This is the last part of the quick guide about COSO 2013. In this part, you will learn the steps involved in the mapping process and the considerations to look at during the mapping process.
I suggest you watch the video. It’s easier to understand if you are a visual/audio learner. The content below is the same as the video. It’s for those who learn by reading.
Here’s the four-step procedure for COSO Mapping
- Step 1: Identify Controls.
Identify relevant key controls that are in place and input into the Control Activity column.
- Step 2: Compare control to each Point of Focus
Determine if the control maps to a specific Point of Focus and mark the box with a check mark if applicable.
- Step 3: Review Summary Count
Once all relevant key controls have been mapped to either a Point of Focus or Principle, verify that all POFs or Principles have a control mapped to them via the Summary Count rows.
- Step 4: Evaluation of Gaps
When doing the mapping, there are four things you need to consider.
- The new framework does not require that every Point of Focus be mapped to a control. Only Principles are required to be mapped to a control.
- Consider adding improvements or implementing new controls to meet the full objective of the Principle if there is a gap within a Point of Focus.
- Ensure controls used in mapping are designed and are operating effectively (i.e. pass SOX testing).
- Major deficiencies exist when management determines that a component and one or more principles are not present and functioning.
Easily go back to the sections of this tutorial by clicking on the links below.
If you want to refresh yourself in the first two parts of this COSO guide, just go to: