Professional Documents
Culture Documents
1. About COSO...................................................................................................................................2
2. COSO justification..........................................................................................................................4
3. COSO vs. others.............................................................................................................................5
4. Significance of COSO for................................................................................................................5
My Team............................................................................................................................................5
My Directorate..................................................................................................................................5
My Chief............................................................................................................................................5
My Bank (COOP)................................................................................................................................5
5. Wrap-Up and my Saying................................................................................................................6
6. Appreciation..................................................................................................................................6
1. About COSO
D1-X, 5-components :
o Control environment:
o Assess your risk:
o Control activities:
o Communication and collaboration:
o Monitoring activities:
D2-Y, 3-objectives:ORC_Operation-Reporting-Compliance
D3-Z,organizational structures(TML,MML,LML)
17-principles spread across components. Supported by Points of Focus.
o P1-P2-P3-P4-P5-P6-P7-P8-P9-P10-P11-P12-P13-P14-P15-P16-P17
o Clear objective
Background
o Input provided from advisory council representatives from industry,
academia, government, and non-profit.
o 1992-2010-2015-2019-next
(factors new bss environment, globalization, expectation on
governance, impact of technology, demand of transparency)
Changed area: codification, clarification, expanded R-category(int/ext
financial/non-fin, greater discussion of anti-fraud
expectations/governance,
o Organized as: executive summary, framework itself (), appendices,
application guide with illustrative tools.
o Intended: to provide tools ( means, way of, approaches, principles,
requirements) for C-level management and board members with:
internal control (IC) requirement,
means to apply the IC,
principles based approach,
means to identify and analyse risks
Way of identifying to opportunity to expand IC application.(late
comer O)
Way of eliminate ineffective, redundant or inefficient controls.
Approach to develop KRI to strengthen ERM.
How KRI can Sharpen Focus on Emerging Risks.
o Emphasis on professional judgment.
o COSO frameworks are
Comprehensive frameworks on ERM, IC, and fraud deterrence.
Designed to improve orgnal performance/governance.
Designed to reduce the level of fraud in org n/bank.
Sponsored/funded by d/t private-sectors.
1992 (IC) 2004 (ERM Integrated Framework)2013(IC Integrated
Framework)
2013
IS is z set of activities,PPT & data.
IS enable z orgn to obtain, generate, use & communicate
transactions & infon to maintain accountability &
measure/review z entity’s performance or progress towards
achievement of objectives.”
o 2015-COSO in z Cyber Age: white paper(initiative)
Orgn should invest in cost-justified security controls to protect its
mission critical systems, infrastructure and assets.
Secure + Vigilant +Resilient= COOPbank
Orgn should view its cyber profile through the components of IC. E.g:
Control environment: need to know cyber risk profile
Assess your risk: evaluate ORC
Control activities: develop/deploy IC requirements
Communication and collaboration: int/ext com n lines.
Monitoring activities: oversee/follow-up & maintain
5C-17C
Figure 2: 17 principles vs. 5-Components, Cited from COSO Cyber in the Cyber Age 2015
Figure 3: Interconnection of z 5-components, Cited from COSO Cyber in the Cyber Age 2015
2. COSO justification
A COSO-focused Cyber Risk Assessment
Cyber risk assessment is a reflective of z current state of z org n.
Cyber risk assessment process should be both dynamic & iterative.
Cyber risk assessment process should consider internal & external threat factors.
Motivations behind Cyber Attack and High Potential area
o Nation sponsored : oil and gas industry
o Organized criminals : Retail sector
o Terrorists group : Security departments
o Hacktivists: Chemical company
o Insiders: all sectors
Asset Valuation and clear objective
Risk Identification
Impact Score and likelihood score
My Directorate
ERM=ORM+FRM+CSM&BCM
My Chief
ERM=ORM+FRM+CSM&BCM
IC=IC operation + IC monitoring (
Corporate compliance (AML+ Legal compliance)
My Bank (COOP)
Human capital
Financial
Customer
6. Appreciation