COSO 2013 and The Auditor

2.747 visualizações

Publicada em

In 2013, COSO released their update to the COSO 1992 framework. This framework is used widely by public companies for SEC compliance. After working on updating their compliance efforts, many users are having discussions with their financial auditors about the use of the new standard.

This presentation looks at the needs of the auditor in understanding internal control and its documentation.

Publicada em: Negócios
  • Seja o primeiro a comentar

COSO 2013 and The Auditor

  1. 1. COSO 2013 and The Auditor What the auditor needs to know about COSO 2013 implementations. Corporate Compliance Seminars 1 Control. Comply. Communicate. John C. Blackshire, CPA / 479-200-4373 / jblackshire@compliance-seminars.net Property of Corporate Compliance Seminars www.compliance.seminars.com
  2. 2. Accountant, Auditor, IT Projects, Compliance Assessor, Sales Director, Trainer • The Accountware Group / Corporate Compliance Seminars • Training, system design, implementation, security, customization, support, documentation, change management • Walker Interactive Products • Financial system designer, financial system implementation, integration, user support, sales, training • Insurance Systems of America • Created and managed internal consulting organization, developed system implementation methodology, deployed accounting systems. • KPMG • Financial Auditor of insurance, financial services, manufacturing clients • Past Meeting Coordinator - IIA International Conference 2Property of Corporate Compliance Seminars www.compliance.seminars.com
  3. 3. “COSO is a bunch of policies and procedures. It can’t help us.” – CEO “We hire great people. They do a great job!” – HR Director“Our numbers are rock-solid!” – Internal Audit Director 3Property of Corporate Compliance Seminars www.compliance.seminars.com “We spent $30M and two years installing SAP. It has strong controls” - CIO
  4. 4. 4 The Situation Section 1 Why the COSO Committee? COSO 2013 and The Auditor Control. Comply. Communicate. John C. Blackshire, CPA Ph: 479-200-4373 / jblackshire@compliance-seminars.net © 2015 Corporate Compliance Seminars Property of Corporate Compliance Seminars www.compliance.seminars.com
  5. 5. 5 Organization of the Petroleum Exporting Countries (OPEC) - General prosperity - Decreased government spending - Tax reductions - Tightened money supply to stem inflation - Increased defense budget - Deregulation: “free market” economy - Oil price controls lifted Property of Corporate Compliance Seminars www.compliance.seminars.com
  6. 6. Problems in the 1970’s and 1980’s • Oil price skyrocketed; high interest rates; overvalued real estate; national debt tripled • Savings & Loan industry collapse; bribes from US companies • Business failures: Continental Bank; Crazy Eddie’s Electronics, ZZZZ Best, Inc. Solutions 1977: Foreign Corrupt Practices Act – anti-bribery and internal control requirements 1985: National Commission on Fraudulent Financial Reporting aka “Treadway Commission”. Mission: “To identify causal factors that can lead to fraudulent financial reporting.” 1987: Treadway Report 1990: CFO Act – Fiscal control in Federal agencies 1999: Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees 2002: Sarbanes-Oxley Act 6 Property of Corporate Compliance Seminars www.compliance.seminars.com
  7. 7. 7 1985 - Committee of Sponsoring Organizations (COSO) of the Treadway Commission was formed “to identify the causal factors that can lead to fraudulent financial reporting.” “COSO is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence.” Property of Corporate Compliance Seminars www.compliance.seminars.com
  8. 8. SEC: “The term internal control over financial reporting is defined as a process designed by, or under the supervision of, the issuer's principal executive and principal financial officers, or persons performing similar functions, and effected by the issuer's board of directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that: • Pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the issuer; • Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the issuer are being made only in accordance with authorizations of management and directors of the issuer; and • Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the issuer's assets that could have a material effect on the financial statements.” (Rule 13a-15 (f) ) 8 Property of Corporate Compliance Seminars www.compliance.seminars.com
  9. 9. 9 1992 2006 2009 2013 Guidance on Monitoring Internal Control Systems Internal Control — Integrated Framework Guidance for Smaller Public Companies Internal Control — Integrated Framework Property of Corporate Compliance Seminars www.compliance.seminars.com
  10. 10. Property of Corporate Compliance Seminars www.compliance.seminars.com Why update the “Internal Control – Integrated Framework”? • The 1992 framework was extremely poorly documented • Made significant changes to documentation of the framework to standardize the documentation of its usage • Codify criteria to use in development and assessment of systems of internal control • Expanded the business objectives being considered
