Executive's Guide to COSO Internal Controls

Essential guidance on the revised COSO internal controls framework

Need the latest on the new, revised COSO internal controls framework? Executive's Guide to COSO Internal Controls provides a step-by-step plan for installing and implementing effective internal controls with an emphasis on building improved IT as well as other internal controls and integrating better risk management processes. The COSO internal controls framework forms the basis for establishing Sarbanes-Oxley compliance and internal controls specialist Robert Moeller looks at topics including the importance of effective systems on internal controls in today's enterprises, the new COSO framework for effective enterprise internal controls, and what has changed since the 1990s internal controls framework.

• Written by Robert Moeller, an authority in internal controls and IT governance

• Practical, no-nonsense coverage of all three dimensions of the new COSO framework

• Helps you change systems and processes when implementing the new COSO internal controls framework

• Includes information on how ISO internal control and risk management standards as well as COBIT can be used with COSO internal controls

• Other titles by Robert Moeller: IT Audit, Control, and Security, Executives Guide to IT Governance

Under the Sarbanes-Oxley Act, every corporation has to assert that their internal controls are adequate and public accounting firms certifying those internal controls are attesting to the adequacy of those same internal controls, based on the COSO internal controls framework. Executive's Guide to COSO Internal Controls thoroughly considers improved risk management processes as part of the new COSO framework; the importance of IT systems and processes; and risk management techniques.

Autorentext

ROBERT R. MOELLER, CPA, CISA, CISSP, is an internal audit specialist and project manager with a strong understanding of information systems, corporate governance, and security. He has over twenty-five years of experience in internal auditing, ranging from launching new internal audit functions in several companies to serving as audit director for a Fortune 50 corporation. He held positions with Grant Thornton (National Director of Computer Auditing) and Sears Roebuck (Audit Director). He is the former president of the Institute of Internal Auditors' Chicago chapter and has served on the IIA's International Advanced Technology Committee. He is also the former chair of the AICPA's Computer Audit Subcommittee. Moeller has written six other books.

Zusammenfassung
Essential guidance on the revised COSO internal controls framework Need the latest on the new, revised COSO internal controls framework? Executive's Guide to COSO Internal Controls provides a step-by-step plan for installing and implementing effective internal controls with an emphasis on building improved IT as well as other internal controls and integrating better risk management processes. The COSO internal controls framework forms the basis for establishing Sarbanes-Oxley compliance and internal controls specialist Robert Moeller looks at topics including the importance of effective systems on internal controls in today's enterprises, the new COSO framework for effective enterprise internal controls, and what has changed since the 1990s internal controls framework.

• Written by Robert Moeller, an authority in internal controls and IT governance
• Practical, no-nonsense coverage of all three dimensions of the new COSO framework
• Helps you change systems and processes when implementing the new COSO internal controls framework
• Includes information on how ISO internal control and risk management standards as well as COBIT can be used with COSO internal controls
• Other titles by Robert Moeller: IT Audit, Control, and Security, Executives Guide to IT Governance
  Under the Sarbanes-Oxley Act, every corporation has to assert that their internal controls are adequate and public accounting firms certifying those internal controls are attesting to the adequacy of those same internal controls, based on the COSO internal controls framework. Executive's Guide to COSO Internal Controls thoroughly considers improved risk management processes as part of the new COSO framework; the importance of IT systems and processes; and risk management techniques.

Inhalt

Preface ix

Chapter 1: Importance of the COSO Internal Control Framework 1

The Importance of Enterprise Internal Controls 2

What Are Enterprise Internal Controls? 3

Understanding the COSO Internal Control Framework: How to Use This Book 4

Chapter 2: How We Got Here: Internal Control Background 5

Early Defi nitions of Internal Controls: Foreign Corrupt Practices Act of 1977 7

The FCPA and Internal Controls Today 8

Events Leading Up to the Treadway Commission 9

Earlier AICPA Auditing Standards: SAS Nos. 55 and 78 10

The Treadway Committee Report 11

The Original COSO Internal Control Framework 12

The Sarbanes-Oxley Act and Internal Accounting Controls 15

Notes 28

Chapter 3: COSO Internal Controls: The New Revised Framework 29

Understanding Internal Controls 30

Revised Framework Business and Operating Environment Changes 32

The Revised COSO Internal Control Framework 35

COSO Internal Control Principles 37

COSO Objectives and Business Operations 38

Sources for More Information 40

Chapter 4: COSO Internal Control Components: Control Environment 41

Importance of the Control Environment 41

Control Environment Principle 1: Integrity and Ethical Values 43

Control Environment Principle 2: Role of the Board of Directors 48

Control Environment Principle 3: The Need for Authority and Responsibility 49

Control Environment Principle 4: Human Resource Strengths 51

Control Environment Principle 5: Individual Internal Control Responsibilities 54

COSO Control Environment in Perspective 56

Chapter 5: COSO Internal Control Components: Risk Assessment 59

Risk Assessment Component Principles 60

Risk Identification and Analysis 62

Risk Response Strategies 66

Fraud Risk Analysis 69

COSO Risk Assessment and the Revised Internal Control Framework 70

Notes 71

Chapter 6: COSO Internal Control Components: Control Activities 73

COSO Control Activity Principles 74

COSO Control Activities Today 85

Chapter 7: COSO Internal Control Components: Information and Communication 87

Information and Communications: What Has Changed? 87

Information and Communication Principle 1: Use of Relevant Information 89

Information and Communication Principle 2: Internal Communications 96

Information and Communication Principle 3: External Communications 100

The Importance of COSO Information and Communication 102

Notes 103

Chapter 8: COSO Internal Control Components: Monitoring Activities 105

Importance of COSO Monitoring Internal Control Activities 106

COSO Monitoring Principle 1: Conduct Ongoing and Separate Evaluations 108

COSO Monitoring Principle 2: Evaluate and Communicate Deficiencies 112

COSO Internal Control Monitoring in Perspective 115

Note 115

Chapter 9: COSO Internal Control GRC Operations Controls 117

COSO Operations Objectives 117

Planning and Budgeting Operations Controls 119

IT Systems Operations Controls 123

Operations Procedure Controls and Service Catalogs 133

Importance of COSO Operations Controls 135

Note 135

Chapter 10: COSO Reporting Processes 137

COSO Reporting Objectives 137

COSO External Financial Reporting Controls 139

COSO Internal Financial Reporting Controls 141

COSO External Nonfinancial Reporting Controls 149

COSO Internal Nonfinancial Reporting Controls 149

Importance of COSO Reporting Controls 150

Note 151

**Chapter 11: COSO Legal, Regulatory, and Compliance Objectives 153…