Essential IT Considerations for Sarbanes-Oxley Act
|
|
- Cynthia King
- 5 years ago
- Views:
Transcription
1 Essential IT Considerations for Sarbanes-Oxley Act Fulcrum Information Technology, Inc North Collins Blvd, Suite 125 Richardson, Texas Phone: Fax:
2 Table of Contents Introduction...3 Sarbanes-Oxley Background...4 Security Administration...6 Business Continuity Plan...6 Reporting Tools...7 Software Change Management...7 Improve Risk Assessment Process with COSO based Standard Framework...8 Internal Controls Framework (COSO)...8 Control Environment...8 Risk Assessment...8 Control Activities...8 Information and Communication...8 Monitoring...9 Internal Controls Management Tools...9 Internal controls management software...9 Sarbanes-Oxley Controls Implementation Approach...11 Conclusion...11
3 Introduction The Sarbanes-Oxley Act (SOA) of 2002 applies to companies which are required to file an annual report with the US Securities and Exchange Commission (SEC) under either Section 13(a) or 15(d) of the Securities Exchange Act of The SEC requires executives to certify 10-K and 10-Q filings as mandated by SOA Section 302 and Section 906, as of August 29, Now, the SEC has set the deadline for Section 404, which requires management to file an internal controls report with the annual report. The deadline to file a management report on internal controls for companies with market capitalization over $75M, accelerated filer, is in the fiscal year ending on or after June 15, Small business issuers are required to comply in the fiscal year ending on or after April 15, Many companies have formed an SOA committee, which is responsible for all aspects of internal controls necessary to comply with the Sarbanes-Oxley rules. Such a committee includes senior management, for example, CFO, Controller, General Counsel, CIO and COO. The purpose of this document is to highlight the essential Information Technology (IT) considerations for the disclosure committee and management team responsible for SOA compliance. Today, information technology is an integral part of a company s operations. Management should certify the integrity, reliability and security of IT systems that are used to prepare the financial statements for the company. Since technology is frequently updated and changed to meet business requirements, the responsibility for ensuring accurate systems controls should also be delegated to the appropriate IT managers. The information presented in this document is based on our experiences working with clients, external auditors, risk consultants, technology vendors and attorneys. This information may evolve as the Public Company Accounting Oversight Board (PCAOB) and SEC address the various issues regarding Sarbanes-Oxley rules. Public companies are expecting significant increases in external audit fees as well as increases in the cost of internal controls management in order to comply with the Sarbanes-Oxley Act. Companies should consider using information technology to establish a Committee of Sponsoring Organizations (COSO) of the Treadway Commission framework to reduce the costs and risks related to SOA compliance. For example, a company can implement off-the-shelf software to verify business processes and provide all employees access and training as needed for specific job roles and responsibilities. The internal audit department can create a library of key business risks, identify controls to address those risks and automate the audit procedures. This will enable management to establish and maintain adequate internal controls. A standard framework should be employed that will improve the annual risk assessment process required under Section 404 of the Sarbanes-Oxley Act. All major ERP vendors including SAP, Oracle and PeopleSoft have introduced new functionality to help companies manage internal controls. Business Intelligence vendors such as SAS and BusinessObjects also have software that can be integrated with business applications. Certain external auditors and risk consultants can also provide software tools. Once a company has identified objectives for implementing internal controls, IT management should develop the scope for IT initiatives by identifying tasks necessary for compliance, allocating resources and developing a project plan. SOA IT initiatives should include a review of IT systems and infrastructure and implementation of a COSO integrated framework.