  11. 11. Property of Corporate Compliance Seminars www.compliance.seminars.com What did not change... What changed... 1. Management is responsible for internal control 2. Five components of internal control 3. Three categories of internal control 4. The fundamental criteria used to assess effectiveness of systems of internal control 5. Use of judgment in evaluating the effectiveness of systems of internal control 1. Definition of internal control 2. Codification of principles with universal application for use in developing and evaluating the effectiveness of systems of internal control 3. Expanded financial reporting objective to address internal and external, financial and non-financial reporting objectives 4. Increased focus on operations, compliance and non-financial reporting objectives based on user input “The experienced reader will find much familiar in the updated Framework, which builds on what has proven effective in the original version.” COSO Update creates “Principles of Control” and “Points of Focus”
  12. 12. COSO 2013 Definition of “Internal Control” “A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding achievement of objectives related to operations, reporting, and compliance.” “Internal control is… • Geared to the achievement of objectives in one or more separate but overlapping categories • A process consisting of ongoing tasks and activities—it is a means to an end, not an end in itself • Effected by people—it is not merely about policy and procedure manuals, systems, and forms, but about people and the actions they take at every level of an organization to effect internal control • Able to provide reasonable assurance, not absolute assurance, to an entity’s senior management and board of directors • Adaptable to the entity structure—flexible in application for the entire entity or for a particular subsidiary, division, operating unit, or business process” Property of Corporate Compliance Seminars www.compliance.seminars.com 12
  13. 13. • “Effective internal control provides reasonable assurance regarding the achievement of objectives and requires that: • Each component and each relevant principle is present and functioning • The five components are operating together in an integrated manner” • “Each principle is suitable to all entities…” • “All principles are presumed relevant except in rare situations where management determines that a principle is not relevant to a component (e.g., governance, technology)” • “Components operate together when all components are present and functioning and internal control deficiencies aggregated across components do not result in one or more major deficiencies…” • “A major deficiency represents an internal control deficiency or combination thereof that severely reduces the likelihood that an entity can achieve its objectives…” Property of Corporate Compliance Seminars www.compliance.seminars.com
  14. 14. PoF Statements from COSO • “Points of focus may not be suitable or relevant, and others may be identified” • “Points of focus may facilitate designing, implementing, and conducting internal control assessments” • “There is no requirement to separately assess whether points of focus are in place” Property of Corporate Compliance Seminars www.compliance.seminars.com Control Environment Principle of Control 1 “The organization demonstrates a commitment to integrity and ethical values.” Points of Focus: • Sets the Tone at the Top • Establishes Standards of Conduct • Evaluates Adherence to Standards of Conduct • Addresses Deviations in a Timely Manner
  15. 15. • “The Framework does not prescribe controls to be selected, developed, and deployed for effective internal control.” • “An organization’s selection of controls to effect relevant principles and associated components is a function of management judgment based on factors unique to the entity.” • “A major deficiency in a component or principle cannot be mitigated to an acceptable level by the presence and functioning of other components and principles.” • “However, understanding and considering how controls effect multiple principles can provide persuasive evidence supporting management’s assessment of whether components and relevant principles are present and functioning.” Property of Corporate Compliance Seminars www.compliance.seminars.com
  16. 16. 16 The Problems Section 2 What are the issues within the Marketplace? COSO 2013 and The Auditor Control. Comply. Communicate. John C. Blackshire, CPA Ph: 479-200-4373 / jblackshire@compliance-seminars.net © 2015 Corporate Compliance Seminars Property of Corporate Compliance Seminars www.compliance.seminars.com
