Control Self Assessment - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Control Self Assessment

Description:

being able to do it. Skills. Resources. Information. Teamwork ... how to do it better. Benchmarks. External events. Challenge assumptions. Review needs ... – PowerPoint PPT presentation

Number of Views:223
Avg rating:3.0/5.0
Slides: 24
Provided by: audi6
Category:

less

Transcript and Presenter's Notes

Title: Control Self Assessment


1
Control Self Assessment
  • Overview

2
What is CSA?
  • Employee teams getting together with their
    managers and a facilitator
  • to analyze, within a chosen control framework,
    the obstacles and strengths which affect their
    ability to achieve their key business objectives,
    and
  • to decide upon appropriate action.

3
When do you want to use CSA?
  • New work processes/projects
  • New organizations
  • to identify the risk exposures and required
    controls

4
When do you want to use CSA?
  • Reorganizations
  • Management / Employee turnover
  • to identify where risks are
  • to create understanding for business objectives
  • to assess how risks are changing
  • to put emphasis on highest priority risks and
    controls

5
When do you want to use CSA?
  • Processes that cross over into other work groups
  • to get to the root cause of problems
  • helps bring groups together
  • participants learn how their activities
    interrelate
  • collaborative problem solving

6
Time commitment for CSA
  • Workshop - 1/2 to one day
  • Prep - 1-several hours of pre-discussion
  • overall process
  • known or suspected issues
  • who should participate
  • control/risk statement development - input

7
CSA Rationale
  • Responsibility for controlling risk belongs to
    management and all employees
  • People are the most important control factor
  • Most employees are honest, competent, and want
    their organization to succeed
  • People are far more likely to embrace needed
    changes if they are involved in the assessment
    process
  • Helps employees understand control

8
System in Control
  • When a system is in control, we mean it can be
    relied upon to meet its objectives.

9
Behaviors Affect Control
  • People are the most important control factor.
  • They make things happen
  • They can make a poor system work
  • They can make a good system fail
  • They are more important than the system
  • Their actions determine corporate success

10
Control Model
Action
11
Purpose- knowing what to do
  • Vision
  • Leadership
  • Authority
  • Objectives
  • Plans
  • Risks
  • Targets

12
Commitment- wanting to do it
  • Ethics
  • Rewards
  • Recognition
  • Accountability
  • Authority
  • Trust
  • Fun

13
Capability- being able to do it
  • Skills
  • Resources
  • Information
  • Teamwork
  • Communication
  • Control Activities

14
Control Activities
  • Formal Controls
  • Directive - code of business conduct, policy
    manual, written specifications and procedures
  • Preventive - segregation of duties, security
    guards, locks, passwords, edits
  • Detective - supervisory controls, quality
    assurance reviews, account reconciliations,
    exception reports

15
Control Environment
  • Informal controls
  • Corporate culture
  • Integrity and ethical values
  • Commitment to competence
  • Management philosophy style
  • Communication
  • Tone at the top

16
Learning- how to do it better
  • Benchmarks
  • External events
  • Challenge assumptions
  • Review needs
  • Effective change
  • Self assessment

17
COSO FrameworkControl Components
Traditional Auditing/Testing
CSA
COMMUNICATION
INFORMATION
18
CSA Workshop Agenda
  • Identify Overall Business Objective Supporting
    Activities
  • Risk Assessment
  • Control Assessment
  • Control activities review
  • Key control indicators
  • Control gaps - ineffective or missing controls
  • Develop Action Plan

19
CSA Workshop Participants
  • Responsible/knowledgeable parties
  • Parties impacted by activity (internal
    partners/customers)
  • Parties that can impact process/activity
    (management)
  • Think like an owner
  • Act as team member

20
Principles
  • Open, honest communication
  • Trust
  • Everyones input is valuable
  • Information is provided by those who best
    understand their jobs
  • Information will be shared with others while
    retaining individual anonymity
  • Management will implement action plan

21
Getting to the issues(a simplified view of what
occurs)
  • Develop hypothetical risk events
  • Statements representing a lack of business
    controls
  • Participants vote on the importance of this risk,
    and the likelihood it is occurring, based on
    their experience/observations
  • Narrow to high risk/high likelihood issues to
    discuss and work through
  • Action Plan addresses how the controlgap will be
    addressed

22
CSA Action Plan
  • OBSTACLE or CONCERN
  • Indicators (evidence that its a problem)
  • Impact (what can happen if no action is taken)
  • What Should The Group Do?
  • WHAT/WHO/WHEN?

23
In Summary
  • CSA focuses on business objectives
  • Elicits awareness understanding of business
    risk and control
  • Involves people who best know the business
  • Pursues root causes/measures impact
  • Forward-looking to identify emerging risks
  • Covers broad spectrum of control
  • Ensures practical action plans
Write a Comment
User Comments (0)
About PowerShow.com