SOX AND THE IT AUDITOR
|
|
- Benedict Walsh
- 6 years ago
- Views:
Transcription
1 SOX AND THE IT AUDITOR 15 Years Later, Has Life Changed or Does It Just Drone on and on and on and Ross E. Wescott MA CISA CIA CCP CUERME Wescott & Associates The Conference that Counts, Albany New York Monday March 19, 2018 ROSS WESCOTT is Principle of Wescott and Associates, established in 2016 to provide IT audit, risk, governance, and control consulting to a variety of industries and government. He has experience in IT audit program development and implementation using leading standards including Cobit5 IT governance Internal Audit strategy, policy, standards, procedures, and guidelines development and maintenance Risk identification and assessment Controls identification, design and evaluation Data analytics End-to-end IT audit management and execution IT SOX program development and operation Disaster recovery plan development and review, scenario/exercise development and testing Recruiting, team building, development, teaching. Ross Wescott graduated from Portland State University in 1975 with a major in Mathematics/Computer Science. He also graduated in 1986 from Marylhurst University with a Master in Management. He is a Certified Internal Auditor, Certified Information Systems Auditor, Certified Computer Professional, and a Credit Union Enterprise Risk Management Expert. He is a current and active member of the Institute of Internal Auditors and the Information Systems Audit and Control Association. He has been published in the major Internal Auditing publications and has been a speaker at conventions and conferences on many Internal Audit topics. 2 1
2 IT Audit has always had a role in SOx evaluations. They have not always been the primary focus as IT controls are generally secondary to their financial control counterparts. Much has changed in the organizational world since Sarbanes-Oxley came out in 2004 especially that there is more integration of financial processes with IT systems than there was in In this session, you will learn: where we have been and where we are the short history, handling the debate is SOx beneficial enough to continue? old principles still apply what should we focus upon? IT Audit s continuing role, the future is it as clear as the past 3 This publication provides CIOs, IT managers, and control and assurance professionals with scoping and assessment ideas, approaches and guidance in support of the IT-related Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control objectives for financial reporting. 4 2
3 Every organization is required to use a recognized internal controls framework for its Sarbanes-Oxley program. Sarbanes-Oxley Act Section 404 mandates that all publicly traded companies must establish internal controls and procedures for financial reporting and must document, test, and maintain those controls. Norman Marks shows readers how to: Design a scope of work for their Sarbanes-Oxley assessment that is top-down and risk-based. Understand the relationship between Sarbanes-Oxley Sections 302 and 404. Appreciate the alternative methods, including the use of technology, to test key controls. Improve the overall efficiency of their internal controls systems, not just the controls relied on for financial reporting. 5 Where We Were At The Beginning Fifteen years ago, IT was not a direct part of SOX legislation It became quickly clear that it should Then, nearly every IT general control was a key control and IT became the area with the highest number of deficiencies! To make the corrections, IT needed a standard to follow to bring consistency to an area that had no consistency. 6 3
4 Where We Were At The Beginning CobIT became the default IT standard alongside COSO Costs to correct were high with long-term consequences It was not much fun 7 What We Have Become The realization that financial controls heavily relied on IT controls has resulted in an increased focus on IT controls With AS5 and subsequent improvements, IT is now a formal part of the consideration of transaction flow Top down risk-based assessments have reduced the number of key controls. 8 4
5 What We Have Become CobIT still de facto IT governance standard Cost of compliance for many was high but IT is now stronger. But it is not time to relax, improvements still to be made. 9 What We Have Become The main improvement: financial control automation through integrated systems. 10 5
6 What We Have Become And this has put a brighter spotlight onto the IT Auditor as their role has come from the not initially thought of to the cannot live without. I am not sure if it s an enviable position. 11 Organizations now must understand how the financial reporting process works and identify the areas where technology plays a critical part, and distinguish which IT controls have a direct vs. an indirect impact on the financial reporting process. For instance, IT application controls ensure completeness and accuracy of transactions, integrated systems ensure no manually induced errors, and quarterly application access reviews reduce segregation of duties problems. These can all be directly related to financial assertions. 12 6
