Coso and risk control self assessments
1 / 44

COSO and Risk/Control Self-Assessments - PowerPoint PPT Presentation

  • Updated On :

COSO and Risk/Control Self-Assessments Charles G. Chaffin, CPA, CIA Director of Audits and David B. Crawford, CPA, CIA Audit Manager The University of Texas System Objective To provide a detailed explanation of how:

Related searches for COSO and Risk/Control Self-Assessments

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'COSO and Risk/Control Self-Assessments' - andrew

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Coso and risk control self assessments l.jpg

COSO and Risk/Control Self-Assessments

Charles G. Chaffin, CPA, CIA

Director of Audits


David B. Crawford, CPA, CIA

Audit Manager

The University of Texas System

Objective l.jpg

To provide a detailed explanation of how:

  • The University of Texas (UT) System adopted COSO and the techniques used to implement it.

  • The Risk/Control Self-Assessment Process at UT System

  • Self-Assessment Uses and Critical Success Factors

Introduction l.jpg

  • 13 Billion

  • 5 Billion

  • 1.6 Billion

  • 2.1 Million

  • 170,000

  • 75,000

  • 15

U t system l.jpg


UT Austin

UT San Antonio

UT Dallas

UT El Paso

UT Brownsville

UT Pan American

UT Tyler

UT Permian Basin

UT Arlington


UT Medical Branch at Galveston

UT HSC Houston

UT HSC San Antonio

UT HSC Tyler

UT Southwestern

UT M. D. Anderson Cancer Center

U.T. System

It could be you l.jpg

It Could Be You

The Lynn Deer Case

U.T. Austin, 1994


1994 action plan l.jpg
1994 Action Plan

  • Awareness

    • Statements of Philosophy/Responsibility

    • Internal Control Training/Handbook

  • Accountability

    • Job Descriptions/Performance Evaluations

    • Disciplinary Action

  • Audit Committees

    • Membership/Frequency of Meetings

Statement of philosophy l.jpg
Statement of Philosophy

Employees of The University of Texas ___________ owe a responsibility to the people of Texas in the performance of their duties. High personal and professional standards are critical in fulfilling this responsibility. Employees will be held accountable for their action (or failure to act) and such accountability cannot be delegated to others. All employees of The University of Texas ___________ agree to abide by a Code of Ethics which provides reasonable assurance that the employee will not personally benefit or accept or give favors as a result of his/her position as an employee of The University of Texas ___________. (The “Code of Ethics” is published in the Rules and Regulations of the Board of Regents, Part One, Section 4.0).

Slide8 l.jpg







A Balancing Act

Internal control l.jpg
Internal Control

is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives in the following categories:

  • Effectiveness and efficiencies of operations,

  • Reliability of financial reporting, and

  • Compliance with applicable laws and regulations.

Slide10 l.jpg

Risk & ControlSelf-Assessment Guideline

The Process

Internal control training l.jpg
Internal Control Training

  • Over 4,000 U. T. employees trained in 1995.

  • Central message to Chairs and Directors: “You are responsible for internal controls.”

  • Complete Risk Assessment and Implementation Plan for Financial and Administrative Activities.

    • Copy to applicable Vice President

    • Copy to Internal Audit

1996 action plan l.jpg
1996 Action Plan

1. Annual Statement of Philosophy

2. Annual Statement of Responsibility and Accountability

3. Disciplinary Action

4. Require membership in Internal Audit Committee (IAC)

5. Require Quarterly IAC meetings.

Slide13 l.jpg

1996 Action Plan (cont.)

6. Regular Internal Control Training (Video & Internet Program)

7. Update Management Responsibilities Handbook

8. Amend Job Descriptions

9. Amend Performance Evaluations

10. Offer Reconciliation Training

Slide14 l.jpg

1996 Action Plan (cont.)

11. Newsletters to Highlight Internal Controls

12. Complete Risk Assessment and Implementation Plans

13. Statement of Responsibility for Researchers

14. Internal Audits of all Departments (3 to 5 years)

15. Internal Audits of all Key Financial Information

Slide15 l.jpg

1996 Action Plan (cont.)

16.** Offer Control Self-Assessment Workshops

17.** Develop Model CSA Workshop Manuals

18. All Departments Perform a Control Self-Assessment

19. Report on Internal Control

Control self assessment l.jpg
Control Self-Assessment

Any activity where the people responsible for a business area, task, or objective using some demonstrable approach analyze the status of control and risk to provide additional assurance related to the achievement of one or more business objectives

Control self assessment workshop process l.jpg
Control Self-AssessmentWorkshop Process

  • Meet with Chair/Director before session #1.