4 Sarbanes-Oxley Background Due to several high-profile business failures, Congress passed the Sarbanes-Oxley Act ( SOA ) on July 25, 2002, and President Bush signed it into law on July 30, The Sarbanes-Oxley Act is widely seen as the most significant attempt at corporate governance reform by Congress in recent years. The purpose of SOA is to prevent accounting scandals from occurring again and to help restore the public s faith in corporate financial reporting. Every company whose stock trades on a US-based stock exchange is subject to the Sarbanes-Oxley Act. SOA provides clarity and certainty on a number of highly debatable issues by: Establishing an independent, full-time oversight board (the Public Company Accounting Oversight Board) for capital market participants. The SEC has oversight of the board. The board will oversee the audit of public companies and protect the interests of investors. Establishing new responsibilities for corporate officers. The CEO and CFO must certify in the quarterly and annual reports the following: that they have reviewed the reports and based on their knowledge, that there are no untrue statements of material fact or omissions and that the financial statements fairly present in all material respects the financial condition and results of operations of the company. The CEO and CFO have the responsibility for establishing and maintaining internal controls and must disclose to the auditors and the audit committee all significant deficiencies in internal controls and any fraud. Establishing new responsibilities for audit committees. SOA significantly increases the time commitment and will create a stronger working relationship between the audit committee and the independent auditor. The audit committee will develop policies and procedures to oversee the work of the auditor and to ensure compliance with the pre-approval process. Establishing an ethical conduct requirement. The company must disclose whether or not they have adopted a code of ethics applicable to executives and directors and state why or why not. The SEC has the ability to bar individuals from serving as an officer of a public company based on unfitness. CEOs and CFOs are required to forfeit bonuses and other equity-based compensation during the 12 month period following a re-statement of financial statements. Establishing several new public-company reporting requirements. SOA requires enhanced disclosure including real time disclosure on a rapid and current basis. The Management s Discussion and Analysis of Financial Condition and Results of Operations sections of the disclosure documents must include an explanation of the company s off-balance sheet arrangements, set apart separately within the section and an overview of aggregate contractual obligations. The pro-forma financial information must comply with the new SEC rules. SOA requires management to include in the annual report a report on internal control. The internal control report must include a statement of management s responsibility for establishing and maintaining adequate internal controls over financial reporting for the company and it must identify the framework used by management. Defining the services that public accounting firms can provide to audit clients. The new rules in this area focus on ensuring auditor independence by limiting or prohibiting the provision of non-audit services by auditors, limiting the hiring by companies of their auditor s employees, imposing mandatory audit partner rotation, limiting certain audit partner compensation related to non-audit services, requiring additional auditor reports to the audit committee, and enhancing disclosure of audit fees. Strengthening penalties for corporate fraud. Under Section 906 of SOA, if an individual willfully fails to submit the certifications required, they may be subject to criminal prosecution under Section 32 of the Exchange Act.
5 Prohibiting certain director activities, including loans by company to officers, insider trading of company s equity during any pension plan black-out period. Prohibits officers or directors from improperly influencing the audit.
6 Certify ERP Applications and Infrastructure Controls IT management should certify the controls in critical business applications and infrastructure that are used by the company to generate financial statements and monitor financial controls. Many companies use Enterprise Resource Planning (ERP) systems to support critical business processes and report financial results. Therefore, it is important to ensure the integrity, security and reliability of ERP systems or other such business applications used by the company. The IT system maintenance processes and policies should also be reviewed for control risks and the findings should be documented. The IT administrators responsible for system, network, database and applications along with business process owners should participate in a facilitated workshop to assess the key risk factors and identify adequate controls. For example, revenue recognition is critical as it directly impacts the financial statement. Therefore, the sales process from order to cash workflow in the ERP system should be reviewed. IT management should adequately test security administration, system continuity plan, reporting tools and workflow management to establish a baseline for IT controls certification. Security Administration IT systems should be secured physically and logically against any unauthorized access. The physical security includes intrusion and access control via surveillance, cameras and card readers. Often the data center has 24x7 staffing and management, including operations personnel and security guards. The physical structure should be equipped with environmental controls to provide the consistency and safekeeping of the equipment and data. Data centers should include environmental controls such as early warning fire detection, smoke management, and suppression systems. Well-designed ERP systems provide logical security to control system access and workflows. User access in ERP systems can be configured based on roles and responsibilities. ERP system controls may include user access, sign-on limits, field validation checks and workflows that provide a robust controls environment for the processing of data. For example, the system should not allow a user to approve an invoice with the same invoice number as a previous invoice. This type of automatic control reduces the likelihood of error and confusion in processing accounts payable. Business Continuity Plan A company can experience several business losses when its critical IT systems are down. The cost of systems failure can be significantly high for every hour of down time. An uptime of 99.9% is not good enough for most companies that compete in today s global markets. IT management should validate that the systems can handle planned maintenance or an unplanned "blip" without going off-line. The computer systems should be able to handle the anticipated or the unexpected failure and keep the business running. Business continuity planning not only includes having hardware and software placed at a remote facility, but it can also involve moving phone lines and people to a remote workplace. A continuity plan is as vulnerable as its weakest link. IT management should validate the plan for unexpected system outage.
7 Reporting Tools Many companies use reporting tools to extract information from the ERP applications and prepare financial reports such as 10K and 10Q for SEC reporting. Therefore, a review should be focused on testing the reporting tool that extracts, processes and reports data utilized by management for decision-making and business performance measurement. Software Change Management Software changes such as upgrades, patches, customization and interfaces can create risks, which are controlled through a software change management process. IT management should review the software change management process and verify the controls. Many companies customize and integrate ERP systems to meet business and industry specific requirements. Any customization to the system should be tested for control gaps to identify the risks. ERP systems are integrated using interfaces, which allow data to pass between the ERP application and other systems. The interfaces between different systems are a common risk area. Companies that have several systems interfaced for data transfer should assess the risk of controls at the interface points.