7 The key has been for over a decade to distinguish IT controls that are associated with a significant account or related business process and mitigate specific material financial risks. This focus on risk enables management to significantly has reduced the scope of IT general control testing relative to the first few years. 13 The last 15 years has not always been smooth sailing. 14 7
8 A December 21, 2008 Wall St. Journal editorial stated, "The new laws and regulations have neither prevented frauds nor instituted fairness. But they have managed to kill the creation of new public companies in the U.S., cripple the venture capital business, and damage entrepreneurship Cooked up in the wake of accounting scandals earlier this decade, [SOx] has essentially hamstrung the NYSE and Nasdaq (while making the London Stock Exchange rich), and cost U.S. industry more than $200 billion by some estimates." 15 Despite its enactment in 2002 (most of the Sarbanes Oxley Act's provisions came into effect as early as 2003), SOX was still unable to prevent the financial crisis of 2008, which was precipitated by the Lehman Brothers Holdings financial scandal! 16 8
9 But that was then and this is now. We no longer find detractors to the legislation as it has become everyday life for public companies in the United States and their subsidiaries. 17 From an August 2016 article in The Audit Board, John Kim has said that SOx has improved the reliability of financial reporting and auditing. SOX ended self-regulation by the audit profession and established an independent oversight of the auditing process, the Public Company Accounting Oversight Board (PCAOB) SOX strengthened and expanded audit committees by stipulating that a) all listed companies must have an audit committee, b) members must be independent of management, c) committees contain at least one financial expert, and d) be directly responsible for appointing auditors and ensuring their company s financial reporting is correct. 18 9
10 SOX made executives more accountable and protected investors by forcing them to demonstrate ownership of their companies financial statements through personally certifying the financial reports. SOX enhanced auditor independence by ensuring that [external] auditors remain independent by prohibiting them from providing services such as bookkeeping, actuarial services, or management functions to the companies they audit. 19 But, you may be asking, what has this got to do with the IT Auditor? Everything - because IT SOx is only a branch off of the SOx family tree. What happens to the trunk will happen to the IT SOx branch and the financial SOx branch. They cannot be separated
11 Let s look at some SOx family statistics before we get more specific with the IT SOx branch. 21 Protiviti Surveys 2010 to 2016; Workiva, Moss Adams, SOx Pro Survey
12 Some interesting trends for the IT Auditor to note: In 2017, the total number of IT controls: 40% reported 0 to 25 30% reported 26 to 50 14% reported 51 to % reported 101 to 250 1% reported over 250 IT controls Workiva, Moss Adams. SOxPro Survey: 2017 State of the SOX /Internal Controls Market 23 Most Significant Challenge Ranking Compliance Challenge Executive Priority Direction Direction Priority Priority Priority Priority Replacement of Legacy Technology n/a Increase Focus on IT and Cyber Security Controls Workiva, Moss Adams. SOxPro Survey: 2017 State of the SOX /Internal Controls Market 24 12
13 Does your organization use outside resources for Sarbanes-Oxley compliance related to IT controls? Resources Used for IT SOx Compliance 39% 46% 46% 39% 15% 15% Yes, Co-source Yes, Outsource No, Internal Protiviti Survey % of surveyed companies have moderate to significant plans to automate IT processes and controls. Average percentage of all controls that are IT General Controls 32% Protiviti Survey
14 So, what does this mean for the IT Auditor? There will be much work to do in Pre-Implementation reviews for legacy replacements, Rework of former manual controls to be automated controls, Changing out old automated controls for new ones, and A renewed focus of the audit universe to add cyber security coverage. 27 When reviewing all of these new controls (if you are to do it), here are the questions to ask of each new or changed control and its particular place in a business process: What is the most critical step in this process? What is the related control that ensures the step is performed thoroughly and timely? If the control didn t exist, would there be an increased risk of a material misstatement? Is the control related to a significant or complex account review or reconciliation? Is the control designed to prevent transactions from being changed after management approval? The answers will help determine the level of testing (it s sort of a risk assessment) 28 14