  • 2 auditors/facilitators.

  • Sessions #1, 2 hours - control process.

  • Regularly communicate with department after Session #1 about control activities.

  • Session #2, Prioritize activities/processes if too many.

  • Homework after session #2 - Risk/Control worksheets.

Risk control worksheet l.jpg
Risk/Control Worksheet

Department: Prepared by:

Activity: Date prepared:

Final product l.jpg
Final Product

  • Self-Assessment Report on Internal Control to Senior Management.

  • Internal Auditors’ Review Report.

  • Departmental Audit Report (optional).

  • Significant findings go into tracking system.

Model participant s manual and presentation slides l.jpg
Model Participant’s Manual and Presentation Slides

  • Guides the facilitator through the workshop.

  • Designed to answer participant questions.

U t system program l.jpg
U.T. System Program

  • Types of Departments that have had CSA workshops.

    • Real Estate Office

    • University Lands Accounting Office

    • West Texas Operations

    • Office of Facilities Planning and Construction

    • Office of Information Resources

    • Office of Finance

    • Employee Group Insurance Program

U t system program22 l.jpg
U.T. System Program

  • Academic Departments

  • Physical Plant

  • Student Financial Aid

  • Performing Arts Center

  • Libraries

  • Research

  • Volunteer Services

  • Financial Services

  • Student Affairs

Impact on performance l.jpg
Impact on Performance

  • Better working relationship between audit and operations.

  • Better understanding of the business by all.

  • Better operational findings.

  • Better buy-in to planned corrective action.

  • More efficient audit process.

Implementation strategy l.jpg
Implementation Strategy

  • Walk before you run.

  • Develop a strategy based on management’s commitment to enhancing internal controls.

  • Work CSA workshops into existing audit plan; sell it as a way to improve audit results.

  • Pilot departments that work well with audit.

  • Constantly adapt and revise.

  • Take what you get and move on.

Uses of self assessment l.jpg
Uses of Self Assessment

  • Focus/Align

  • Evaluate

  • Document

  • Train

  • Monitor

  • Report Status

  • Measure Soft Control

Self assessment tools l.jpg
Self Assessment Tools

  • Survey

  • Questionnaire

  • Control Guide

  • Interviews

  • Workshops

Types of self assessments l.jpg
Types of Self Assessments

  • Control

  • Risk

  • Process

  • Objective

  • Problem

  • Perception

Control based l.jpg

  • Identify control structure

  • Compare to a model

  • Identify gaps

Risk based l.jpg

  • Assess Risks

  • Choose Mitigation Strategy for each risk

  • Choose controls for each controlled risk

Process based l.jpg

  • Map process

  • Justify process steps

  • Identify additional steps

  • Identify steps to be eliminated

Objective based l.jpg

  • Identify linkage

  • Inventory activities for each objective

  • Inventory risks for each activity

Problem based l.jpg

  • Identify problem

  • Apply group knowledge to problem

  • Define group solution

Perception based l.jpg

  • Identify attitudes and beliefs

  • Provide a baseline

  • Soft controls

Validating self assessment products l.jpg
Validating Self-Assessment Products

  • Benchmarking

  • Management Attestation

  • Auditor Involvement

  • Follow-up Audit

  • Traditional Audit

Internal audit uses of self assessment l.jpg
Internal Audit Uses of Self-Assessment

Replace traditional l.jpg

  • Preliminary Survey

  • Evaluation of Control Structure

  • Operational Audits

  • Low Risk Areas of Operation

Supplement to traditional auditing l.jpg

  • Control Environment

  • Risk Assessment

  • Evaluation of Control Activity Efficiency

  • Communication and Information

  • Monitoring

Point to potential traditional audits l.jpg

  • Highlights high risk areas

  • Identifies problems or potential problem areas

  • Links traditional audits to operational needs

Critical success factors42 l.jpg
Critical Success Factors

  • Proper Beginnings

  • Spitting Image

  • Working Together

  • Absorbed in Daily Routine

  • Reinforce/Reward

  • Discipline through Doing

  • Learn by Falling

How do you insure self assessment success l.jpg
How Do You Insure Self Assessment Success?

  • Identify a Champion

  • Successful First Contact

  • Match to Corporate Culture

  • Align with Business Objectives

  • Institutionalize It

  • Reward the Participants

  • Use the Products

  • Be a Chameleon

Contact information l.jpg
Contact Information

  • Web site:

  • E-mail: [email protected]

  • Phone: 512-499-4767

  • Fax: 512-499-4550

  • Address: 201 W. 7th ASH5, Austin, Texas 78701