8 Improve Risk Assessment Process with COSO based Standard Framework Management is required to base its assessment of the effectiveness of the company s internal control over financial reporting on a suitable, recognized control framework established by a body of experts that followed due-process procedures to develop the framework. Based on the final ruling from the SEC, a suitable framework must be: free from bias; permit reasonably consistent qualitative and quantitative measurements of a company's internal controls; be sufficiently complete so that the relevant factors that would alter a conclusion about the effectiveness of a company's internal controls are not omitted; and be relevant to an evaluation of internal control over financial reporting. The SEC's final rule requires that each company identify the internal control framework used to evaluate compliance. The SEC identifies only a single framework by name, the COSO (Committee of Sponsoring Organizations) Internal Control - Integrated Framework. COSO satisfies the criteria and may be used as an evaluation framework for purposes of management's annual internal control evaluation and disclosure requirements. Internal Controls Framework (COSO) COSO is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls and corporate governance. COSO defines internal control as a process. It is not simply a matter of defining internal controls once and being done. The SEC requires that companies establish an ongoing process for monitoring internal controls while evaluating and improving their effectiveness. The right software solution recognizes the process-based nature of internal controls and is built upon a proven business process management foundation. In the COSO Framework, internal controls are designed to assure: (1) effectiveness and efficiency of operations, (2) reliability of financial reporting and (3) compliance with laws and regulations. The internal controls are composed of five interrelated components: (1) control environment, (2) risk assessment, (3) control activities, (4) information and communications, and (5) ongoing monitoring. The objectives in each of these interrelated components fall into one or more of the three broad categories of operations, financial reporting or compliance. Control Environment The control environment is the conscience of the organization. An entity s control environment is shaped by the actions of top management. Elements of the control environment include integrity, ethical values and management s operating style. Risk Assessment Risk assessment is the identification and evaluation of the risks from external and internal sources that could prevent an entity from achieving its objectives. Control Activities The policies and procedures implemented by an entity are the control activities used to manage risk. Control activities include procedures for approval, verification and segregation of duties. Information and Communication Every entity needs an efficient process for communicating information throughout the organization. An efficient communication process includes the downward flow of directional information from top management as well as the feedback from the operating functions of the
9 entity. Information and Communication also include the entity s information systems that are used to process data, produce reports and manage the organization. Monitoring The internal control activities are monitored to ensure effectiveness and quality. Monitoring includes the assessment by appropriate personnel of the control activities to determine that the controls are functioning as intended. Monitoring also includes a process for corrective action if required. The COSO framework states: the control environment provides an atmosphere in which people conduct their activities and carry out their control responsibilities. It serves as the foundation for the other components. Within this environment, management assesses risks to the achievement of specified objectives. Control activities are implemented to help ensure that management directives to address risks are carried out. Meanwhile, relevant information is captured and communicated throughout the organization. The entire process is monitored and modified as conditions warrant. Internal Controls Management Tools Using COSO as a guideline, we recommend using a tool to install a process database, which should include process definition, process owner, process category, risk category and approval status. Once a process is developed and populated, all the process owners should receive a notification to certify that their respective processes have adequate internal controls. Process owners at a higher-level should review the certification status of subsidiary processes as part of their own certification process. Once the company certifies the processes, the external independent auditor can verify the certification status. The online process database should include step-by-step instructions and serve as the desk manual for maintaining controls and future training for the process owner. Internal Controls Management Software Companies can select a controls management tool from ERP vendors, business intelligence tool vendors or external audit firms. All major ERP vendors such as Oracle, SAP and PeopleSoft offer software tools to document and validate internal controls. For example, Oracle has offered a process documentation and training tool called Tutor for nearly 10 years that comes with a repository of standard business processes. Tutor provided processes can be easily tailored to specific needs of a company. Once approved by the management, the processes can be published on the company intranet so that all employees can learn and follow consistent business processes. Oracle has also started shipping Internal Controls Manager (ICM), which has been tested by many Fortune 100 companies and several external audit firms. The ICM tool is integrated with Tutor and can significantly reduce the time to asses controls by providing access to the process library. The ICM tool can also be used to import a set of risks identified by management, which can be maintained in a risk library. The Tutor and ICM tools work stand-alone or integrated with the Oracle ERP applications to provide even greater control over the ERP system.
10 Business intelligence tool vendors such as BusinessObjects and SAS offer data extraction and analysis functions to identify controls and assess risks. Companies that do not have an integrated ERP system should evaluate business intelligence tools to improve access to data across multiple systems. Certain external audit firms also offer software tools in addition to the internal controls assessment services. But the SEC indicated in its open meeting in May 2003 that it would be problematic if management used auditor software that was designed to help evaluate the effectiveness of controls or to document the controls that exist. While the final SEC ruling on this issue is ambiguous, it does raise a red flag for management and audit committees.