  17. 17. Guidance to PCAOB Staff • “Considerations of Audits of ICFR” • Issued October 24, 2013 • Based on past three years of inspections Areas 1. “Risk Assessment and the Audit of Internal Control” 2. “Selecting Controls to Test” 3. “Testing Management Review Controls” 4. “IT Considerations” 5. “Roll Forward of Controls Tested at an Interim Date” 6. “Using the Work of Others” 7. “Evaluating Identified Control Deficiencies” 17 “More than one in three audits inspected by the PCAOB were so deficient the auditors should not have signed off!” -CFO Journal January 2014 James R. Doty Chairman, PCAOB Property of Corporate Compliance Seminars www.compliance.seminars.com
  18. 18. 18 To Listen To Interpret To Hear What does audit mean?? Property of Corporate Compliance Seminars www.compliance-seminars.com
  19. 19. Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies relevant objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies Property of Corporate Compliance Seminars www.compliance.seminars.com
  20. 20. 20 COSO 1992 was not suitable to the SEC criteria. Where are the regulators going? Does Section 302 and 404 certification work? Why was COSO 1992 Updated? Property of Corporate Compliance Seminars www.compliance-seminars.com
  21. 21. 21 Was COSO 1992 free from bias. (36%) Was COSO 1992 sufficiently complete. (36%) Did COSO 1992 provide reasonable measurements. (34%) SEC Criteria under SOX 404 Property of Corporate Compliance Seminars www.compliance-seminars.com Was COSO 1992 relevant to evaluation of ICFR (40%)
  22. 22. 22 What happened in 2008? Is audit quality up or down? Are material weaknesses up or down? Does Section 302 and 404 certification work? Property of Corporate Compliance Seminars www.compliance-seminars.com How about investor returns?
  23. 23. 23 The Implications Section 3 What are the conditions we need to address? COSO 2013 and The Auditor Control. Comply. Communicate. John C. Blackshire, CPA Ph: 479-200-4373 / jblackshire@compliance-seminars.net © 2015 Corporate Compliance Seminars Property of Corporate Compliance Seminars www.compliance.seminars.com
  24. 24. 24 COSO 2013 the default standard. Can internal controls prevent or lessen economic issues? COSO has announced a rewrite of the COSO ERM Framework. Where are the regulators going? Property of Corporate Compliance Seminars www.compliance-seminars.com
  25. 25. 1. What is the definition of the risk brands being considered in the client’s internal control assessment? 2. Is the financial information recorded completely, accurately and timely and in agreement with US GAAP? 3. Are the financial accounting, compliance and operating practices documented and understood throughout the organization, including at off-site locations? 4. Are the internal controls adequate to detect and report errors and fraud? 5. Are we, the external auditors, independent and effective to report errors and deviations from GAAP, policies, procedures and internal controls? 6. Is the client’s Audit Committee independent and critically examining financial reports and fraud allegations? 7. Are key performance metrics, risks, controls and compliance activities maintained, monitored and continuously assessed? Property of Corporate Compliance Seminars www.compliance.seminars.com 25
  26. 26. Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies relevant objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies Property of Corporate Compliance Seminars www.compliance.seminars.com
  27. 27. 27 • “The use of entity-level control assessment is under-utilized.” • “Effective entity-level monitoring may eliminate or reduce the need for certain transaction-level controls.” • “Companies can significantly reduce the testing workload by properly designing robust and effective entity level controls.” Entity-level controls as % of total key controls Source: Ernst & Young Survey 2013 Property of Corporate Compliance Seminars www.compliance.seminars.com
  28. 28. The term “Entity-Level Controls” describes the aspects of a system of internal control that have a pervasive effect on the on the entity’s controls, such as: • controls related to the control environment (ex. management’s philosophy and operating authority and responsibility); • controls over management override; • the company’s risk assessment process; • centralized processing and controls including shared service environments; • controls to monitor results of operations; • controls to monitor other controls including activities of the internal audit function, the audit committee, and self-assessment programs; • controls over the period-end financial reporting process; and • policies that address significant business control and risk management practices. 28Property of Corporate Compliance Seminars www.compliance.seminars.com
  29. 29. 29 What Needs To Be Done Section 4 What is the auditor to do with COSO 2013? COSO 2013 and The Auditor Control. Comply. Communicate. John C. Blackshire, CPA Ph: 479-200-4373 / jblackshire@compliance-seminars.net © 2015 Corporate Compliance Seminars Property of Corporate Compliance Seminars www.compliance.seminars.com
