- Since the Committee of Sponsoring Organizations (COSO) issued its Internal Control — Integrated Framework (2013 Framework) in May 2013, many organizations have implemented the new framework to comply with the initial December 15, 2014 transition deadline. The 2013 Framework requires management to assess whether 17 principles are present and functioning, which is a change from the previous framework. Further, the 2013 Framework includes points of focus, which are important characteristics of the 17 principles and assist management with determining whether controls are properly present and functioning.
- The heightened complexity of vendor risk management for US banks was evident at a conference sponsored by Marcus Evans in Chicago on June 3-4. Need for resources, maintaining oversight, and how organizations are managing the process internally were all hot topics of conversation.
- In a recent Baker Tilly and ACUA webinar, titled “Adventures in Small Shop Auditing,” Baker Tilly advisors discussed auditing tools, techniques, and case studies tailored to small audit shops that covered topics including enterprise risk management (ERM), information technology (IT), and sponsored research.
- Recent activity by regulators shows an increased focus on cybersecurity in the insurance industry. The National Association of Insurance Commissioners (NAIC) has published its Principles for Effective Cybersecurity Insurance Regulatory Guidance. In addition, the New York Department of Financial Services (NY DFS) recently released guidance for New York insurance organizations with their Report on Cybersecurity in the Insurance Sector.
- Within the last several months, two significant insurance organizations have announced greater involvement in initiatives to reduce cybersecurity risk throughout the insurance industry. The New York State Department of Financial Services (NY DFS) released the results of its survey on cybersecurity practices and the National Association of Insurance Commissioners (NAIC) recently adopted a set of cybersecurity regulatory principles.
- Previous Next