11 Sarbanes-Oxley Controls Implementation Approach The company should use a project approach to assess the internal controls and prepare for Section 404 compliance. Here are a few key steps that should be considered as part of the approach: Assessment Workshop: Initial analysis of internal controls, risks and audit procedures to determine the scope of work and resource requirements. If the company has already established a disclosure committee, the analysis can be obtained from the committee. Systems Review and Certification: Develop a check list for all IT system controls to adequately test security administration, system continuity plan, reporting tools and workflow management to establish a baseline for IT controls certification. Controls Management: Work with key department managers to provide a repository for documenting business processes, identify risks and assess internal risks. Employee Access and Training: Provide access to all employees and train as needed. Controls Monitoring: On-going evaluation of business processes and control activities. Conclusion As public companies examine their internal controls, financial reporting systems and corporate governance to comply with the Sarbanes-Oxley Act, we believe that this effort can be leveraged to improve business performance by establishing a framework for on-going process management, risk monitoring and employee training. IT management should actively participate in developing the company s plans for Sarbanes-Oxley compliance. The plan should include a review and certification of all essential IT systems used to prepare and report financial results. The risks and costs for Sarbanes-Oxley can be high for most companies. IT management can provide IT services to streamline internal controls processes and reduce external audit costs. About the Authors Adil Khan is a Senior Director at Fulcrum responsible for delivering high impact IT solutions. Adil has over 15 years experience in enterprise business systems. Before Fulcrum, Adil served as the Chief Executive Officer of Alternate Marketing Networks, Inc., which is a small cap publicly traded company. He also founded Hencie Consulting Services, Inc., which is ranked number 157 on the Inc. 500 list of the nation's fastest-growing private companies. Hencie provided ERP consulting services and successfully delivered over 100 e-business solutions to middle market (Fortune 1000) companies in Manufacturing, Distribution, Energy and Services Industries. Adil has been nominated to receive the Ernst & Young Entrepreneur of the Year Award for 2000 and 2001 and was named one of America's entrepreneurial growth leaders by Inc. magazine. Barbara Schummer, CPA, is a Director at Fulcrum responsible for Sarbanes-Oxley practice which offers professional services to review and implement internal controls. Prior to joining Fulcrum Barbara was the controller at Hencie Consulting Services, Inc. where she helped the management design and implement internal controls needed to comply with the SEC standards. She has several years experience in working with Big 4 audit firms during the annual external audit and quarterly review process. About Fulcrum Fulcrum Information Technology, Inc.,(FIT) is a leading provider of utility computing services that offers a way to provision IT solutions as utility services. Fulcrum attracts and retains some of the most knowledgeable and experienced professionals in the industry with a focus on client success. FIT professionals work side by side with the clients to help them expand business and technology knowledge.
Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404
Beyond Compliance Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404 Note to Readers Regarding This First Edition April 2003: This document was published
More informationFREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING
FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING Nature and Timing of the Reporting Requirement When must registrants begin to report on internal control over financial reporting?
More informationChecklist for Higher Education
Checklist for Higher Education The following section contains a checklist addressing issues of particular relevance to higher education. The guidance is considered best practice for higher education. The
More informationIPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:
IPO Readiness Sarbanes-Oxley Compliance & Other Considerations Presented by: IPO Readiness Enhanced Financial / Legal compliance SEC / Stock Exchange Compliance Entity Structure / Registration Filing Requirements
More informationGuide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements
Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements Frequently Asked Questions Regarding Section 404 Updated to reflect the SEC's final rules Table of Contents Page No. Introduction
More informationIncreasing External Auditor Reliance
Increasing External Auditor Reliance Guiding Internal Auditors to realize the benefits of raising the bar on External Auditor Reliance. SOX Software Made Simple Table of Contents 1 Introduction 3 Factors
More informationCorporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14
Slide 14.1 Corporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14 Rick Stephan Hayes, Roger Dassen, Arnold Schilder, Philip Wallage Slide 14.2 Corporate
More informationAN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org PRELIMINARY STAFF VIEWS AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL
More informationNegotiating in a Sarbanes-Oxley World
Negotiating in a Sarbanes-Oxley World Richard Pennington, J.D., C.P.M., Consultant SCOPEVision Consulting Ltd 303/324-7333, rpennington@scopevisionconsulting.com 91 st Annual International Supply Management
More informationPGDBFS 103 International Financial Accounting and Policy (IFAP)
June 2018 PGDBFS 103 International Financial Accounting and Policy (IFAP) Tutorial 09: Comparative International Auditing and Corporate Governance Malinda Boyagoda BSc. Business Admin (USJP), ACA, ACMA,
More informationEY Center for Board Matters. Leading practices for audit committees
EY Center for Board Matters for audit committees As an audit committee member, your role is increasingly complex and demanding. Regulators, standard-setters and investors are pressing for more transparency
More informationB S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013
B S R & Co. LLP Reporting on Internal Controls over Financial Reporting An Overview Sarbanes Oxley Act (SOX) 28 December 2013 Agenda Sarbanes Oxley Key Sections COSO Framework Management Approach to ICOFR
More informationSee your auditor clearly. Transparency report: How we perform quality audit engagements
See your auditor clearly. Transparency report: How we perform quality audit engagements February 2014 Table of contents 1) A message from the CEO and Managing Partner Assurance 2 2) Quality control policies
More informationCDK GLOBAL, INC. AUDIT COMMITTEE CHARTER Effective January 20, 2016
CDK GLOBAL, INC. AUDIT COMMITTEE CHARTER Effective January 20, 2016 I. Purpose The Audit Committee (the Committee ) of the Board of Directors (the Board ) of CDK Global, Inc., a Delaware corporation (the
More informationAUDIT COMMITTEE CHARTER
AUDIT COMMITTEE CHARTER A. Purpose The purpose of the Audit Committee is to assist the Board of Directors (the Board ) oversight of: the quality and integrity of the Company s financial statements, financial
More information41880 Introduction to Hyperion Financial Management. Mike Malwitz Director Product Strategy Oracle Enterprise Performance Management
41880 Introduction to Hyperion Financial Management Mike Malwitz Director Product Strategy Oracle Enterprise Performance Management Agenda Customer needs Solving financial consolidation and reporting issues
More informationSTARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS
STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS Starwood Hotels & Resorts Worldwide, Inc. (the Company ) has determined that it is of the utmost importance
More informationCOSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions
COSO 2013 What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions Today s Presenter Jonathan Reiss is a Director in Protiviti s New York office in the Internal Audit Practice.