  30. 30. 30 21-24. Operations Objectives 25-27. External Financial Reporting Objectives 28-30. External Non-Financial Reporting Objectives 31-33. Internal Reporting Objectives 34-35. Compliance Objectives Reflects Management’s Choices Considers Tolerances for Risk Operations and Financial Performance Goals Forms a Basis for Committing of Resources Complies with applicable accounting standards Considers Materiality Reflects Entity Activities Complies with Externally Established Standards and Frameworks Considers the Required Level of Precision Reflects Entity Activities Reflects Management’s Choices Considers the Required Level of Precision Reflects entity activities Reflects External Laws and Regulations Considers Tolerances for Risk “The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.” Points of Focus Property of Corporate Compliance Seminars www.compliance.seminars.com
  31. 31. 31 36. Includes Entity, Subsidiary, Division, Operating Unit and Functional Levels 37. Analyzes Internal and External Factors 38. Involves Appropriate Levels of Management 39. Estimates Significance of Risks Identified 40. Determines How to Respond to Risks The organization identifies and assesses risks at the entity, subsidiary, division, operating unit and functional levels relevant to the achievement of objectives. Risk identification considers both internal and external factors and their impact on the achievement of objectives. The organization puts into place effective risk assessment mechanisms that involve appropriate levels of management. Identified risks are analyzed through a process that includes estimating the potential significance of the risk. Risk assessment includes considering how the risk should be managed and whether to accept, avoid, reduce or share the risk. “The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.” Points of Focus Property of Corporate Compliance Seminars www.compliance.seminars.com
  32. 32. 32 41. Considers Various Types of Fraud 42. Assesses Incentives and Pressures 43. Assesses Opportunities 44. Assesses Attitudes and Rationalizations The assessment of fraud considers fraudulent reporting, possible loss of assets, and corruption [and management override of controls] resulting from the various ways that fraud and misconduct can occur The assessment of fraud risk considers incentives and pressures The assessment of fraud risk considers opportunities for unauthorized acquisition, use, or disposal of assets, altering of the entity’s reporting records, or committing other inappropriate act The assessment of fraud risk considers how management and other personnel might engage in or justify inappropriate actions “The organization considers the potential for fraud in assessing risks to the achievement of objectives.” Points of Focus Property of Corporate Compliance Seminars www.compliance.seminars.com
  33. 33. 33 45. Assesses Changes in the External Environment 46. Assesses Changes in the Business Model 47. Assesses Changes in Leadership The risk identification process considers changes in the regulatory, economic, and physical environment in which the entity operates The organization considers the potential impact of new business lines, dramatically altered compositions of existing lines, acquired or divested business operations on the system of internal control, rapid growth, changing reliance on foreign geographies and new technologies The organization considers changes in the management and respective attitudes and philosophies on the system of internal control “The organization identifies and assesses changes that could significantly impact the system of internal control.” Points of Focus Property of Corporate Compliance Seminars www.compliance.seminars.com
  34. 34. 34 Board-Level Actions Executive-Level Actions Department Head-Level Actions Middle Management-Level Actions Supervisory-Level Actions Staff-Level Actions * * * * * GLASS CEILING * * * * * Entity Activity Property of Corporate Compliance Seminars www.compliance.seminars.com
  35. 35. Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies relevant objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies Property of Corporate Compliance Seminars www.compliance.seminars.com
  36. 36. Property of Corporate Compliance Seminars www.compliance.seminars.com How has the company satisfied the COSO Control Components? Are the controls present? Are the controls functioning? - Summary Risk Assessment – Risk Committee, Risk Model, Annual assessment, BoD/ AC review of management’s risk responses, etc. Control Environment – Board of Directors, Audit Committee, Ethics policy and training, Hotline, Policies and Procedures, etc. Control Activities – Standards for all activities. Selection of key controls, documentation of key controls, testing, remediation, etc. Information & Communication – Documentation and communication of SOX/ Risk Assessment, Internal Control reports, etc. Monitoring Activities – Quarterly executive meetings, metrics, presentation to BoD/ AC, etc.
