You are previewing Executive's Guide to COSO Internal Controls: Understanding and Implementing the New Framework.
O'Reilly logo
Executive's Guide to COSO Internal Controls: Understanding and Implementing the New Framework

Book Description

Essential guidance on the revised COSO internal controls framework

Need the latest on the new, revised COSO internal controls framework? Executive's Guide to COSO Internal Controls provides a step-by-step plan for installing and implementing effective internal controls with an emphasis on building improved IT as well as other internal controls and integrating better risk management processes. The COSO internal controls framework forms the basis for establishing Sarbanes-Oxley compliance and internal controls specialist Robert Moeller looks at topics including the importance of effective systems on internal controls in today's enterprises, the new COSO framework for effective enterprise internal controls, and what has changed since the 1990s internal controls framework.

  • Written by Robert Moeller, an authority in internal controls and IT governance

  • Practical, no-nonsense coverage of all three dimensions of the new COSO framework

  • Helps you change systems and processes when implementing the new COSO internal controls framework

  • Includes information on how ISO internal control and risk management standards as well as COBIT can be used with COSO internal controls

  • Other titles by Robert Moeller: IT Audit, Control, and Security, Executives Guide to IT Governance

  • Under the Sarbanes-Oxley Act, every corporation has to assert that their internal controls are adequate and public accounting firms certifying those internal controls are attesting to the adequacy of those same internal controls, based on the COSO internal controls framework. Executive's Guide to COSO Internal Controls thoroughly considers improved risk management processes as part of the new COSO framework; the importance of IT systems and processes; and risk management techniques.