More informationAn Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements
AUDITING STANDARD No. 2 An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements March 9, 2004 AUDITING AND RELATED PROFESSIONAL PRACTICE STANDARDS
More informationEvaluating Internal Controls
A SSURANCE AND A DVISORY BUSINESS S ERVICES Fourth in the Series!@# Evaluating Internal Controls Evaluating Overall Effectiveness, Identifying Matters for Improvement, and Ongoing Assessment of Controls
More informationABA Section of Business Law. Internal Control Reporting Under Section 404: An Update and Current Assessment. November 19, 2004
ABA Section of Business Law Internal Control Reporting Under Section 404: An Update and Current Assessment November 19, 2004 Thomas L. Riesenberg and Linda L. Griggs, Cochairs Table of Contents 2.1 Auditing
More information[RELEASE NOS ; ; FR-77; File No. S ]
SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting
More informationBioAmber Inc. Audit Committee Charter
BioAmber Inc. I. General Statement of Purpose Audit Committee Charter The purposes of the Audit Committee of the Board of Directors (the Audit Committee ) of BioAmber Inc. (the Company ) are to: assist
More informationCHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS
Purpose of the Audit Committee CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS The Audit Committee (the Committee ) is appointed by the Board of Directors (the Board ) of TechnipFMC plc (the Company
More informationRemediation of Material Weaknesses Related to Employee Compensation
Kennesaw State University DigitalCommons@Kennesaw State University Faculty Publications 4-2009 Remediation of Material Weaknesses Related to Employee Compensation Dana R. Hermanson Kennesaw State University,
More informationBIO-RAD LABORATORIES, INC. (the Company ) Audit Committee Charter
BIO-RAD LABORATORIES, INC. (the Company ) Audit Committee Requirements and Structure Audit Committee Charter The board of directors of the Company (the Board ) shall appoint an audit committee (the Audit
More informationAudit Committee Charter for XL Group Ltd
Audit Committee Charter for XL Group Ltd Audit Committee Charter for XL Group Ltd Purpose The Audit Committee is appointed by the Board to assist the Board in overseeing (1) the quality and integrity of
More informationSarbanes Oxley Impact on Supply Chain Management
Sarbanes Oxley Impact on Supply Chain Management Robert J. Engel, C.P.M. National Director of Client Service Resources Global Professionals-SCM Practice 713-403-1979: Bob.Engel@Resources-us.com 91 st Annual
More informationFINANCIAL INSTITUTIONS AUDIT COMMITTEE GUIDE FOR FINANCIAL INSTITUTIONS
FINANCIAL INSTITUTIONS AUDIT COMMITTEE GUIDE FOR FINANCIAL INSTITUTIONS Dear clients and friends of the firm, Corporate governance is a significant area of focus for stakeholders of financial institutions.