15 Here are additional roles an IT Auditor can take in the SOx role. Use of CAAT software to automate financial sampling, where applicable. Promote use of SOx central repository and control software (GRC) for risk and control documentation, key control tests, testing results, gaps, remediation's, and the status of all. 29 And, perform a QA on the IT SOx group of controls. Ensure that they cover: SDLC Covering the process of acquiring and developing in-scope systems (including infrastructure) SDLC Covering implementing in-scope applications and technology. Policies Covering support for all business process activities in a consistent and objective manner. Change Acceptance Covering testing and validation prior to migration to production
16 Manage Change Covering all functionality change to in-scope technology. Service Levels Covering how in-scope systems meet functional and operational expectations. Vendor Management Covers outside relationships that could impact financial results. Systems Security Covering access through physical and logical means, including in-scope applications. Configuration Covering performance of in-scope systems and infrastructure over their lifetimes. Incidents and Problems Covering identifying and responding to events. 31 Data Covering integrity, completeness, accuracy, authorization, and existence of in-scope data. Operations Covering the maintenance of in-scope systems in support of the business. End User Computing and Data Configuration Covering user-controlled in-scope methods that relate to financial statement integrity, completeness, accuracy, authorization, timeliness, and existence
17 The goal of all previous steps is to have efficient and effective testing based on more accurate documentation to achieve the ultimate goal The ultimate goal: better conclusions as to the state of financial and IT general and application controls better certifications by the CIO, CFO, and CEO greater reliability by the public accountant reduced costs, over time compliance 33 A Word of Cheerleading or Two Continue to use a well-known standard to measure against CobIT Use risk-based identification of key controls Implement technology whenever possible to document controls, risks, tests, and remediation's steer away from the miles and poundage of paper binders or disassociated Word and Excel documents! 34 17
18 THE END (BUT NOT REALLY, AS SOX IT WILL KEEP GOING, AND GOING, AND GOING, AND ) 35 Any Final Questions? 36 18
19 If you have any questions, please feel free to call and have a meaningful conversation: Ross Wescott MA CISA CIA CCP CUERME Principal Wescott and Associates rew5@comcast.net 37 Thank You! 38 19
Purposing the entirety of COBIT5 for the Assurance Professional. Ross E. Wescott MA CISA CIA CCP CUERME Wescott & Associates
Purposing the entirety of COBIT5 for the Assurance Professional Ross E. Wescott MA CISA CIA CCP CUERME Wescott & Associates The Conference that Counts, Albany New York Monday March 19, 2018 ROSS WESCOTT
More informationSarbanes-Oxley Compliance
LANDESK WHITE PAPER Sarbanes-Oxley Compliance How LANDesk Management Solutions Support IT Asset Management and Overall IT Control Requirements Abstract: The Sarbanes-Oxley Act of 2002 implements strict
More informationB S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013
B S R & Co. LLP Reporting on Internal Controls over Financial Reporting An Overview Sarbanes Oxley Act (SOX) 28 December 2013 Agenda Sarbanes Oxley Key Sections COSO Framework Management Approach to ICOFR
More information1. Corporate management (including the CEO) must certify monthly and annually their organization s internal controls over financial reporting.
Chapter 1 Auditing and Internal Control TRUE/FALSE 1. Corporate management (including the CEO) must certify monthly and annually their organization s internal controls over financial reporting. F 2. Both
More informationSarbanes-Oxley Act of 2002 Can private businesses benefit from it?
Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? As used in this document, Deloitte means Deloitte Tax LLP, which provides tax services; Deloitte & Touche LLP, which provides assurance
More informationCorporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14
Slide 14.1 Corporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14 Rick Stephan Hayes, Roger Dassen, Arnold Schilder, Philip Wallage Slide 14.2 Corporate
More informationBeyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404
Beyond Compliance Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404 Note to Readers Regarding This First Edition April 2003: This document was published
More informationSarbanes Oxley Impact on Supply Chain Management
Sarbanes Oxley Impact on Supply Chain Management Robert J. Engel, C.P.M. National Director of Client Service Resources Global Professionals-SCM Practice 713-403-1979: Bob.Engel@Resources-us.com 91 st Annual
More informationCreating Business Value Through Optimized Compliance Practices
Creating Business Value Through Optimized Compliance Practices Applying the COSO Guidance COSO Applies to Companies Large and Small The proposed COSO guidance is not just for small- and midcap companies.
