SUNUM BAŞLIĞI VERDANA 60 PT, BOLD, MAVİ

By: Abdiansyah Prahasto

$D:\Users\aprahasto\Desktop\Shahada-Kufic-21x21-Ghazi-B1-940x940.png$

$D:\Users\aprahasto\Desktop\Kufic_Muhammad.jpg$

$D:\Users\aprahasto\Desktop\stock-photo-assalamualaikum-translated-as-peace-upon-you-in-arabic-square-kufi-murabba-calligraphy-style-93737317.jpg$

$D:\Users\aprahasto\Desktop\Bismillah2.gif$

$D:\Users\aprahasto\Desktop\Alhmadulillah.jpg$

$D:\Users\aprahasto\Desktop\shahadah1.jpg$

$D:\Users\aprahasto\Desktop\PG_SUBHANALLAH_1.jpg$

$D:\Users\aprahasto\Desktop\Shahada-Square-Kufic-420x135.png$

$D:\Users\aprahasto\Desktop\image0011.jpg$

2013 COSO Internal ControlIntegrated Framework

oIn 1992, the Committee Of Sponsoring Organizations of the TreadwayCommission (COSO) published Internal Control-Integrated Framework (1992framework) which has become commonly known as the COSO framework.

oIn May 2013, COSO issued an updated Internal Control-Integrated framework(2013 framework) to reflect changes in the business world for over 20 years sincethe original framework.

Introduction

Why update?

1.Regulatory scrutiny

Accounts for a growing web of global regulations, likefinancial reporting requirements and environmentalstandards.

2.Increased reliance on technology

Provides a principle directed at controls overtechnology—infrastructure, development, use, and linkswith other processes.

3.Expectation for additionalreporting

Extends to cover non-financial reporting objectives, likesustainability reports and customer satisfaction measures.

4.Complex, interconnectedbusiness

Helps you customize controls and see if they’resupporting multiple objectives and principles.

5.Accelerating pace of businesses

Provides principles that help you adapt controls forplanned changes and unforeseen circumstances—and keepthem in sync with the business

6.Greater complexity inmanagement models and legalstructures

Explicitly considers business models and helps you applycontrols across management operating models and legalentity structures

What is not changing?

1.Core definition of internal control.

“A process, effected by an entity’s board of directors, management and other personnel.This process is designed to provide reasonable assurance regarding the achievement ofobjectives in effectiveness and efficiency of operations, reliability of financialreporting, and compliance with applicable laws and regulations.”

2.Three categories of objectives and five components of internal control.

3.Each of the five components of internal control are required for effective internalcontrol.

4.Important role of judgment in designing, implementing and conducting internalcontrol, and in assessing its effectiveness.

What is changing?

1.The component of “Monitoring” has been changed to “MonitoringActivities”.

2.The component of “Financial Reporting” has been changed to “Reporting”.

What is changing?

3. Along the right side of the cube, the organization structure has been changed to alignwith COSO’s ERM Framework and also better illustrate that an effective internalcontrol structure permeates an entire organization at all functional levels bothindependently and interdependently.

$D:\Users\aprahasto\Desktop\COSO_ERM.gif$

2013 COSO Framework

COSO’S ERM Framework

What is changing?

4. It adds 17 new principles with 81 points of focus to the five components that arenecessary for effective internal control.

5. It contains more guidance on how technology relates to an entity’s internal controlstructure. The 2013 framework includes more focus on technology throughout thecomponents of internal control as well as broader focus on the impacts of thetechnology on the internal control structure rather than on the specific types oftechnology.

6. It includes expanded guidance and considerations related to outside resources, suchas third-party processors.

7. It expands the reporting aspects of internal control to consider more than justfinancial reporting, including external reporting of non-financial information andinternal reporting.

8. It includes additional guidance for business with global reach.

1. Control Environment

1992 COSO

2013 COSO

1.Communication andenforcement of integrity andethical values

1.The organization demonstrates a commitment to integrityand ethical values.

2.Commitment to competence

2.The Board of Directors (BoD) demonstratesindependence from management and exercises oversightof the development and performance of internal control.

3.Participation by those chargedwith governance (BoD, AC,management)

3.Management establishes, with board oversight,structures, reporting lines, and appropriate authorities andresponsibilities in the pursuit of objectives.

4.Management's Philosophy andOperating Style

4.The organization demonstrates a commitment to attract,develop, and retain competent individuals in alignmentwith objectives.

5.Organizational Structure

5.The organization holds individuals accountable for theirinternal control responsibilities in the pursuit ofobjectives.

6.Assignment of authority andresponsibility

7.Human resource policies andpractices

2. Risk Assessment

1992 COSO

2013 COSO

1. Company-wide Objectives

1.The organization specifies objectives with sufficient clarityto enable the identification and assessment of risks relatingto objectives.

2. Process-level Objectives

2.The organization identifies risks to the achievement of itsobjectives across the entity and analyzes risks as a basis fordetermining how the risks should be managed.

3. Risk Identification andAnalysis

3.The organization considers the potential for fraud inassessing risks to the achievement of objectives.

4. Managing Change

4.The organization identifies and assesses changes that couldsignificantly impact the system of internal control.

3. Control Activities

1992 COSO

2013 COSO

1. Policies and Procedures

1.The organization selects and develops control activitiesthat contribute to the mitigation of risks to theachievement of objectives to acceptable levels.

2. Security (Application andNetwork)

2.The organization selects and develops general controlactivities over technology to support the achievement ofobjectives.

3. Application Change Management

3.The organization deploys control activities throughpolicies that establish what is expected and proceduresthat put policies into action.

4. Business Continuity / Backups

5. Outsourcing

4. Information And Communication

1992 COSO

2013 COSO

1. Quality of Information

1.The organization obtains or generates and uses relevant,quality information to support the functioning of internalcontrol.

2. Effectiveness of Communication

2.The organization internally communicates information,including objectives and responsibilities for internalcontrol, necessary to support the functioning of internalcontrol.

3.The organization communicates with external partiesregarding matters affecting the functioning of internalcontrol.

5. Monitoring Activities

1992 COSO

2013 COSO

1. On-going Monitoring

1.The organization selects, develops, and performs ongoingand/or separate evaluations to ascertain whether thecomponents of internal control are present and functioning.

2. Separate Evaluations

2.The organization evaluates and communicates internalcontrol deficiencies in a timely manner to those partiesresponsible for taking corrective action, including seniormanagement and the BoD, as appropriate.

3. Reporting Deficiencies

81 points of focus

81 points of focus (Control Environment contd.)

81 points of focus

81 points of focus (Risk Assessment contd.)

81 points of focus

81 points of focus

81 points of focus

Transition

1.Updated Framework will supersede original Framework at the end of the transitionperiod (i.e., December 15, 2014).

2.Users are encouraged to transition applications and related documentation to theupdated Framework as soon as feasible.

3.During the transition period, external reporting should disclose whether the originalor updated version of the Framework was used.

How to start?

Management should:

1.Develop and implement a transition plan timely to meet key objectives – e.g., applyupdated Framework by December 31, 2014 for external reporting.

2.Mapping the Company’s existing internal control structure to the 2013 frameworkand identify any potential gap.

3.Mapping the 2013 points of focus to the Company’s current internal control andidentify any potential gap.

4.For identified gaps, management should develop and document a plan to remediatethe difference.

Internal Auditor is encouraged to:

1.Offer consulting service by presenting this COSO update to the audit committee, C-suite, operating unit and functional management or

2.Offer consulting service by assessing four points mentioned above or

3.Offer assurance service to assess the adequacy of management’s assessment on theupdated COSO framework.