More informationABCANN GLOBAL CORPORATION CORPORATE GOVERNANCE POLICIES AND PROCEDURES
ABCANN GLOBAL CORPORATION CORPORATE GOVERNANCE POLICIES AND PROCEDURES OCTOBER 12, 2017 LIST OF SCHEDULES A. Board Mandate B. Audit Committee Charter C. Compensation Committee Charter D. Nominating and
More informationAnnual Report of Moody s Investors Service Singapore Pte Ltd for financial year ended 31/12/2015
Annual Report of Moody s Investors Service Singapore Pte Ltd for financial year ended 31/12/2015 (Published in accordance with requirements of the MAS Code of Conduct for Credit Rating Agencies) Published
More informationGRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER
GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER Purpose The Audit/Compliance Committee ( Committee ) is appointed by the Board of Directors and its purpose is to assist the Board in
More informationIn Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015
In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal
More informationSTANDING ADVISORY GROUP MEETING
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING PRESENTATION AUDITING IMPLICATIONS OF COSO PROJECT TO UPDATE
More informationAudit Committee Charter
Audit Committee Charter 1.1 The role of the Audit Committee This Audit Committee Charter (the Charter ) has been adopted by the Board of Directors (the Board ) of Seadrill Partners LLC (the Company ) and
More informationLincoln National Corporation Board of Directors Corporate Governance Guidelines
Lincoln National Corporation Board of Directors Corporate Governance Guidelines I. Introduction The Board of Directors of Lincoln National Corporation (the Corporation or LNC ), acting on the recommendation
More informationCurrent State of Enterprise Risk Oversight:
Current State of Enterprise Risk Oversight: Progress is Occurring but Opportunities for Improvement Remain July 2012 Mark Beasley Bruce Branson Bonnie Hancock Deloitte Professor of ERM Associate Director,
More informationGaining Financial Integrity Through Improved Internal Controls
Gaining Financial Integrity Through Improved Internal Controls SAP Management of Internal Controls Tool PwC and SAP Sarbanes-Oxley 404 Web Conference Series March 2004 William R. Shipley, Partner, IT Advisory
More informationWhite Paper. Effective and Practical Deployment of COSO: Entity Level Control and Lessons Learned. July 10, 2008 THE ROBERTS COMPANY, LLC
THE ROBERTS COMPANY, LLC Compliance Services: IT and Business Processes 3394 Holly Oak Lane, Escondido, CA 92027 TEL: 760.550.2160 * FAX 760.839.2160 E-mail: robertputrus@therobertsglobal.com http://www.therobertsglobal.com/
More informationEnglish Translation (For Information Purposes Only) CODE OF BEST CORPORATE PRACTICES. Introduction
English Translation (For Information Purposes Only) SCHEDULE A CODE OF BEST CORPORATE PRACTICES Introduction Upon the initiative of the Business Coordinating Council, the Corporate Governance Committee
More informationHeads Up. Control Integrated Framework. COSO Enhances Its Internal. In This Issue: Enhancements in the 2013 Framework
June 10, 2013 Volume 20, Issue 17 Heads Up In This Issue: Enhancements in the 2013 Framework Effective Systems of Internal Control COSO Transition Guidance and Impact on Other COSO Documents Internal Control
More informationInternal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016
New perspectives as per Companies Act 2013 and CARO 2016 1 Contents: Background Meaning of IFC IFC on Financial Reporting Why IFC? Regulatory mandate Role of various authorities Components of IFC IFC under
More informationPresent and functioning: Fine-tuning your ICFR using the COSO update
Present and functioning: Fine-tuning your ICFR using the COSO update November 2014 With the COSO s 1992 Control Framework being superseded by the 2013 updated edition on December 15, 2014, now is the time
More informationGENESIS GROUP HOLDINGS, INC. CORPORATE GOVERNANCE POLICIES OF THE BOARD OF DIRECTORS
GENESIS GROUP HOLDINGS, INC. CORPORATE GOVERNANCE POLICIES OF THE BOARD OF DIRECTORS I. INTRODUCTION The board of directors of Genesis Group Holdings, Inc. has adopted these governance policies to assist
More informationirobot Corporation Audit Committee Charter I. General Statement of Purpose
I. General Statement of Purpose irobot Corporation Audit Committee Charter The purposes of the Audit Committee of the Board of Directors (the Audit Committee ) of irobot Corporation (the Company ) are
More informationBOARD GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES
BOARD GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES Management and the Board of Directors ( Board ) of Nabors Industries Ltd. (the Company ) are committed to conducting business consistent with
More informationAUDIT COMMITTEE CHARTER
AUDIT COMMITTEE CHARTER ORGANIZATION AND PURPOSE The Board of Directors (the Board ) of Nabors Industries Ltd. (the Company ) has established the Audit Committee of the Board to carry out the duties and
More informationAudit Committee Performance Evaluation
Audit Committee Performance Evaluation The following Deloitte & Touche LLP ( Deloitte & Touche ) questionnaire can be used to assist in the self-assessment of an audit committees performance. The questionnaire
More informationChapter 1. Learning Objective 1, 2. Capital Allocation. Efficient Capital Allocation. Financial Accounting and Accounting Standards
Chapter 1 Financial Accounting and Accounting Standards Learning Objective 1, 2 Identify the major financial statements and other means of financial reporting Explain how accounting assists in the efficient