More informationSarbanes-Oxley Compliance Kit
Kit February 2018 This product is NOT FOR RESALE or REDISTRIBUTION in any physical or electronic format. The purchaser of this template has acquired the rights to use it for a SINGLE Disaster Recovery
More informationInternal Controls. June-20-17
Internal Controls June-20-17 Background The Audit Committee is responsible for ensuring the adequacy and effectiveness of HRM s systems of internal control in relation to financial controls and risk management
More informationFDICIA Reporting for Financial Institutions. Reporting Changes Under Part 363 and SAS 130
FDICIA Reporting for Financial Institutions Reporting Changes Under Part 363 and SAS 130 CONTENTS 02 INTRODUCTION REQUIREMENTS BY TIER 03 03 Management Assessment 04 05 03 Independent Auditors FILING DEADLINES
More informationEssential IT Considerations for Sarbanes-Oxley Act
Essential IT Considerations for Sarbanes-Oxley Act Fulcrum Information Technology, Inc. 2050 North Collins Blvd, Suite 125 Richardson, Texas 75080 Phone: 972-312-8500 Fax: 214-242-3939 Table of Contents
More informationTerm Project. Sarbanes-Oxley Act (SOX) Hiroshi Tachibana (MBA 2 nd )
Term Project Sarbanes-Oxley Act (SOX) Hiroshi Tachibana (MBA 2 nd ) Sarbanes-Oxley Act (SOX) was established in 2002 in order not to repeat company and accounting scandals which occurred from later 1990
More informationSarbanes-Oxley: Company Case Study - Viacom Inc. IT General Controls - Sustaining Compliance Efforts. Anthony Noble VP, IT Internal Audit
Sarbanes-Oxley: A Focus on IT Controls Company Case Study - Viacom Inc. IT General Controls - Sustaining Compliance Efforts Anthony Noble VP, IT Internal Audit Today s Agenda Introduction Viacom Methodology
More informationInternal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)
Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR) Origin of IFC The first significant focus on internal control certification related to financial reporting
More informationBusiness Benefits by Aligning IT best practices
Business Benefits by Aligning IT best practices Executive Summary Since the Sarbanes-Oxley Act (Sarbanes-Oxley or SOX) was signed into law in 2002, many companies have adopted some IT practices to comply
More informationAN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org PRELIMINARY STAFF VIEWS AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL
More informationBenchmarking SOX Costs, Hours and Controls
Benchmarking SOX Costs, Hours and Controls Leverage the results of Protiviti s 2018 Sarbanes-Oxley Compliance Survey to gear up and automate key processes Table of Contents Executive Summary...2 SOX Compliance
More informationaudit typology 115 audit universe 101 data and information pool 103 definition 101 structure and content 101
F Subject Index A ABAP 411 ABAP report for IT audit 412 ABAP workbench 417 accruals 319 for contingent losses 323 for legal and consulting costs 324 accrued liabilities audit 318 accruals for contingent
More informationGAIT FOR BUSINESS AND IT RISK
GAIT FOR BUSINESS AND IT RISK (GAIT-R) The Institute of Internal Auditors March 2008 Table of Contents 1. Introduction...1 2. Executive Summary...2 3. Why GAIT-R?...4 4. The GAIT-R Principles...6 5. GAIT-R
More informationEY Center for Board Matters. Leading practices for audit committees
EY Center for Board Matters for audit committees As an audit committee member, your role is increasingly complex and demanding. Regulators, standard-setters and investors are pressing for more transparency
More informationDon t Leave Home Without Your SOX!
Don t Leave Home Without Your SOX! Using Function Points to identify and document your company s application controls for the Sarbanes-Oxley Act of 2002, Section 404 Presented by Tammy Preuss CFPS, PMP,
More informationIPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:
IPO Readiness Sarbanes-Oxley Compliance & Other Considerations Presented by: IPO Readiness Enhanced Financial / Legal compliance SEC / Stock Exchange Compliance Entity Structure / Registration Filing Requirements
More information2. Agenda and minutes. Is an agenda prepared and distributed in advance of board meetings? Are minutes prepared and approved after board meetings?
Commitment to Good Corporate Governance 1. Ownership and governance structure: Is the everyday, practical governance of the firm and the exercise of ownership rights consistent with the formal documentation
More informationTypes of Systems Audit & Relevance. Presented By: Prasad Pendse, CISA
Types of Systems Audit & Relevance Presented By: Prasad Pendse, CISA Agenda Systems Audit Categories & Types of Systems Audit, Relevance IT & Application Audits Security Audits Process Audits Advantages
More informationNew Role of Audit Committee: A Post-Financial Crisis Analysis
New Role of Audit Committee: A Post-Financial Crisis Analysis Gagan Kukreja 1 College of Business and Finance Ahlia University, P.O. Box 10878, Kingdom of Bahrain Abstract. This paper will throw the light
More informationFREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING
FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING Nature and Timing of the Reporting Requirement When must registrants begin to report on internal control over financial reporting?
