibility for Enterprise Risk Management and Internal Control * Original Framework issued Sept 2004: Enterprise Risk Management—Integrated Framework

10 Overview Effective for FY 2016 and superseded all previous versions
Appendices A, B, C, and D remained in effect  ERM implementation requirements effective for FY 2017 Applicable to each executive agency; other agencies encouraged to adopt Modernizes existing efforts by requiring agencies to implement an ERM capability coordinated with: strategic planning and review process of GPRAMA internal control processes required by FMFIA and GAO's Green Book  Successful implementation requires agencies to establish and foster an open, transparent culture …. communicate information about potential risks….without fear of retaliation or blame  Emphasizes integration and coordination of risk management and internal control into existing business activities and as an integral part of managing an agency

11 Overview Compliance indicators that management must consider when implementing A- 123: Management is responsible for the establishment of a governance structure to effectively implement, direct and oversee implementation of the Circular Implementation should leverage existing offices or functions within the organization that currently monitor risks and the effectiveness of the organization’s internal control Agencies should develop a maturity model approach to the adoption of an ERM framework. Management must evaluate the effectiveness of internal controls annually using GAO’s Green Book 

12 Snapshot of OMB website (https://www. whitehouse
OMB Circular A-123 Note: Portions of this policy have been modified by M-17-26, Reducing Burden for Federal Agencies by Rescinding and Modifying OMB Memoranda, issued June 15, Please refer to that memorandum for more information. -- Chapter 5 of Appendix B: -- Government Charge Card Reporting pursuant to Appendix B Management's Responsibility for Enterprise Risk Management and Internal Control (Revised 07/15/2016) PDF (51 pages, 1,592 kb) Management's Responsibility for Internal Control (Effective beginning with Fiscal Year 2006) (Revised 12/21/2004) HTML or PDF (35 pages, 274 kb) Appendix A Implementation Plans (08/01/2005) (2 pages, 43 kb) Appendix A Implementation Guide (07/2005) (70 pages, 1.77 mb) Appendix A Frequently Asked Questions (04/13/2006) (14 pages, 93 kb) Issuance of Revised Appendix B to OMB Circular A-123 (01/15/2009) (59 pages, 418 kb) Management's Accountability and Control (Effective through Fiscal Year 2005) (Revised 06/21/1995) Appendix C, Requirements for Effective Estimation and Remediation of Improper Payments (10/20/2014) Appendix D, Compliance with the Federal Financial Management Improvement Act (09/20/2013) Conducting Acquisition Assessments under OMB Circular A-123(May 21, 2008) (56 pages, 458 kb) Note: Portions of this policy have been paused by M-17-26, Reducing Burden for Federal Agencies by Rescinding and Modifying OMB Memoranda, issued June 15, Please refer to that memorandum for more information.

13 Establishing ERM In Management Practices
Risk management is a series of coordinated activities to direct and control challenges or threats to achieving an organization’s goals and objectives ERM is an agency-wide approach to address the full spectrum of the organization’s external and internal risks Provides an enterprise-wide, strategically-aligned view of organizational challenges ERM and Internal Control are components of a governance framework ERM is viewed as a part of the overall governance process, and internal controls as an integral part of risk management and ERM

14 Establishing ERM In Management Practices
The Relationship Between Internal Controls and Enterprise Risk Management

15 Establishing ERM In Management Practices
Effective risk management: creates and protects value is an integral part of all organizational processes is part of decision-making explicitly addresses uncertainty is systematic, structured, and timely Is based on the best available information is tailored and responsive to the evolving risk profile of the agency takes human and cultural factors into account is transparent and inclusive is dynamic, iterative, and responsive to change facilitates continual improvement of the organization

16 Establishing ERM In Management Practices
ERM reflects forward-looking management decisions and balancing risks and returns Enhances an agency’s value to the taxpayer and increases its ability to achieve its strategic objectives The COSO ERM framework also includes concepts of risk appetite, risk tolerance, and portfolio view  Risk appetite is the amount of risk, on a broad level, an organization is willing to accept in pursuit of its mission/vision Risk tolerance is the acceptable level of variance in performance relative to the achievement of objectives A portfolio view of risk provides insight into all areas of organizational exposure to risk.