More informationMAGNA INTERNATIONAL INC. BOARD CHARTER
MAGNA INTERNATIONAL INC. BOARD CHARTER Purpose This Charter has been adopted by the Board of Directors to assist the Board in the exercise of its responsibilities. This Charter, together with the Corporate
More informationPRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES
PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES A. THE ROLE OF THE BOARD OF DIRECTORS 1. Direct the Affairs of the Corporation for the Benefit of Shareholders The Prudential board
More informationJournal of Applied Business Research Third Quarter 2006 Volume 22, Number 3
2002 Sarbanes-Oxley Act: Privately-Held Companies Implementation Issues Ronald O. Reed, (E-mail: ronald.reed@unco.edu), University of Northern Colorado Thomas Buchman, University of Colorado, Boulder Richard
More informationFRONTERA ENERGY CORPORATION CORPORATE GOVERNANCE POLICY
FRONTERA ENERGY CORPORATION CORPORATE GOVERNANCE POLICY Frontera Energy Corporation, including all of its subsidiaries (as such term is defined in the Code of Business Conduct and Ethics) and Fundación
More informationReport on Inspection of KPMG AG Wirtschaftspruefungsgesellschaft (Headquartered in Berlin, Federal Republic of Germany)
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2016 (Headquartered in Berlin, Federal Republic of Germany) Issued by the Public Company
More informationCITIZENS, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER. Adopted November 5, the integrity of the Company s financial statements;
CITIZENS, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER Adopted November 5, 2014 A. Purpose The purpose of the Audit Committee is to assist the Board of Directors oversight of: the integrity of the
More informationCOSO Updates and Expectations. IIA San Diego Chapter January 8, 2014
COSO Updates and Expectations IIA San Diego Chapter January 8, 2014 Agenda Overview of 2013 Internal Control-Integrated Framework and Companion Guidance 2013 Framework General Enhancements by Component
More informationCheckpoint Contents Accounting, Audit & Corporate Finance Library Editorial Materials Audit and Attest PCAOB Audits Chapter 1 Overview 100 Background
Checkpoint Contents Accounting, Audit & Corporate Finance Library Editorial Materials Audit and Attest PCAOB Audits Chapter 1 Overview 100 Background 100 Background 100.1 For many years, auditors had traditionally
More informationIAASB Main Agenda (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1
Agenda Item 3-A Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1 Objectives of the IAASB Discussion The objective of this agenda item are to: (a) Present initial background
More informationSarbanes-Oxley and the Need to Audit Your IT Processes. An MKS White Paper By Jeff Smith Vice President Research & Development
Sarbanes-Oxley and the Need to Audit Your IT Processes An MKS White Paper By Jeff Smith Vice President Research & Development Sarbanes-Oxley and the Need to Audit Your IT Processes Introduction The Sarbanes-Oxley
More informationBIOSCRIP, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS
BIOSCRIP, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS Statement of Purpose 1. Oversight Responsibility. The purpose of the Audit Committee of the Board of Directors of BioScrip, Inc.,
More informationPwC Kenya Transparency Report 2015
www.pwc.com/ke 30 September 2015 PwC Kenya Transparency Report 2015 Contents Introduction 4 Legal structure and ownership of the firm 5 Network arrangements 6 Governance structure of the firm 8 Internal
More informationTERMS OF REFERENCE OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS
TERMS OF REFERENCE OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS 1. Purpose An Audit Committee (hereinafter called the Committee ) of the Board of Directors (hereinafter called the Board ) of the Business
More informationSOX Audit Environment
SOX Audit Environment Summary This article gives an overview of the independent audit board, auditors and also their relationship with the management. The objectives of audit are also listed as well as
More informationGROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER
GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER The Board of Directors (the Board ) of Group 1 Automotive Inc. (the Company ) has heretofore constituted and established an Audit Committee (the Committee
More informationSarbanes-Oxley Act of 2002 Can private businesses benefit from it?
Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? As used in this document, Deloitte means Deloitte Tax LLP, which provides tax services; Deloitte & Touche LLP, which provides assurance
More informationEFFICIENT USE OF AUDIT COMMITTEES
AGENDA EFFICIENT USE OF AUDIT COMMITTEES BRENT YOUNG, CPA JERRY GAITHER, CPA Best practices related to: Audit Committee Process Internal Audit Risk Management 2 AUDIT COMMITTEE PROCESS AND PROCEDURES Audit
More informationSOX106. Accounts Payable and Sarbanes-Oxley; Strengthening your Internal Controls- 10 hours. Objectives
SOX106 Accounts Payable and Sarbanes-Oxley; Strengthening your Internal Controls- 10 hours Objectives This course describes how Sarbanes Oxley requirements should be implemented as they pertain to accounts
More informationAUDIT COMMITTEE OF THE BOARD OF DIRECTORS
AUDIT COMMITTEE OF THE BOARD OF DIRECTORS CHARTER COMPOSITION AND MEETINGS The Audit Committee assists the Board in fulfilling its oversight responsibilities. The Audit Committee shall consist of no less
More informationAudit quality a director s guide