More informationInternal Controls Optimization
Internal Controls Optimization PricewaterhouseCoopers LLP Controls optimization Background on Internal Controls Background on Internal Controls Business advances that have offered growth and opportunity
More informationPresent and functioning: Fine-tuning your ICFR using the COSO update
Present and functioning: Fine-tuning your ICFR using the COSO update November 2014 With the COSO s 1992 Control Framework being superseded by the 2013 updated edition on December 15, 2014, now is the time
More informationChapter 9 Ethical Guidelines for Information Use
Chapter 9 Ethical Guidelines for Information Use Managing and Using Information Systems: A Strategic Approach by Keri Pearlson & Carol Saunders Learning Objectives Understand how ethics should be framed
More informationRisk management. Risk management system
Report on the main characteristics of the internal control and risk management system with respect to the accounting process according to Sec. 289 para. 4 of the German Commercial Code As an enterprise
More informationThe Blue Sage Group. Sarbanes-Oxley. 404 Compliance Program. The Blue Sage Group
The Blue Sage Group Sarbanes-Oxley 404 Compliance Program The Blue Sage Group Agenda The Blue Sage Group 404 Compliance Challenges Meeting the 404 Challenges TBSG 404 Compliance Program Assessment and
More informationBank Governance: An Independent Director's Perspective
NORTH CAROLINA BANKING INSTITUTE Volume 7 Issue 1 Article 4 2003 Bank Governance: An Independent Director's Perspective John D. "Jay" Cornet Follow this and additional works at: http://scholarship.law.unc.edu/ncbi
More informationCOSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions
COSO 2013 What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions Today s Presenter Jonathan Reiss is a Director in Protiviti s New York office in the Internal Audit Practice.
More informationChapter 8 Governance of the Information Systems Organization
Chapter 8 Governance of the Information Systems Organization Jason C. H. Chen, Ph.D. Professor of MIS School of Business Administration Gonzaga University Spokane, WA 99258 chen@jepson.gonzaga.edu Today
More information29 th Regional Conference of WIRC
29 th Regional Conference of WIRC Internal Financial Control - Auditors responsibility The Lalit International, Mumbai 6 December 2014 Contents 1 Provisions of Companies Act, 2013 2 Auditors responsibility
More informationSMITH & NEPHEW PLC TERMS OF REFERENCE OF THE AUDIT COMMITTEE
SMITH & NEPHEW PLC TERMS OF REFERENCE OF THE AUDIT COMMITTEE MEMBERSHIP 1. Members of the Audit Committee shall be appointed by the Board subject to annual re-election by shareholders at the AGM on the
More informationSOX 404 & IT Controls
SOX 404 & IT Controls IT Control Recommendations For Small and Mid-size companies by Ike Ugochuku, CIA, CISA TLK Enterprise 2006, www.tlkenterprise.com INTRODUCTION Small, medium, and large businesses
More informationSpeech by SEC Staff: Remarks Before the 2006 AICPA National Conference on Current SEC and PCAOB Developments
Home Previous Page Speech by SEC Staff: Remarks Before the 2006 AICPA National Conference on Current SEC and PCAOB Developments by Michael W. Husich Associate Chief Accountant, Office of the Chief Accountant
More information4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.
Commitment to Good Corporate Governance 1. Ownership structure. Please provide a chart setting out the important shareholdings, holding companies, affiliates and subsidiaries of the company. If the company
More informationGuide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements
Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements Frequently Asked Questions Regarding Section 404 Updated to reflect the SEC's final rules Table of Contents Page No. Introduction
More informationα β 19 November 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.
UBS AG Financial Services Group P.O. Box, 8098 Zurich Tel. +41-1-234 11 11 Group Chief Risk Officer Member of the Group Managing Board 19 November 2003 Walter H. Stuerzinger GCCR-STR FH507 Pelikanstrasse
More informationInternal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016
New perspectives as per Companies Act 2013 and CARO 2016 1 Contents: Background Meaning of IFC IFC on Financial Reporting Why IFC? Regulatory mandate Role of various authorities Components of IFC IFC under
More informationCREATING A FRAUD RISK ASSESSMENT AND IMPLEMENTING A CONTINUOUS MONITORING PROGRAM
CREATING A FRAUD RISK ASSESSMENT AND IMPLEMENTING A CONTINUOUS MONITORING PROGRAM Compliance professionals around the world are struggling with how to do more with less. In order to provide effective assurance
More informationIs your ERP ready for COSO 2013?
