coso and risk control self assessments l.
Skip this Video
Loading SlideShow in 5 Seconds..
COSO and Risk/Control Self-Assessments PowerPoint Presentation
Download Presentation
COSO and Risk/Control Self-Assessments

Loading in 2 Seconds...

play fullscreen
1 / 44

COSO and Risk/Control Self-Assessments - PowerPoint PPT Presentation

  • Uploaded on

COSO and Risk/Control Self-Assessments Charles G. Chaffin, CPA, CIA Director of Audits and David B. Crawford, CPA, CIA Audit Manager The University of Texas System Objective To provide a detailed explanation of how:

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'COSO and Risk/Control Self-Assessments' - andrew

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
coso and risk control self assessments

COSO and Risk/Control Self-Assessments

Charles G. Chaffin, CPA, CIA

Director of Audits


David B. Crawford, CPA, CIA

Audit Manager

The University of Texas System


To provide a detailed explanation of how:

  • The University of Texas (UT) System adopted COSO and the techniques used to implement it.
  • The Risk/Control Self-Assessment Process at UT System
  • Self-Assessment Uses and Critical Success Factors
  • 13 Billion
  • 5 Billion
  • 1.6 Billion
  • 2.1 Million
  • 170,000
  • 75,000
  • 15
u t system

UT Austin

UT San Antonio

UT Dallas

UT El Paso

UT Brownsville

UT Pan American

UT Tyler

UT Permian Basin

UT Arlington


UT Medical Branch at Galveston

UT HSC Houston

UT HSC San Antonio

UT HSC Tyler

UT Southwestern

UT M. D. Anderson Cancer Center

U.T. System
it could be you

It Could Be You

The Lynn Deer Case

U.T. Austin, 1994


1994 action plan
1994 Action Plan
  • Awareness
    • Statements of Philosophy/Responsibility
    • Internal Control Training/Handbook
  • Accountability
    • Job Descriptions/Performance Evaluations
    • Disciplinary Action
  • Audit Committees
    • Membership/Frequency of Meetings
statement of philosophy
Statement of Philosophy

Employees of The University of Texas ___________ owe a responsibility to the people of Texas in the performance of their duties. High personal and professional standards are critical in fulfilling this responsibility. Employees will be held accountable for their action (or failure to act) and such accountability cannot be delegated to others. All employees of The University of Texas ___________ agree to abide by a Code of Ethics which provides reasonable assurance that the employee will not personally benefit or accept or give favors as a result of his/her position as an employee of The University of Texas ___________. (The “Code of Ethics” is published in the Rules and Regulations of the Board of Regents, Part One, Section 4.0).








A Balancing Act

internal control
Internal Control

is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives in the following categories:

  • Effectiveness and efficiencies of operations,
  • Reliability of financial reporting, and
  • Compliance with applicable laws and regulations.
internal control training
Internal Control Training
  • Over 4,000 U. T. employees trained in 1995.
  • Central message to Chairs and Directors: “You are responsible for internal controls.”
  • Complete Risk Assessment and Implementation Plan for Financial and Administrative Activities.
    • Copy to applicable Vice President
    • Copy to Internal Audit
1996 action plan
1996 Action Plan

1. Annual Statement of Philosophy

2. Annual Statement of Responsibility and Accountability

3. Disciplinary Action

4. Require membership in Internal Audit Committee (IAC)

5. Require Quarterly IAC meetings.


1996 Action Plan (cont.)

6. Regular Internal Control Training (Video & Internet Program)

7. Update Management Responsibilities Handbook

8. Amend Job Descriptions

9. Amend Performance Evaluations

10. Offer Reconciliation Training


1996 Action Plan (cont.)

11. Newsletters to Highlight Internal Controls

12. Complete Risk Assessment and Implementation Plans

13. Statement of Responsibility for Researchers

14. Internal Audits of all Departments (3 to 5 years)

15. Internal Audits of all Key Financial Information


1996 Action Plan (cont.)

16.** Offer Control Self-Assessment Workshops

17.** Develop Model CSA Workshop Manuals

18. All Departments Perform a Control Self-Assessment

19. Report on Internal Control

control self assessment
Control Self-Assessment

Any activity where the people responsible for a business area, task, or objective using some demonstrable approach analyze the status of control and risk to provide additional assurance related to the achievement of one or more business objectives

control self assessment workshop process
Control Self-AssessmentWorkshop Process
  • Meet with Chair/Director before session #1.
  • 2 auditors/facilitators.
  • Sessions #1, 2 hours - control process.
  • Regularly communicate with department after Session #1 about control activities.
  • Session #2, Prioritize activities/processes if too many.
  • Homework after session #2 - Risk/Control worksheets.
risk control worksheet
Risk/Control Worksheet