    Table of Contents

    1. Cover
    2. Series
    3. Title Page
    4. Copyright
    5. Preface
    6. Chapter 1: Importance of the COSO Internal Control Framework
      1. THE IMPORTANCE OF ENTERPRISE INTERNAL CONTROLS
      2. WHAT ARE ENTERPRISE INTERNAL CONTROLS?
      3. UNDERSTANDING THE COSO INTERNAL CONTROL FRAMEWORK: HOW TO USE THIS BOOK
    7. Chapter 2: How We Got Here: Internal Control Background
      1. EARLY DEFINITIONS OF INTERNAL CONTROLS: FOREIGN CORRUPT PRACTICES ACT OF 1977
      2. THE FCPA AND INTERNAL CONTROLS TODAY
      3. EVENTS LEADING UP TO THE TREADWAY COMMISSION
      4. EARLIER AICPA AUDITING STANDARDS: SAS NOS. 55 AND 78
      5. THE TREADWAY COMMITTEE REPORT
      6. THE ORIGINAL COSO INTERNAL CONTROL FRAMEWORK
      7. THE SARBANES-OXLEY ACT AND INTERNAL ACCOUNTING CONTROLS
      8. NOTES
    8. Chapter 3: COSO Internal Controls: The New Revised Framework
      1. UNDERSTANDING INTERNAL CONTROLS
      2. REVISED FRAMEWORK BUSINESS AND OPERATING ENVIRONMENT CHANGES
      3. THE REVISED COSO INTERNAL CONTROL FRAMEWORK
      4. COSO INTERNAL CONTROL PRINCIPLES
      5. COSO OBJECTIVES AND BUSINESS OPERATIONS
      6. SOURCES FOR MORE INFORMATION
    9. Chapter 4: COSO Internal Control Components: Control Environment
      1. IMPORTANCE OF THE CONTROL ENVIRONMENT
      2. CONTROL ENVIRONMENT PRINCIPLE 1: INTEGRITY AND ETHICAL VALUES
      3. CONTROL ENVIRONMENT PRINCIPLE 2: ROLE OF THE BOARD OF DIRECTORS
      4. CONTROL ENVIRONMENT PRINCIPLE 3: THE NEED FOR AUTHORITY AND RESPONSIBILITY
      5. CONTROL ENVIRONMENT PRINCIPLE 4: HUMAN RESOURCE STRENGTHS
      6. CONTROL ENVIRONMENT PRINCIPLE 5: INDIVIDUAL INTERNAL CONTROL RESPONSIBILITIES
      7. COSO CONTROL ENVIRONMENT IN PERSPECTIVE
    10. Chapter 5: COSO Internal Control Components: Risk Assessment
      1. RISK ASSESSMENT COMPONENT PRINCIPLES
      2. RISK IDENTIFICATION AND ANALYSIS
      3. RISK RESPONSE STRATEGIES
      4. FRAUD RISK ANALYSIS
      5. COSO RISK ASSESSMENT AND THE REVISED INTERNAL CONTROL FRAMEWORK
      6. NOTES
    11. Chapter 6: COSO Internal Control Components: Control Activities
      1. COSO CONTROL ACTIVITY PRINCIPLES
      2. COSO CONTROL ACTIVITIES TODAY
    12. Chapter 7: COSO Internal Control Components: Information and Communication
      1. INFORMATION AND COMMUNICATIONS: WHAT HAS CHANGED?
      2. INFORMATION AND COMMUNICATION PRINCIPLE 1: USE OF RELEVANT INFORMATION
      3. INFORMATION AND COMMUNICATION PRINCIPLE 2: INTERNAL COMMUNICATIONS
      4. INFORMATION AND COMMUNICATION PRINCIPLE 3: EXTERNAL COMMUNICATIONS
      5. THE IMPORTANCE OF COSO INFORMATION AND COMMUNICATION
      6. NOTES
    13. Chapter 8: COSO Internal Control Components: Monitoring Activities
      1. IMPORTANCE OF COSO MONITORING INTERNAL CONTROL ACTIVITIES
      2. COSO MONITORING PRINCIPLE 1: CONDUCT ONGOING AND SEPARATE EVALUATIONS
      3. COSO MONITORING PRINCIPLE 2: EVALUATE AND COMMUNICATE DEFICIENCIES
      4. COSO INTERNAL CONTROL MONITORING IN PERSPECTIVE
      5. NOTE
    14. Chapter 9: COSO Internal Control GRC Operations Controls
      1. COSO OPERATIONS OBJECTIVES
      2. PLANNING AND BUDGETING OPERATIONS CONTROLS
      3. IT SYSTEMS OPERATIONS CONTROLS
      4. OPERATIONS PROCEDURE CONTROLS AND SERVICE CATALOGS
      5. IMPORTANCE OF COSO OPERATIONS CONTROLS
      6. NOTE
    15. Chapter 10: COSO Reporting Processes
      1. COSO REPORTING OBJECTIVES
      2. COSO EXTERNAL FINANCIAL REPORTING CONTROLS
      3. COSO INTERNAL FINANCIAL REPORTING CONTROLS
      4. COSO EXTERNAL NONFINANCIAL REPORTING CONTROLS
      5. COSO INTERNAL NONFINANCIAL REPORTING CONTROLS
      6. IMPORTANCE OF COSO REPORTING CONTROLS
      7. NOTE
    16. Chapter 11: COSO Legal, Regulatory, and Compliance Objectives
      1. IMPORTANCE OF ENTERPRISE COMPLIANCE CONTROLS
      2. REGULATORY COMPLIANCE CONTROL ISSUES
      3. INTERNAL CONTROLS AND LEGAL ISSUES
      4. COMPLIANCE WITH PROFESSIONAL AND OTHER STANDARDS
    17. Chapter 12: Internal Control Entity and Organizational GRC Relationships
      1. INTERNAL CONTROLS FROM AN ORGANIZATIONAL GRC PERSPECTIVE
      2. ENTERPRISE GOVERNANCE OVERALL CONCEPTS
      3. BUSINESS ENTITY–LEVEL INTERNAL CONTROLS
      4. DIVISIONAL AND FUNCTIONAL UNIT INTERNAL CONTROLS
      5. DEPARTMENT- AND UNIT-LEVEL INTERNAL CONTROLS
      6. ORGANIZATION AND GRC CONTROLS IN PERSPECTIVE
      7. NOTE
    18. Chapter 13: COSO, Service Management, and Effective IT Controls
      1. IMPORTANCE OF IT GENERAL CONTROLS
      2. IT GOVERNANCE GENERAL CONTROLS
      3. IT MANAGEMENT GENERAL CONTROLS
      4. CLIENT-SERVER AND SMALLER SYSTEMS GENERAL IT CONTROLS
      5. ITIL SERVICE MANAGEMENT BEST PRACTICES
      6. SERVICE DELIVERY BEST PRACTICES
      7. NOTES
    19. Chapter 14: Cloud Computing, Virtualization, and Wireless Networks
      1. INTERNAL CONTROLS FOR IT WIRELESS NETWORKS
      2. CLOUD COMPUTING AND COSO INTERNAL CONTROLS
      3. STORAGE MANAGEMENT VIRTUALIZATION
      4. COSO INTERNAL CONTROLS AND NEWER TECHNOLOGIES
      5. NOTE
    20. Chapter 15: Another Framework: COSO ERM
      1. ERM DEFINITIONS AND THE ERM PORTFOLIO VIEW OF RISK
      2. THE COSO ERM FRAMEWORK MODEL
      3. OTHER DIMENSIONS OF THE ERM FRAMEWORK
      4. COSO ERM AND THE REVISED INTERNAL CONTROL FRAMEWORK
      5. NOTES
    21. Chapter 16: Understanding and Using COBIT
      1. AN EXECUTIVE’S INTRODUCTION TO COBIT
      2. USING COBIT TO ASSESS ENTERPRISE INTERNAL CONTROLS
      3. MAPPING COBIT TO COSO INTERNAL CONTROLS
      4. NOTES
    22. Chapter 17: ISO Internal Control and Risk Management Standards
      1. BACKGROUND AND IMPORTANCE OF ISO STANDARDS IN A GLOBAL COMMERCE WORLD
      2. ISO STANDARDS OVERVIEW
      3. ISO STANDARDS AND THE COSO INTERNAL CONTROL FRAMEWORK
      4. NOTES
    23. Chapter 18: COSO Internal Controls in the Board Room
      1. BOARD DECISIONS AND INTERNAL CONTROL PROCESSES
      2. BOARD ORGANIZATION AND GOVERNANCE RULES
      3. CORPORATE CHARTERS AND THE BOARD COMMITTEE STRUCTURE
      4. THE AUDIT COMMITTEE AND MANAGING INTERNAL CONTROLS
      5. BOARD MEMBER INTERNAL CONTROL KNOWLEDGE REQUIREMENTS
      6. COSO INTERNAL CONTROLS AND CORPORATE GOVERNANCE
      7. NOTES
    24. Chapter 19: Service Organization Control Reports and COSO Internal Controls
      1. IMPORTANCE OF SERVICE ORGANIZATION INTERNAL CONTROLS
      2. EARLY STEPS TO GAIN ASSURANCE: SAS 70
      3. SERVICE ORGANIZATION CONTROL (SOC) REPORTS
      4. RIGHT-TO-AUDIT CLAUSES
      5. INTERNAL CONTROL LIMITATIONS
    25. Chapter 20: Implementing the Revised COSO Internal Control Framework
      1. UNDERSTANDING WHAT IS NEW IN THE 2013 FRAMEWORK
      2. TRANSITIONING TO THE NEW COSO GUIDANCE
      3. STEPS TO BEGIN IMPLEMENTING THE NEW COSO INTERNAL CONTROL FRAMEWORK
    26. Index