COSO 2013 Risk Assessment Compliance

Course details

It's been more than 20 years since the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its Internal Control—Integrated Framework (the original framework). The new framework will become effective in December 2014. Professionals must first obtain a basic understanding of the concepts, principles and potential impact, including changes from the 1992 framework and the key COSO components and related principles.

COSO 2013 maintains the same five components previously identified within the 1992 framework.  These include:

• Control Environment
• Risk Assessment
• Control Activities
• Information & Communication
• Monitoring

This course is designed to focus on the Risk Assessment component and the four separate principles that support this component. 

Risk Assessment involves a dynamic and iterative process. It considers changes in the external environment/business model that may impede achievement of objectives.  Every entity faces a variety of risks from both internal and external sources.  Risk assessment forms a basis by which risk will be managed.

• The organization must specify objectives with sufficient clarity to enable the identification of risks relating to the objective. 
• The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.
• The organization considers the potential for fraud in assessing risks to the achievement of objectives.
• The organization identifies and assesses changes that could significantly impact the system of IC.

Management and the external auditors must understand each of these principles and be able to adequately support that they exist and are appropriately designed and functioning.  In addition, the components must effectively work in combination to provide for a positive attestation to internal controls.

The course dissects the four principles and important concepts that companies need to understand and support in order to provide that the Risk Assessment principles are in place and functioning.  We also discuss concepts related to mapping the principles to controls within the organization.