This is part 2 of the three-part blog guide about the COSO 2013. In this guide, you will learn about the purpose of COSO Mapping, the Mapping template created by A2Q2, and the components and other sections of the Mapping Template.
The following will be covered in part 2:
I suggest you watch the video. It’s easier to understand if you are a visual/audio learner. The content below is the same as the video. It’s for those who learn by reading.
For a company to confirm that the 17 principles and 5 components (discussed in COSO 2013 Part 1 – Framework Overview) are present and functioning, these principles must be mapped to relevant SOX key controls that are operating effectively.
At A2Q2, we have created a COSO mapping template where a company can match key SOX controls to each component, principle, and point of focus. The template clearly shows if a gap exists.
Below is how the COSO Mapping template looks like.
- Components, Principles, and Points of Focus are listed in Columns across the top
- Identified Key Controls are listed down one column with each control in its own row
- A summary count row calculates the number of controls that were identified as mapped to a POF or Principle once the mapping is filled out
- Control Environment Component
- Risk Assessment Component
- Control Activity Component
- Information and Communication Component
- Monitoring Activities Component
Notice the numbers “1” and “17” below that represents all 17 principles mapped to a component.
Each Principle generally has 4 to 6 Points of Focus, which are important characteristics of the Principles and help the user determine if their identified Control matches the Principle.
Below the summary description of the Points of Focus, you’ll see a more detailed description, which can be used to help the user map to specific controls.
Let’s have this as an example for the Point of Focus.
- The Organization demonstrates a commitment to integrity and ethical values.
Points of Focus:
- Sets the Tone at the Top
- Establishes Standard of Conduct
- Evaluates adherence to Standards of Conduct
- Addresses deviations in a timely manner
You can easily go back to the sections of this tutorial by clicking on the links below.
Interested in part 3 of this blog series? Go to COSO 2013 Mapping Process.