  37. 37. 1. Formalize and reassess risks (entity – business process – IT activity) • Identify material changes in operations • Determine in-scope and out-of-scope business units 2. Reassess key controls; considering your “control mix” • Consider financial and non-financial controls • Consider external and internal reporting controls • Consider compliance, operational, fraud and IT controls 3. Link SOX program to the COSO 2013 framework • COSO narrative or spreadsheet • COSO Illustrative Toolset or other tool 4. Align risks and key controls to the COSO Components, Principles and Points of Focus • Consider the organization’s objectives and risks • Use judgment in selecting the POFs 5. Update SOX documentation for COSO 2013 • Control present and functioning • Aggregate your deficiencies • Control effectiveness across Components and Principles Property of Corporate Compliance Seminars www.compliance.seminars.com 37 “use common sense”
  38. 38. Property of Corporate Compliance Seminars www.compliance.seminars.com 38 Key Control: “The Vendor Disbursements Report is reviewed on a daily basis by the AP Manager and on a weekly basis by the Corporate Controller. The report and certifications are obtained as evidence.” Principle of Control: #10: Control activities are defined to reduce entity risks. #16: Management conducts ongoing and separate evaluations of internal controls. Component of Control: #3: Control Activities #5: Monitoring Activities Point of Focus: #44: Addresses the segregation of duties #69: Considers a mix of ongoing and separate evaluations
  39. 39. 39 COSO Component / Principle – Primary Relationship COSO Component / Principle – Secondary Relationship(s) Entity Level Controls 2015-2016 COSO ELC Mapping Property of Corporate Compliance Seminars www.compliance.seminars.com
  40. 40. Key Control COSO Control Component COSO Principle of Control COSO Point of Control Focus Evidence Control Environment Risk Assessment The Vendor Disbursements Report is reviewed on a daily basis by the AP Manager and on a weekly basis by the Corporate Controller. The report and certs are obtained as evidence. Control Activities #10: Control activities are defined to reduce entity risks. #44: Addresses the segregation of duties Observation and Inspection of Disbursements Report review Info & Communicati on AP Manager Dashboard of Disbursements’ Internal Audit report of AP Monitoring Activities #16: Management conducts ongoing and separate evaluations of internal controls. #69: Considers a mix of ongoing and separate evaluations Controller Monitoring; Internal Audit of Accounts Payable Property of Corporate Compliance Seminars www.compliance.seminars.com 40
  41. 41. Consider scoping in more Entity Level risks, controls and assessments • Assessment of Board and Audit Committee effectiveness • Assessment of Ethics/ Code of Conduct compliance • Annual employee awareness of policies and procedures • Effectiveness of “hotline” (process to report fraud) • Evaluation of Risk Assessment documentation • Evaluation of Monitoring controls Re-evaluate the financial statement risks and key controls • Financial Statement Assertions (Presentation, Existence, Rights/ Obligations, Cut-Off, Valuation) Re-evaluate the risks and controls over Compliance and Operational activities • Assessment of non-financial, internal reporting, business processes, IT and fraud • Assessment of Outsourced Service Providers (OSPs) 41Property of Corporate Compliance Seminars www.compliance.seminars.com