17 Establishing ERM In Management Practices
ERM objectives within government agencies: Increase the information flow about major risks both up and down the organization to improve the quality decision-making Seeks to open channels of communication so that managers have access to the information they need to make sound decisions Seeks to encompass the range of major risks that threatens agencies’ ability to implement their missions, programs, and operations Agencies should build their capabilities: first to conduct more effective risk management then to implement ERM, rating those risks in terms of impact and finally building internal controls to monitor and assess the risk developments at various time points

18 Establishing ERM In Management Practices
Many approaches to ERM implementation; most include the following elements: 1. Establish the Context – understand the internal and external organizational environment 2. Initial Risk Identification – use a structured and systematic approach to identify undesired outcomes or opportunities 3. Analyze and Evaluate Risks – consider the causes, sources, probability of the risk occurring; the potential outcomes; prioritize the results 4. Develop Alternatives – systematically identify and assess range of risk responses guided by risk appetite

19 Establishing ERM In Management Practices
Many approaches to ERM implementation; most include the following elements: 5. Respond to Risks – make decisions about the best options(s); prepare and execute the selected response strategy 6. Monitor and Review – evaluate and monitor performance to determine whether the implemented options achieved the objectives 7. Continuous Risk-Identification – an iterative process, occurring throughout the year

20 Establishing ERM In Management Practices
Illustrative Example of an Enterprise Risk Management Model

21 Establishing ERM In Management Practices – Governance
Risk management functions generally have the following characteristics: Help senior management develop and implement core ERM policies and procedures Ensure current risk levels and processes are consistent with established risk tolerance thresholds and policies Support implementation of effective controls Develop strong reporting systems and analysis that incorporate quantitative and qualitative information to provide effective portfolio views of risk Identify emerging risks; concentrations of risk Elevate critical issues to appropriate levels timely Risk Management Council provides governance for the risk management function; Chief Risk Officer champions agency-wide risk management efforts

22 Establishing ERM In Management Practices – Risk Profiles
Agencies must maintain a risk profile A risk profile is a prioritized inventory of the most significant risks identified and assessed through the risk assessment process Differs from a risk register which is a complete inventory of risks A risk profile: Identifies positive (opportunities) and negative (threats) sources of uncertainty Provides analysis of the risks faced in achieving strategic objectives Identifies options for addressing significant risks Facilitates a determination around the aggregate level and types of risk willing to assume to achieve its strategic objectives  The risk profile must consider risks from a portfolio perspective and be approved by the RMC or equivalent

23 Establishing ERM In Management Practices – Risk Profiles
Agencies have discretion in content; risk profiles generally should include: 1. Identification of Objectives – risk must be analyzed in relation to achievement of the strategic objectives established in the strategic plan 2. Identification of Risk – initial risk identification; continuous risk identification 3. Inherent Risk Assessment – exposure arising from a specific risk before any action has been taken to manage it beyond normal operations 4. Current Risk Response – action taken to manage the risk

24 Establishing ERM In Management Practices – Risk Profiles
Agencies have discretion in content; risk profiles generally should include: 5. Residual Risk Assessment – exposure remaining from an inherent risk after action has been taken to manage it 6. Proposed Risk Response – additional action proposed to further reduce the exposure remaining after the risk mitigation actions have been taken 7. Proposed Action Category – identification of the existing management process that will be used to implement and monitor proposed actions Table 1 (pdf page 17/51) Illustrative Example of a Risk Profile

25 Establishing ERM In Management Practices – Implementation
The management of risk must be regularly reviewed At a minimum, management’s risk management review processes must: ensure that all aspects of ERM are reviewed at least once a year ensure that risks themselves are subject to review with appropriate frequency make provisions for alerting the appropriate level of management Approach for developing risk profiles and implementing ERM should be refined and improved each year Initial risk profiles by June 2, 2017 Integrate ERM with management evaluation of IC by September15, 2017 Updated risk profile annually by June 3 

