Audit Committee Forum No. 21 - Assets.kpmg

Transcription

Audit Committee Forum No. 21

AC RolesTo review thecompany’sinternal controlAuditCommittee’sRolesTo monitor andreview theeffectiveness of thecompany’sinternalaudit functionReviewing the effectiveness of internal control and risk managing system is anessential part of board's responsibility. However, aspects of the review work are normallydelegated to the audit committee. 2014 KPMG Phoomchai Audit Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMGInternational, a Swiss cooperative. All rights reserved. Printed in Thailand.1

COSO FrameworksThe Committee of Sponsoring Organizationsof the Treadway Commission (COSO) is a jointinitiative of the five private sector organizationslisted below and is dedicated to providing thoughtleadership through the development offrameworks and guidance on enterprise riskmanagement, internal control and frauddeterrence.COSO:COSO Internal Control Integrated Framework(1992) 2014 KPMG Phoomchai Audit Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMGInternational, a Swiss cooperative. All rights reserved. Printed in Thailand.2

New COSO FrameworkLaunching of the originalCOSO’s Internal Control–Integrated Framework1992The updated COSO’s Internal Control –Integrated Framework will be in effect(Dec 15th). The original framework willthen be superseded.2014T R A N S I T I O N P E R I O D*2013* Note:During transition period, users areencouraged to use the updatedFramework but is not required. Inaddition, external reporting shoulddisclose whether the original orupdated version of the Frameworkwas used.Launching of the updatedCOSO’s Internal Control–Integrated Framework (May 14th). 2014 KPMG Phoomchai Audit Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMGInternational, a Swiss cooperative. All rights reserved. Printed in Thailand.3

High-level Review of Internal ControlOld Assessment FormNew Assessment Form 2014 KPMG Phoomchai Audit Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMGInternational, a Swiss cooperative. All rights reserved. Printed in Thailand.4

COSO 2013 framework – Summary of changesWhat is NOT changing. Core definition of internalcontrol 3 categories of objectivesand 5 components ofWhat is changing. Updated for changes inbusiness and operatingenvironments Expanded operations andreporting objectives Implicit fundamental conceptsunderlying 5 componentscodified as 17 principles Updated for increasedrelevance and dependence onIT Addresses fraud riskassessment and responseinternal control Each of the 5 components ofinternal control are requiredfor effective internal control Important role of judgment indesigning, implementing, andconducting internal control,and in assessing itseffectiveness 2014 KPMG Phoomchai Audit Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMGInternational, a Swiss cooperative. All rights reserved. Printed in Thailand.5

Benefits of COSO 2013 Framework : Opportunity for re-evaluate existing controlstructure Improve the efficiency or effectiveness of internalcontrols Ensure to keep pace with the evolving businessenvironment and emerging risks Enhancing governance Improving risk assessment and antifraud practices Enhancing adaptability to change and variedbusiness/operating models 2014 KPMG Phoomchai Audit Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMGInternational, a Swiss cooperative. All rights reserved. Printed in Thailand.6

COSO components and principlesFor effective internal control: Each of the five components and 17 principles must be present and functioning The five components must operate together in an integrated mannerControlEnvironmentRisk AssessmentControl ActivitiesInformation andCommunicationMonitoringActivities1. Demonstrates commitment to integrity and ethical values2. Exercises oversight responsibility3. Establishes structure, authority, and responsibility4. Demonstrates commitment to competence5. Enforces accountability6. Specifies suitable objectives7. Identifies and analyzes risk8. Assesses fraud risk9. Identifies and analyzes significant change10. Selects and develops control activities11. Selects and develops general controls over technology12. Deploys through policies and procedures13. Uses relevant information14. Communicates internally15. Communicates externally16. Conducts ongoing and/or separate evaluations17. Evaluates and communicates deficiencies 2014 KPMG Phoomchai Audit Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMGInternational, a Swiss cooperative. All rights reserved. Printed in Thailand.7

COSO components – Control EnvironmentControlEnvironmentThe Management demonstrates commitment to integrity and ethical values as well ascompetence, exercise oversight responsibility, establishes structure, authority, andresponsibility, and enforces accountabilityOThe effectiveness of foundation of theorganization, its people – individualattributes, including integrity, ethicalvalue and competence- and theenvironment in which the Organizationoperates.Code ofConduct /EthicsHR Policy andProceduresNThe establishment of structure of theCompany, taking into consideration of theappropriateness of authority,responsibilities, and communication ofinformation.OrganizationStructureJobDescription 2014 KPMG Phoomchai Audit Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMGInternational, a Swiss cooperative. All rights reserved. Printed in Thailand.8

COSO components – Risk AssessmentRiskAssessmentThe Organization sets objectives of the business and the mechanism to identify,analyze, and manage the related risks, including fraud risks.ORiskAssessmentProcessThe effectiveness of the current riskmanagement activities.RiskManagementFrameworkNThe identification of fraud risks in currentrisk assessment activitiesRisk ToleranceSpecificassessment offraud risk 2014 KPMG Phoomchai Audit Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMGInternational, a Swiss cooperative. All rights reserved. Printed in Thailand.9

COSO components – Control ActivitiesControlActivitiesThe Organization establishes and executes controls, including controls overtechnology to ensure that actions identified by management address risks for theachievement of the Company's objectives. Controls activities can be deploy throughpolicies and procedures.OPolicies andProceduresThe effectiveness of the control activitiesof the OrganizationSegregation ofDutiesNThe appropriateness of the selection anddevelopment of general controls overtechnologyIT StructuresIT GeneralControls 2014 KPMG Phoomchai Audit Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMGInternational, a Swiss cooperative. All rights reserved. Printed in Thailand.10

COSO components – Information and CommunicationInformationandCommunicationThe Organization uses relevant information that have been communicated bothinternally and externally to support the functioning of internal control.OCommunication of information in a timelymannerPolicy andProcedureInternal &ExternalInformationRelevance andQuality ofInformationCommunicationChannelNThe obtaining, generating, and using of

COSO's Internal Control- Integrated Framework . 2013 . 2014 . Launching of the updated COSO's Internal Control- Integrated Framework (May 14th). T R A N S I T I O N P E R I O D* The updated COSO's Internal Control - Integrated Framework will be in effect (Dec 15th). The original framework will then be superseded.