Is your ERP ready for COSO 2013? Securing the ERP Webcast series February 26, 2015 Agenda COSO 2013 overview What is changing and what is not? Internal control definition Components and principles Transition
More informationSOX Audit Environment
SOX Audit Environment Summary This article gives an overview of the independent audit board, auditors and also their relationship with the management. The objectives of audit are also listed as well as
More informationISACA S IT Audit, Information Security & Risk Insights Africa 2014 MAY, 2014
ISACA S IT Audit, Information Security & Risk Insights Africa 2014 MAY, 2014 MANAGING IT RISKS IN THE BANKING INDUSTRY Emmanuel Ofori Boateng, Dep. Head, IT, Ecobank Ghana OVERVIEW - HISTORY OF RISK MANAGEMENT
More informationIncreasing External Auditor Reliance
Increasing External Auditor Reliance Guiding Internal Auditors to realize the benefits of raising the bar on External Auditor Reliance. SOX Software Made Simple Table of Contents 1 Introduction 3 Factors
More informationCLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING
CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING All public companies either have begun or will soon begin a process, required under Section 404 of the Sarbanes-Oxley Act of 2002 ( SOX ), of reviewing
More information9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in
9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in operational effectiveness and efficiency, reliable
More informationChapter 2. The CPA Profession
Chapter 2 The CPA Profession Review Questions 2-1 The four major services that CPAs provide are: 1. Audit and assurance services Assurance services are independent professional services that improve the
More informationSAMPLE BEC SuperfastCPA Review Notes
BEC 2018 SuperfastCPA Review Notes Table of Contents Corporate Governance 1 Internal Control Frameworks 1 Enterprise Risk Management Frameworks 6 Other Regulatory Frameworks and Provisions 10 Economic
More informationFor the first time in the history of corporate financial reporting and. Management Reporting on Internal Control. Use of COSO 1992 in.
Cover Story Use of COSO 1992 in Management Reporting on Internal Control THE COSO FRAMEWORK provides an integrated framework that identifies components and objectives of internal control. But does it set
More informationSarbanes-Oxley Compliance: Managing Technology Controls
Sarbanes-Oxley Compliance: Managing Technology Controls WATCHIT PROGRAMS WatchIT delivers experience to the desktop. Our programs feature industry executives and experts who share insight and understanding
More informationEmerging Technology and Security Update
Emerging Technology and Security Update February 13, 2015 Jordan Reed Managing Director Agenda 2015 Internal Audit Capabilities and Needs Survey 2014 IT Priorities Survey Results 2014 IT Security and Privacy
More informationProposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions
Proposed Attestation Requirements for FR Y-14A/Q/M reports Overview and Implications for Banking Institutions O Background n September 16, 2015, the Board of Governors of the Federal Reserve System ( Federal
More informationBlackLine Compliance
BlackLine Compliance The Compliance Imperative Compliance and Internal Audit teams are facing a complex regulatory and operating environment. Many teams are under significant cost pressure to improve efficiency
More informationChecklist for Higher Education
Checklist for Higher Education The following section contains a checklist addressing issues of particular relevance to higher education. The guidance is considered best practice for higher education. The
More informationCITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide
CITIBANK N.A JORDAN Governance and Management of Information and Related Technologies Guide 2018 Table of Contents 1. OVERVIEW... 2 2. Governance of Enterprise IT... 3 3. Principles of Governance of Enterprise
More informationREPORT 2016/033 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS
More informationSOX and PCAOB. Introduction. SOX Act. In what year did the Sarbanes Oxley Act pass into law?
Introduction SOX and PCAOB Auditing Publicly Traded Companies Enron and other corporate scandals resulted in the demise of Andersen and passage of the Sarbanes-Oxley Act The Act establishes the Public
More informationAfter completing this Session, you should be able to answer the following questions:
About this Course Welcome to CMA Auditing Course, Part II. Below, you will find a short summary of the modules. Upon registration, further introductory resources will tell you: How the course is organized
More informationBoards and internal audit: Working together to strengthen risk management
Boards and internal audit: Working together to strengthen risk management Growing demands on boards The role of the board has always been an important and demanding one, but today s board members face
More informationMoving Internal Audit Back into Balance
Moving Internal Audit Back into Balance A Post-Sarbanes-Oxley Survey Fourth Edition Table of Contents Introduction... 1 Executive Summary... 2 Overview of Rebalancing Initiatives... 4 Current Status of
More informationSTARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS
STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS Starwood Hotels & Resorts Worldwide, Inc. (the Company ) has determined that it is of the utmost importance
More informationShould boards and CEOs care about COSO ERM 2017? By Tim J. Leech
Should boards and CEOs care about COSO ERM 2017? By Tim J. Leech Source: Conference Board December 2017 https://www.conferenceboard.org/blog/postdetail.cfm?post=6631 As globalization accelerates and the
More informationRE: Internal Control Integrated Framework: Guidance on Monitoring Internal Control Systems Discussion Document
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 31 October 2007 COSO Board of Directors In
More informationChanges to The IIA Standards: What Board Members and Executive Management Need to Know
Changes to The IIA Standards: What Board Members and Executive Management Need to Know Introduction The Institute of Internal Auditors (IIA) is the leading standard- and guidance-setting body for the global
More informationSarbanes-Oxley and the New Internal Auditing Rules
Sarbanes-Oxley and the New Internal Auditing Rules ROBERT R. MOELLER John Wiley & Sons, Inc. Sarbanes-Oxley and the New Internal Auditing Rules Sarbanes-Oxley and the New Internal Auditing Rules ROBERT
More informationSOX perspective of internal control & COSO, COBIT Control frameworks.