26 Establishing And Operating An Effective System Of Internal Control
The FMFIA requires the GAO to prescribe standards of internal control in the Federal Government (Green Book) An entity’s objectives and related risks can be classified into categories: Operations: Effectiveness and efficiency of operations Reporting: Reliability of reporting for internal and external use Compliance: Compliance with applicable laws and regulations FMFIA also requires OMB to establish guidelines for agencies to evaluate their systems of internal control to determine FMFIA compliance Internal control should not be an isolated management tool Agencies must integrate their efforts to meet the requirements of the FMFIA with ERM requirements An effective internal control system increases the likelihood that an entity achieves its objectives

27 Establishing And Operating An Effective System Of Internal Control
Management’s responsibility is to develop and maintain effective internal control consistent with its risk appetite and risk tolerance levels  Balance between risk, controls, cost and benefit Too many controls can result in inefficient and ineffective government; benefit > cost Senior Management Council (SMC) provides governance in assessing and monitoring deficiencies in internal control Recommend to the agency head which SDs are deemed to be MWs, and included in the annual FMFIA assurance statement Oversee timely implementation of corrective actions Determine when sufficient action has been taken to remediate SD or MW

28 Establishing And Operating An Effective System Of Internal Control
Establish entity level control A primary step in operating an effective system of internal control ELCs have a pervasive effect on an entity’s internal control system and pertain to multiple components Mostly within the following components: Control Environment Risk Assessment Information and Communication Monitoring Also include controls related to use of service organizations and management override of internal control and fraud

29 Establishing And Operating An Effective System Of Internal Control
Service Organization internal control considerations Management’s responsibility for the performance of the third party – receiving agency is ultimately responsible for the services and processes provided as they relate to the agency’s ability to maintain internal control Establish user controls – input/output controls, performance monitoring, process controls Complements the service organization’s controls Service organization oversight – will vary based on extent of services provided and significance to the agency’s achievement of internal control objectives Service organization assurances – through a SOC I Type 2 report Assess control design and operating effectiveness

30 Establishing And Operating An Effective System Of Internal Control
Managing Fraud Risks in Federal Programs Fraud – obtaining something of value through willful misrepresentation Green Book Principle 8 requires management to consider the potential for fraud when identifying, analyzing, and responding to risks Management has overall responsibility for establishing internal controls to manage the risk of fraud The agency’s Risk Profile must include an evaluation of fraud risks and use a risk- based approach to design and implement financial and administrative control activities to mitigate identified material fraud risks GAO’s Fraud Risk Management Framework (GAO SP) identifies leading practices for managing fraud risks and organizes them into a conceptual framework 

31 Assessing Internal Control
Agency managers must continuously monitor the effectiveness of internal control, and conduct periodic evaluations to provide the basis for the annual assessment and report on internal control as required by the FMFIA Agency management must determine the appropriate level of documentation needed to support this assessment Green Book provides documentation requirements (Appendix I: Requirements) that are a necessary part of an effective internal control system Agency’s assessment of internal control may be documented using a variety of information sources  Management reviews, program evaluations, acquisition assessments, IPERA assessments, OIG audits, Appendix A assessments Use of information should take into consideration the completeness of the assessment and whether the process included an evaluation of internal control Agency managers and employees should identify deficiencies in internal control from information sources

32 Assessing Internal Control
Process must include an assessment of compliance with each Green Book component and principle Management is responsible for evaluating whether a system of internal control reduces the risk of not achieving objectives related to operations, reporting, or compliance to an acceptable level In evaluating internal control, management follows risk-based approach: Conduct an assessment of internal control Prepare a summary of internal control deficiencies Conclude on internal control principles Conclude on internal control components Conclude on overall assessment of system of internal control Each principle supports the design, implementation, operational effectiveness of the associated component If one principle is ineffective, management is unable to conclude that the component is effective.

