Programme in preparation

Internal Audit and the implementation of COSO


This implementation guide which may be especially helpful to those who have not yet much experience with implementing the COSO Framework. It will explore how financial institutions can apply the COSO Framework to evaluate their existing internal control structure, how to implement controls to assist in mitigating significant risks and how to optimize the effectiveness of their control environments, governance, compliance, management, and assurance functions.

The model COSO is extensively used by big corporations, banks and Central Banks in the World. COSO objectives help to implement an effective internal control system. The following five components support the achievement of an entity’s mission, it's strategies and related business objectives:

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring

These components aim at establishing the foundation for sound internal control within the company through directed leadership, shared values and a culture that emphasizes accountability for control. The various risks facing the company are identified and assessed routinely at all levels and within all functions in the organization. Control activities and other mechanisms are proactively designed to address and mitigate the significant risks. Information critical to identifying risks and meeting business objectives is communicated through established channels across the company. The entire system of internal control is monitored continuously, and problems are addressed timely. COSO is used as an audit methodology to structure the critical approach of the auditor and share the same language with the Board, Management and the 3 lines of defence.

Target Group

Internal auditors (all levels), operational risk analysts, compliance officers, business controllers, senior & middle level management officers who want to learn about the involvement of audit in the governance process.

Preferred: at least 3 years’ experience in Audit and/or business control of bank’s processes, operations, procedures and organization.

Location & Duration

Distance learning in 4 online sessions of 3 hours each via virtual classroom

Detailed programme Explode

The COSO framework

  • Origin
  • The COSO cube
  • Components and principles of internal controls
  • Benefits of the COSO framework

COSO and the responsibilities of the 3 lines of defence

  • Role of the first line of defence
  • Roles of the second line of defence
  • Roles of Audit

Challenging approach with the 5 lines of defence

  • The tone of the organization
  • Business unit management and process owners
  • Independent risk management and compliance functions
  • Internal assurance providers
  • Board risk oversight and Executive management

Approaching the COSO framework implementation

  • Phase 1: Planning & scoping
    • Orientation
    • Planning
    • Scoping
    • Meeting with external auditor
    • Communicating the plan
  • Phase 2: Assessment and documentation
    • Assessing the existing control structure
    • Fraud risk assessment
    • Documenting current process and controls
    • Example of risk and control matrix
    • Performing the gap assessment
  • Phase 3: Remediation planning and implementation
    • Remediation
    • Remediation implementation
  • Phase 4: Design, testing and reporting of controls
    • Selecting controls for testing
    • Design test of controls
    • Perform test of controls and reporting
  • Phase 5: Optimization of effectiveness of internal control
    • Alignment of risk and controls to the strategy and objectives of the organization
    • control structures
    • Preventive vs dectective controls
    • Manual versus automated controls
    • Continuous monitoring
    • Determining the root causes of control failure


Join us on  Follow us on LinkedIn Follow us on Twitter