SOX perspective of internal control & COSO, COBIT Control frameworks. Applies to: Business Experts. Summary An effective internal control is foundation of safe and sound organizational financial policy
More informationRapidly Reduce Segregation of Duty Violations in Oracle EBS R12 Responsibilities Session ID#: 15042
Rapidly Reduce Segregation of Duty Violations in Oracle EBS R12 Responsibilities Session ID#: 15042 Responsibility templates from a catalog of pre-configured ERP roles. Workflow to update, review as well
More informationEY Center for Board Matters Boards and internal audit
EY Center for Board Matters Boards and internal audit Working together to strengthen risk management Growing demands on boards The role of the board has always been an important and demanding one, but
More informationThe New COSO Framework: Avoiding Deficiencies and Driving Change
The New COSO Framework: Avoiding Deficiencies and Driving Change Session #308 Speaker Introductions Kimberley Mobley, CPA, CISA Ryan Isbell, CPA Greg Daniel, CISA, CRMA Partner Controller Manager Johnson
More informationA Guide to IT Risk Assessment for Financial Institutions. March 2, 2011
A Guide to IT Risk Assessment for Financial Institutions March 2, 2011 Welcome! Housekeeping Control panel on the right side of your screen. Audio Telephone VoIP Submit Questions in the pane on the control
More informationPGDBFS 103 International Financial Accounting and Policy (IFAP)
June 2018 PGDBFS 103 International Financial Accounting and Policy (IFAP) Tutorial 09: Comparative International Auditing and Corporate Governance Malinda Boyagoda BSc. Business Admin (USJP), ACA, ACMA,
More informationThe NYSE Internal Audit Requirement
The NYSE Internal Audit Requirement 70. What companies are impacted by the SEC s approval of the NYSE rules? Only NYSE-listed firms are affected. While the SEC also approved new listing standards for the
More informationDeveloping a Top-Down, Risk-Based Approach to SOX
Developing a Top-Down, Risk-Based Approach to SOX Developing a Top-Down, Risk-Based Approach to SOX 15% Deficiencies 15% Minor Errors At its simplest, a top-down, risk-based approach to financial reporting
More informationSarbanes-Oxley Internal Controls
Sarbanes-Oxley Internal Controls Effective Auditing with AS5, CobiT, and ITIL ROBERT R. MOELLER John Wiley & Sons, Inc. Sarbanes-Oxley Internal Controls Sarbanes-Oxley Internal Controls Effective Auditing
More information2013 COSO Internal Control Framework Update. September 5, 2013
2013 COSO Internal Control Framework Update September 5, 2013 Agenda 2013 COSO IC Framework Topic Minutes The update process 5 What is not changing / What is changing 5 The 17 principles and changes to
More informationCompliance in Multiple Regulatory Settings. a Holistic Approach
Compliance in Multiple Regulatory Settings a Holistic Approach Vanessa Balogh Key Problems Compliance with multiple regulations FDA, SOX, HIPAA,GLBA,BASEL II, PCI, more Lack of transparency, ownership
More informationJournal of Applied Business Research Third Quarter 2006 Volume 22, Number 3
2002 Sarbanes-Oxley Act: Privately-Held Companies Implementation Issues Ronald O. Reed, (E-mail: ronald.reed@unco.edu), University of Northern Colorado Thomas Buchman, University of Colorado, Boulder Richard
More informationCOMPLYING WITH. SECTION 404 A Guide for Small Publicly Held Companies SARBANES- OXLEY LYNFORD GRAHAM
COMPLYING WITH SARBANES- OXLEY SECTION 404 A Guide for Small Publicly Held Companies LYNFORD GRAHAM Complying with Sarbanes-Oxley Section 404 Complying with Sarbanes-Oxley Section 404 A Guide for Small
More informationStatement on Risk Management and Internal Control
INTRODUCTION The Board affirms its overall responsibility for the Group s system of internal control and risk management and for reviewing the adequacy and effectiveness of the system. The Board is pleased
More informationERP IMPLEMENTATION RISK
ERP IMPLEMENTATION RISK Kari Sklenka-Gordon, Director at RSM National ERP Risk Advisory Leader March 2017 2015 2016 RSM US LLP. All Rights Reserved. Speaker Kari Sklenka-Gordon National RSM ERP Risk Advisory
More informationCorporate Governance Update. SOX 404 and Internal Controls