33 Correcting Internal Control Deficiencies
Correcting control deficiencies is an integral part of management accountability and must be considered a priority Ability to correct control deficiencies is an indicator of the strength of its internal control environment Effective remediation of control deficiencies is essential to achieving the objectives of the FMFIA Uncorrected or longstanding control deficiencies must be considered in determining the overall effectiveness of internal control  The corrective action process addresses the risk associated with a control deficiency Agencies should perform a root-cause analysis of the deficiency CAP should address the root cause Incorporate OIG and GAO findings, but auditors are not responsible for identifying root causes of control deficiencies

34 Correcting Internal Control Deficiencies
A summary of the CAPs for MWs not fully mitigated must be included in the AFR, PAR, or other management report Management must maintain more thoroughly detailed corrective action plans internally, which must be made available for OMB and audit review Circular A-123 (pdf page 37/51) specifies requirements for management’s process for resolution and corrective action of internal control deficiencies Communicate to appropriate level Determine resources to correct Critical path milestones Prompt resolution and validation Maintain records of status A determination that a control deficiency has been corrected should be made by the Senior Accountable Official only when sufficient corrective actions have been taken and validated

35 Reporting on Internal Controls
Annual Assurance Statement Includes the assurance statement, a summary of the process to assess internal control, and resulting MWs and CAPs as of 9/30/XX  Related to FMFIA Section 2 and 4 Section 2 requires (i) a statement on whether there is reasonable assurance that the Agency's controls are achieving their intended objectives; and (ii) a report on MWs in the agency's controls Section 4 requires a report on whether the agency’s financial management systems comply with system requirements of the Federal Financial Management Improvement Act and Appendix D to OMB Circular No. A-123 Unmodified Modified Statement of no assurance

36 Reporting on Internal Controls
Reporting Pursuant to OMB Circular No. A-123, Appendix A Appendix A provides a methodology to assess, document and report on ICOFR Assurance statement on ICOFR is a subset of the overall FMFIA assurance statement Reporting Pursuant to Integration of ERM and Internal Control Management has discretion in determining the scope of operations, reporting, and compliance objectives based on the risk profile Required to provide assurances on process to identify risks and establish controls or integrate existing controls to the identified risk Until an agency has fully implemented an ERM approach to risk management, may continue to provide the existing risk assurance statements to their OIG and/or private accounting firms

37 Additional Considerations
Managing Privacy Risks in Federal Programs Conducting Acquisition Assessments under OMB Circular No. A-123  Managing Grants Risks in Federal Programs  Managing Antideficiency Act Risks 

38 Appendix A Internal Control Over Financial Reporting
Internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting Five Step Assessment Process Step 1: Planning Step 2: Evaluating Internal Control at the Entity Level Step 3: Evaluating Internal Control at the Process Level Step 4: Testing Controls at the Transaction Level Step 5: Concluding, Reporting and Correcting Implementation Guidance assists agencies in implementing and complying with requirements of Appendix A Describes the five step assessment process; provides examples to meet documentation requirements

39 Step 1: Plan Establish a Senior Assessment Team (SAT)
Determines scope and objectives of the assessment Analyzes test results and reports on results of assessment Monitors progress of corrective action Top-Down Focus Helps focus resources on material and at risk items Begins with significant financial reports and works back to key processes, controls and supporting documentation Integrate and leverage reviews already conducted Determine scope of financial reports to be assessed Determine key business processes that support material line items; crosswalk line items to business cycles

40 Step 1: Plan Determine materiality
Subject to judgment, but set lower than audit materiality Identify relevant financial reporting assertions Existence or Occurrence Completeness Rights and Obligations Valuation or Allocation Presentation and Disclosure Summarize specific risks of misstatement for each significant line item, assess risk for each assertion, document this assessment Document the assessment methodology including basis for decisions made during planning

41 Example: Scoping and Planning Documentation

42 Step 2: Evaluate Internal Control at the Entity Level
Generally accomplished through observation, inquiry, and inspection, rather than detailed testing applied to transaction or process level controls Evaluate the components of internal control Control Environment Risk Assessment Control Activities Information and Communication Monitoring Document the understanding obtained and the evaluation of the design of each component

43 Example: Entity Level Matrix

44 Step 3: Evaluate Internal Control at the Process Level
Understand key financial reporting processes Cross-walk business processes to material line items or accounts Identify key controls Key controls address the relevant assertions for a material activity or risk Focus on testing key controls Understand control design Evaluate controls of cross-servicing providers and service organizations Most likely rely on SOC I Type II report Document key business processes and related key controls Flowcharts, org charts, policy manuals, questionnaires, process memos Understand how financial reporting is supported by systems