Department: Prepared by:

Activity: Date prepared:

final product
Final Product
  • Self-Assessment Report on Internal Control to Senior Management.
  • Internal Auditors’ Review Report.
  • Departmental Audit Report (optional).
  • Significant findings go into tracking system.
model participant s manual and presentation slides
Model Participant’s Manual and Presentation Slides
  • Guides the facilitator through the workshop.
  • Designed to answer participant questions.
u t system program
U.T. System Program
  • Types of Departments that have had CSA workshops.
    • Real Estate Office
    • University Lands Accounting Office
    • West Texas Operations
    • Office of Facilities Planning and Construction
    • Office of Information Resources
    • Office of Finance
    • Employee Group Insurance Program
u t system program22
U.T. System Program
  • Academic Departments
  • Physical Plant
  • Student Financial Aid
  • Performing Arts Center
  • Libraries
  • Research
  • Volunteer Services
  • Financial Services
  • Student Affairs
impact on performance
Impact on Performance
  • Better working relationship between audit and operations.
  • Better understanding of the business by all.
  • Better operational findings.
  • Better buy-in to planned corrective action.
  • More efficient audit process.
implementation strategy
Implementation Strategy
  • Walk before you run.
  • Develop a strategy based on management’s commitment to enhancing internal controls.
  • Work CSA workshops into existing audit plan; sell it as a way to improve audit results.
  • Pilot departments that work well with audit.
  • Constantly adapt and revise.
  • Take what you get and move on.
uses of self assessment
Uses of Self Assessment
  • Focus/Align
  • Evaluate
  • Document
  • Train
  • Monitor
  • Report Status
  • Measure Soft Control
self assessment tools
Self Assessment Tools
  • Survey
  • Questionnaire
  • Control Guide
  • Interviews
  • Workshops
types of self assessments
Types of Self Assessments
  • Control
  • Risk
  • Process
  • Objective
  • Problem
  • Perception
control based
  • Identify control structure
  • Compare to a model
  • Identify gaps
risk based
  • Assess Risks
  • Choose Mitigation Strategy for each risk
  • Choose controls for each controlled risk
process based
  • Map process
  • Justify process steps
  • Identify additional steps
  • Identify steps to be eliminated
objective based
  • Identify linkage
  • Inventory activities for each objective
  • Inventory risks for each activity
problem based
  • Identify problem
  • Apply group knowledge to problem
  • Define group solution
perception based
  • Identify attitudes and beliefs
  • Provide a baseline
  • Soft controls
validating self assessment products
Validating Self-Assessment Products
  • Benchmarking
  • Management Attestation
  • Auditor Involvement
  • Follow-up Audit
  • Traditional Audit
replace traditional
  • Preliminary Survey
  • Evaluation of Control Structure
  • Operational Audits
  • Low Risk Areas of Operation
supplement to traditional auditing
  • Control Environment
  • Risk Assessment
  • Evaluation of Control Activity Efficiency
  • Communication and Information
  • Monitoring
point to potential traditional audits
  • Highlights high risk areas
  • Identifies problems or potential problem areas
  • Links traditional audits to operational needs
critical success factors42
Critical Success Factors
  • Proper Beginnings
  • Spitting Image
  • Working Together
  • Absorbed in Daily Routine
  • Reinforce/Reward
  • Discipline through Doing
  • Learn by Falling
how do you insure self assessment success
How Do You Insure Self Assessment Success?
  • Identify a Champion
  • Successful First Contact
  • Match to Corporate Culture
  • Align with Business Objectives
  • Institutionalize It
  • Reward the Participants
  • Use the Products
  • Be a Chameleon
contact information
Contact Information
  • Web site:
  • E-mail:
  • Phone: 512-499-4767
  • Fax: 512-499-4550
  • Address: 201 W. 7th ASH5, Austin, Texas 78701