Corporate Governance Update SOX 404 and Internal Controls Speakers Barbara Borden bborden@cooley.com 858.550.6243 Brad Peck bpeck@cooley.com 858.550.6012 Steven Spector (858) 453-7200 x229 sspector@arenapharm.com
More informationRisk-based Assessment of User Access Controls and Segregation of Running Oracle Applications Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars
Risk-based Assessment of User Access Controls and Segregation of Duties for Companies Running Oracle Applications Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars Presentation Agenda Overview:
More informationAirports Council International-North America 2006 Economic Specialty Conference June 5, 2006
How Airports are Responding to the Sarbanes-Oxley Act (SOX) Airports Council International-North America 2006 Economic Specialty Conference June 5, 2006 Gail Flister Vallieres U.S. Government Accountability
More informationNegotiating in a Sarbanes-Oxley World
Negotiating in a Sarbanes-Oxley World Richard Pennington, J.D., C.P.M., Consultant SCOPEVision Consulting Ltd 303/324-7333, rpennington@scopevisionconsulting.com 91 st Annual International Supply Management
More informationAuditing & Assurance Services, 7e (Louwers) Chapter 2 Professional Standards
Auditing & Assurance Services, 7e (Louwers) Chapter 2 Professional Standards 1) Control risk is A) the probability that a material misstatement could not be prevented or detected by the entity's internal
More informationRamifications of the New COSO Framework & Recent PCAOB Actions
Ramifications of the New COSO Framework & Recent PCAOB Actions Panelists Moderator Bob Meyer, Senior Vice President of Finance & Corporate Controller, American Tower Joann Cangelosi, Partner, Grant Thornton
More informationIT Audit Process Prof. Liang Yao Week Three IT Risk Assessment
Week Three IT Risk Assessment Defining Risks Inherent Risk: The risk that an activity would pose if no controls or other mitigating factors were in place (the gross risk or risk before controls) Residual
More informationPlugging the Gaps in Financial Controls Monitoring
Plugging the Gaps in Financial Controls Monitoring Finance organizations are under duress to improve overall governance and are bearing substantial costs in maintaining monitoring and audit functions.
More informationThe Impact of the Sarbanes- Oxley Act and Similar Legislation: Lessons Learned and Considerations for the Future
The Impact of the Sarbanes- Oxley Act and Similar Legislation: Lessons Learned and Considerations for the Future Protiviti, together with the input of the Singapore Accountancy Commission, has developed
More informationClosing Software: The Evolution of the Close Why Technology Should Drive Your Close
Closing Software: The Evolution of the Close Why Technology Should Drive Your Close by Mike Whitmire, CPA TABLE OF CONTENTS AUTHOR: Mike Whitmire, CPA What is Closing Software? 1 Automating Account Reconciliations
More informationSuccessful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)
1 Successful ERM Program Standards Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager William C. Hord V.P. of Enterprise Risk Management
More informationInternal Control & Sarbanes-Oxley Act. ERPANET Workshop. Antwerp, April 14, PwC
Internal Control & Sarbanes-Oley Act ERPANET Workshop Antwerp, April 14, 2004 PwC 2 Pw Agenda Background The Sarbanes-Oley Act - An Overview Approach to 404 readiness Background Reasons for New Legislation
More informationHow to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA
How to Maximize Your Internal Controls Program June 15, 2017 Atlanta, GA Sarbanes-Oxley Update June 15, 2017 Rick Warren Principal patrick.warren@pwc.com Andres Leal Director andres.m.leal@pwc.com 3 Agenda
More informationA-9: Audit Committee Effectiveness
A-9: Audit Committee Effectiveness Renée W. Jaenicke, CPA, CIA Renown Health 2011 AHIA Annual Conference www.ahia.org Renown Health and Internal Audit Our Journey Sources and Presentations Please ask questions
More informationSOX106. Accounts Payable and Sarbanes-Oxley; Strengthening your Internal Controls- 10 hours. Objectives
SOX106 Accounts Payable and Sarbanes-Oxley; Strengthening your Internal Controls- 10 hours Objectives This course describes how Sarbanes Oxley requirements should be implemented as they pertain to accounts
More information