45 Step 4: Test at the Transaction Level
Risk based approach to determine when to test key controls Establish a baseline on operating effectiveness of key controls Not all controls tested every year, but must be tested at least every three years No known deficiencies No changes in design or operation since last tested Four basic types of tests Inquiry Inspection Observation Re-performance Extent of testing subject to management’s judgment Consider complexity of control and frequency of application Manual versus automated

46 Step 4: Test at the Transaction Level
Control gap No control in place Control in place but not adequately designed Control in place and adequately designed, but not operating effectively Compensating control A technique to mitigate control gap Should be considered as part of control assessment

47 Example: Risk and Control Matrix

48 Step 5: Conclude, Report, and Correct
Concluding on Effectiveness Internal Control Deficiency Significant Deficiency Material weakness Reporting Significant deficiencies tracked internally Material weaknesses reported in assurance statement Change in Status Correcting Deficiencies and Weaknesses Develop corrective action plan and monitor progress

49 Conclude on Effectiveness
Internal Control Deficiency Exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis Significant Deficiency Deficiency in internal control, or a combination of deficiencies Adversely affects agency’s ability to initiate, authorize, record, process, or report financial data reliably in accordance with GAAP More than remote likelihood that a financial statement misstatement that is more than inconsequential will not be prevented or detected Material Weakness Significant deficiency, or combination of significant deficiencies More than remote likelihood that a material financial statement misstatement will not be prevented or detected

50 Reporting Internal Reporting
Significant deficiencies are tracked internally Corrective action plans should be developed and implemented External Reporting Material weaknesses reported in assurance statement Statement of Assurance Management is responsible Identify A-123 as framework Assessment of effectiveness of controls Unqualified Qualified Statement of No Assurance

51 Example: Annual Assurance Statement
Assurance Statement on Internal Control Over Operations: The SEC management is responsible for establishing and maintaining effective internal control that meets the objectives of the Federal Managers’ Financial Integrity Act of 1982 (FMFIA). In accordance with OMB Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control, the SEC conducted its annual assessment of the effectiveness of internal controls. Based on the results of this evaluation, internal controls over financial reporting were found to be effective as of September 30, One material weakness related to cybersecurity risks was identified in internal control over the effectiveness and efficiency of operations as of September 30, Other than the one material weakness described within this section, the internal controls were operating effectively.

52 Example: Annual Assurance Statement
Assurance Statement on Internal Control Over Financial Reporting (ICFR): In accordance with OMB Circular A-123 Appendix A, Internal Control Over Reporting, the SEC conducted its assessment of the effectiveness of internal control over financial reporting, which includes safeguarding of assets and compliance with applicable laws and regulations. Based on the results of the assessment, the SEC is able to provide reasonable assurance that the internal controls over financial reporting, both for the agency as a whole and for the Investor Protection Fund, met the objectives of FMFIA and were operating effectively as of September 30, No material weaknesses were found in the design or operation of controls.

53 Example: Annual Assurance Statement
SEC also conducted reviews of its financial management systems in accordance with OMB Circular A-123 Appendix D, Compliance with the Federal Financial Management Improvement Act. Based on the results of these reviews, SEC can provide reasonable assurance that its financial management systems substantially comply with the requirements of the FFMIA as of September 30, 2017

54 Change in Status Changes from June 30 to Sept 30
Material weakness discovered by June 30, but corrected before September 30 Revise assurance statement to identify the material weakness, the corrective action taken, and that it has been resolved Control must have been in place for a sufficient period to be properly tested Material weakness discovered after June 30, but prior to the PAR issuance Revise assurance statement to include the identified material weakness

55 Speaker Contact Information Melinda J. DeCorte CPA, CFE, CGFM, PMP Direct (703)

Download ppt "Association of Government Accountants – Boston Chapter"

Similar presentations

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.

Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September.

Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September.
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Purpose of the Standards

Purpose of the Standards
Nature of an Integrated Audit

Nature of an Integrated Audit
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Chicagoland IASA Spring Conference

Chicagoland IASA Spring Conference
Information Technology Audit

Information Technology Audit
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253

IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
Audit objectives, Planning The Audit

Audit objectives, Planning The Audit
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING

Similar presentations

Ads by Google