the Three Lines of Defense in Risk Management

 
 Leveraging COSO across the
three lines of defense
 
 
Jean-Pierre Garitte
 
 
T
b
i
l
i
s
i
,
 
 
2
9
 
O
c
t
o
b
e
r
 
2
0
1
8
 
The Three Lines of Defense in Effective Risk Management and Control, 
(Altamonte Springs, FL: The Institute of Internal Auditors Inc, January 2013.
 
Remember the three lines of defense
 
 
Internal Control – Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission 
(Jersey City, NJ: American Institute of Certified Public Accountants, May 2013.
 
Remember the COSO principles
Who is mainly responsible for the control environment?
 
Control environment
 
1.
Demonstrates commitment to integrity and ethical values
2.
Exercises oversight responsibility
3.
Establishes structure, authority and responsibility
4.
Demonstrates commitment to competence
5.
Enforces accountability
Who is mainly responsible for risk assessment?
 
Risk assessment
 
6.
Specifies suitable objectives
7.
Identifies and analyzes risk
8.
Assesses fraud risk
9.
Identifies and analyzes significant change
Who is mainly responsible for control activities?
 
Control activities
 
10.
Selects and develops control activities
11.
Selects and develops general controls over IT
12.
Deploys through policies and procedures
Who is mainly responsible for information and communication?
Who is mainly responsible for information and communication?
Information & Communication
 
Information & Communication
 
13.
Uses relevant information
14.
Communicates internally
15.
Communicates externally
Who is mainly responsible for monitoring?
Who is mainly responsible for monitoring?
Who is mainly responsible for monitoring?
Information & Communication
Monitoring
Who is mainly responsible for monitoring?
Information & Communication
Monitoring
 
Monitoring
 
16.
Conducts ongoing and/or separate evaluations
17.
Evaluates and communicates deficiencies
 
 
Adapted from the Leveraging COSO Across the Three Lines of Defense, commissioned by The Committee of Sponsoring Organizations of the Treadway Committee (Lake Mary, FL: The Institute of Internal Auditors Inc and, July 2015).
 
Leveraging COSO across the three lines of defense
 
 Questions?
Slide Note
Embed
Share

Explore the key principles of COSO framework and the responsibilities of the three lines of defense – Control Environment, Risk Assessment, Control Activities, and Information & Communication. Learn about the main responsibilities within each line for effective risk management and control.

  • Risk Management
  • COSO Framework
  • Three Lines of Defense
  • Control Environment
  • Risk Assessment

Uploaded on Aug 01, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Leveraging COSO across the three lines of defense Jean-Pierre Garitte Tbilisi, 29 October 2018

  2. Remember the three lines of defense The Three Lines of Defense in Effective Risk Management and Control, (Altamonte Springs, FL: The Institute of Internal Auditors Inc, January 2013.

  3. Remember the COSO principles Internal Control Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission (Jersey City, NJ: American Institute of Certified Public Accountants, May 2013.

  4. Who is mainly responsible for the control environment? Control Environment

  5. Control environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability

  6. Who is mainly responsible for risk assessment? Risk Assessment

  7. Risk assessment 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change

  8. Who is mainly responsible for control activities? Risk Assessment Control Activities

  9. Control activities 10.Selects and develops control activities 11.Selects and develops general controls over IT 12.Deploys through policies and procedures

  10. Who is mainly responsible for information and communication? Risk Assessment Control Activities Information & Communication

  11. Who is mainly responsible for information and communication? Information & Communication Risk Assessment Control Activities Information & Communication

  12. Information & Communication 13.Uses relevant information 14.Communicates internally 15.Communicates externally

  13. Who is mainly responsible for monitoring? Risk Assessment Control Activities Information & Communication Monitoring

  14. Who is mainly responsible for monitoring? Risk Assessment Control Activities Information & Communication Monitoring Monitoring

  15. Who is mainly responsible for monitoring? Information & Communication Monitoring Risk Assessment Control Activities Information & Communication Monitoring Monitoring

  16. Who is mainly responsible for monitoring? Information & Communication Monitoring Risk Assessment Control Activities Information & Communication Monitoring Monitoring: Assurance Reassurance Monitoring

  17. Monitoring 16.Conducts ongoing and/or separate evaluations 17.Evaluates and communicates deficiencies

  18. Leveraging COSO across the three lines of defense Adapted from the Leveraging COSO Across the Three Lines of Defense, commissioned by The Committee of Sponsoring Organizations of the Treadway Committee (Lake Mary, FL: The Institute of Internal Auditors Inc and, July 2015).

  19. Questions?

More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#