Table of Contents

1. About COSO...................................................................................................................................2
2. COSO justification..........................................................................................................................4
3. COSO vs. others.............................................................................................................................5
4. Significance of COSO for................................................................................................................5
My Team............................................................................................................................................5
My Directorate..................................................................................................................................5
My Chief............................................................................................................................................5
My Bank (COOP)................................................................................................................................5
5. Wrap-Up and my Saying................................................................................................................6
6. Appreciation..................................................................................................................................6
1. About COSO
D1-X, 5-components :
o Control environment:
o Assess your risk:
o Control activities:
o Communication and collaboration:
o Monitoring activities:
D2-Y, 3-objectives:ORC_Operation-Reporting-Compliance
D3-Z,organizational structures(TML,MML,LML)
17-principles spread across components. Supported by Points of Focus.
o P1-P2-P3-P4-P5-P6-P7-P8-P9-P10-P11-P12-P13-P14-P15-P16-P17
o Clear objective
Background
o Input provided from advisory council representatives from industry,
academia, government, and non-profit.
o 1992-2010-2015-2019-next
 (factors new bss environment, globalization, expectation on
governance, impact of technology, demand of transparency)
 Changed area: codification, clarification, expanded R-category(int/ext
financial/non-fin, greater discussion of anti-fraud
expectations/governance,
o Organized as: executive summary, framework itself (), appendices,
application guide with illustrative tools.
o Intended: to provide tools ( means, way of, approaches, principles,
requirements) for C-level management and board members with:
 internal control (IC) requirement,
 means to apply the IC,
 principles based approach,
 means to identify and analyse risks
 Way of identifying to opportunity to expand IC application.(late
comer O)
 Way of eliminate ineffective, redundant or inefficient controls.
 Approach to develop KRI to strengthen ERM.
 How KRI can Sharpen Focus on Emerging Risks.
o Emphasis on professional judgment.
o COSO frameworks are
 Comprehensive frameworks on ERM, IC, and fraud deterrence.
 Designed to improve orgnal performance/governance.
 Designed to reduce the level of fraud in org n/bank.
 Sponsored/funded by d/t private-sectors.
  1992 (IC) 2004 (ERM Integrated Framework)2013(IC Integrated
Framework)
 2013
 IS is z set of activities,PPT & data.
 IS enable z orgn to obtain, generate, use & communicate
transactions & infon to maintain accountability &
measure/review z entity’s performance or progress towards
achievement of objectives.”
o 2015-COSO in z Cyber Age: white paper(initiative)
 Orgn should invest in cost-justified security controls to protect its
mission critical systems, infrastructure and assets.
 Secure + Vigilant +Resilient= COOPbank
 Orgn should view its cyber profile through the components of IC. E.g:
 Control environment: need to know cyber risk profile
 Assess your risk: evaluate ORC
 Control activities: develop/deploy IC requirements
 Communication and collaboration: int/ext com n lines.
 Monitoring activities: oversee/follow-up & maintain

 The COSO Cube/3D

Figure 1: z 3-demnsions of IC, cited from COSO in the Cyber Age 2015

 5C-17C
 Figure 2: 17 principles vs. 5-Components, Cited from COSO Cyber in the Cyber Age 2015

Figure 3: Interconnection of z 5-components, Cited from COSO Cyber in the Cyber Age 2015

2. COSO justification
A COSO-focused Cyber Risk Assessment
Cyber risk assessment is a reflective of z current state of z org n.
Cyber risk assessment process should be both dynamic & iterative.
Cyber risk assessment process should consider internal & external threat factors.
Motivations behind Cyber Attack and High Potential area
o Nation sponsored : oil and gas industry
o Organized criminals : Retail sector
 o Terrorists group : Security departments
o Hacktivists: Chemical company
o Insiders: all sectors
Asset Valuation and clear objective
Risk Identification
Impact Score and likelihood score

3. COSO vs. others

4. Significance of COSO for

My Team
Taxonomy/Identification of Cyber Security Risk(bank wide)
Cyber Security Risk Assessment (bank wide)
o LML+MML+TML
o DC, Infra, Storage,
Awareness Creation and Culture Cultivation
o 2 training sessions (bank wide)
o Knowledge sharing stage(team level)
Governance Tools
o 1-framework on BCM
o 1-framework on CSM

My Directorate
ERM=ORM+FRM+CSM&BCM

My Chief
ERM=ORM+FRM+CSM&BCM
IC=IC operation + IC monitoring (
Corporate compliance (AML+ Legal compliance)

My Bank (COOP)
Human capital
Financial
Customer

Strategy: New growth Strategy(2020-2024)

Principles: Integrity ,teamwork, concern for community ,cost
consciousness ,customer satisfaction, learning organization
Vision: To be the leading private bank in Ethiopia by 2025.
Mission: We root our foundation in communities to provide banking solutions that
create greater customer experience with emphasis to cooperatives and agro-based
business through proper use of human resources and up to date technologies to
maximize stakeholders’ value.
5. Wrap-Up
My Saying on way to implement COSO into our Risk management(AAT)
o Tailoring and Scoping
o PDCA
o Alignment principles

6. Appreciation