  42. 42. Each of the five COSO Components must be “present and functioning” • Are they present? - “The determination that components and relevant principles exist in the design and implementation of the system of internal control to achieve specified objectives.” (“Design”) • Are they functioning? - “The determination that components and relevant principles continue to exist in the conduct of the system of internal control to achieve specified objectives.” (“Operating Effectiveness”) The five COSO Components must “operate together in an integrated manner” i.e. “the determination that all five components collectively reduce, to an acceptable level, the risk of not achieving an objective.” • Management can demonstrate that components operate together when: • “The components are present and functioning, and • Internal control deficiencies aggregated across components do not result in the determination that one or more major deficiencies exist.” 42Property of Corporate Compliance Seminars www.compliance.seminars.com
  43. 43. Going Forward Section 10 Direction and Summary 43 COSO 2013: The Sequel Control. Comply. Communicate. Property of Corporate Compliance Seminars www.compliance.seminars.com
  44. 44. • Alphabetic Keyboard – 1860’s • Qwerty – Solution to jamming • Dvorak – 1932 • “Touch” keyboards (keyless) • Virtual keyboards • No keyboards--voice dictation, etc. Do we really like to change? 44 Property of Corporate Compliance Seminars www.compliance.seminars.com
  45. 45. Cultural Issue Our Suggestions 1. “Risk Awareness” Don’t force the risk assessment routine to an annual exercise. Assess risks on a “needs” basis…monthly or quarterly. Create triggers for all High and Medium Risks. 2. “Communication” Explain “WHY”. Foster the flow of communications up and down the organization. Hold corporate “town hall meetings”. Encourage the sharing of “best practices”. Whistleblower function. 3. “Incentives” Reward practices and behavior above and beyond expectations. 4. “Training - Mentoring” Reinforce the Compliance programs through e-mails, meetings and webinars. Have formal mentorship programs. 5. “Measure” Quantify and track metrics such as financial, risk factors, quality, customer service and improvements. Have established ranges for all metrics and the “Why’s” 6. “Accountability” Hold managers and staff accountable for controllable events such as errors, over budgets and compliance violations. 7. “Fix” Create an effective Mission-Policy-Procedure stack. Identify the root cause and systemic issues. 8. “Continuous Improvement” Encourage positive and negative feedback for process improvement. 45Property of Corporate Compliance Seminars www.compliance.seminars.com
  46. 46. 46 Property of Corporate Compliance Seminars www.compliance.seminars.com Catastrophic Low Low Medium Risk - 15% Highest Risks – 5% Major Low Low Medium Risk - 15% Medium Risk - 15% Moderate Low Low Low Low Minor Low Low Low Low Insignificant Low Low Low Low Rare Unlikely Possible Likely The Pareto’s Principle – The 80 - 20 Rule
  47. 47. Reevaluate Significant Financial Accounts and Cycles Reevaluate Significant Business Processes & Controls Key Control Map – Business and IT Test; Deficiencies Remediate & Retest Reassess Risks – F, NF, Internal, External, Fraud, Operations, Compliance, IT Reevaluate and Map the Entity Control Environment Monitor & Sustain Compliance Documentation-Evidence 47 Property of Corporate Compliance Seminars www.compliance.seminars.com
  48. 48. 48 © 2015 Corporate Compliance Seminars Control. Comply. Communicate. John C. Blackshire, CPA / 479-200-4373 / jblackshire@compliance-seminars.net Property of Corporate Compliance Seminars www.compliance.seminars.com

×