Audit quality a director s guide November 2017 This handbook offers guidance for directors and shareholders of New Zealand FMC reporting entities about how to improve audit quality Contents About this
More informationAudit Committee Charter Amended September 3, Tyco International plc
Audit Committee Charter Amended September 3, 2015 Tyco International plc Page 1 Purpose The Audit Committee is appointed by the board to assist the board in monitoring: a. The integrity of the financial
More informationWELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER
WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER PURPOSE: The purpose of the Audit and Examination Committee is to assist the Board of Directors in fulfilling its responsibilities to oversee:
More informationDAVITA INC. AUDIT COMMITTEE CHARTER
DAVITA INC. AUDIT COMMITTEE CHARTER I. Audit Committee Purpose The Audit Committee (the Committee ) is appointed by the Board of Directors (the Board ) of (the Company ) to assist the Board in fulfilling
More informationAn Oracle White Paper December Reducing the Pain of Account Reconciliations
An Oracle White Paper December 2012 Reducing the Pain of Account Reconciliations Introduction The finance department in most organizations is coming under increasing pressure to transform and streamline
More informationW. R. GRACE & CO. CORPORATE GOVERNANCE PRINCIPLES
W. R. GRACE & CO. CORPORATE GOVERNANCE PRINCIPLES The primary responsibility of the directors of W. R. Grace & Co. is to exercise their business judgment to act in what they reasonably believe to be in
More informationNEWMARK GROUP, INC. AUDIT COMMITTEE CHARTER. (as of December 2017)
NEWMARK GROUP, INC. AUDIT COMMITTEE CHARTER (as of December 2017) Purpose The Audit Committee of Newmark Group, Inc. (the Company ) is appointed by the Board of Directors of the Company (the Board ) to
More informationThe Audit Committee of the Supervisory Board of CB&I
The Audit Committee of the Supervisory Board of CB&I General At the Board meeting held in conjunction with the Company's Annual Meeting of Shareholders, and thereafter as necessary, the Board shall appoint
More informationThe Value Proposition
The Value Proposition Home Online Publications Journal of Accountancy Online Issues September 2005 The Value Proposition Page 1 of 7 SARBANES-OXLEY There s more to Sarbanes-Oxley compliance than meets
More informationNew Role of Audit Committee: A Post-Financial Crisis Analysis
New Role of Audit Committee: A Post-Financial Crisis Analysis Gagan Kukreja 1 College of Business and Finance Ahlia University, P.O. Box 10878, Kingdom of Bahrain Abstract. This paper will throw the light
More informationSheryl Vacca, CHC-F, CCEP-F, CHRC, CCEP-I, CHPC. SVP/Chief Compliance & Audit Officer University of California
Sheryl Vacca, CHC-F, CCEP-F, CHRC, CCEP-I, CHPC SVP/Chief & Audit Officer University of California Sheryl.vacca@ucop.edu Odell Guyton Director of Microsoft Corporation What is our framework? Strong Ethics
More information15 Benefits of a Revenue Assurance Solution
Achieving Sarbanes-Oxley Compliance: 15 Benefits of a Revenue Assurance Solution A WeDo Technologies white paper Contents Contents... 2 1 References... 4 2 Introduction... 5 3 Sarbanes-Oxley... 5 4 Key
More informationSARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017
SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017 Pat Mitchell Managing Director Internal Audit, Risk, Business & Technology Consulting CHANGES IN THE COST AND SCOPE OF SOX COMPLIANCE
More informationQAD FINANCIALS BENEFITS
QAD FINANCIALS CFOs, finance managers and controllers of manufacturing companies deal with a wide variety of strategic and operational challenges. CFOs constantly balance risk with the need for strategic
More information) ) ) ) ) ) ) ) ) ) ) )
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org PROPOSED AUDITING STANDARD RELATED TO COMMUNICATIONS WITH AUDIT COMMITTEES AND RELATED AMENDMENTS
More informationEASTMAN CHEMICAL COMPANY. Corporate Governance Guidelines
I. Role of the Board of Directors EASTMAN CHEMICAL COMPANY Corporate Governance Guidelines The Board of Directors is elected by the stockholders to oversee management and to assure that the long-term interests
More informationBOARD CHARTER TOURISM HOLDINGS LIMITED
BOARD CHARTER TOURISM HOLDINGS LIMITED INDEX Tourism Holdings Limited ( thl ) - Board Charter 2 1. Governance at thl 2 2. Role of the Board 3 3. Structure of the Board 4 4. Matters Relating to Directors
More informationStrengthening Control and integrity: A Checklist for government Managers
Forum: Analytics and Risk Management Tools for Making Better Decisions Strengthening Control and integrity: A Checklist for government Managers By James A. Bailey The next contribution is based on a Center
More informationMINDEN BANCORP, INC. AUDIT COMMITTEE CHARTER
MINDEN BANCORP, INC. AUDIT COMMITTEE CHARTER Purpose The Audit Committee (the Committee ) of Minden Bancorp, Inc. (the Company ) is appointed by the Board of Directors to assist the Board in fulfilling
More informationIAASB CAG Public Session (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1
Agenda Item C.1 Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1 Objectives of the IAASB CAG Discussion The objective of this agenda item are to: (a) Present initial background
More informationTEEKAY TANKERS LTD. Corporate Governance Guidelines
TEEKAY TANKERS LTD. Corporate Governance Guidelines The following guidelines have been approved by the Board of Directors (the "Board") of Teekay Tankers Ltd., a Marshall Islands corporation (the "Company")
More informationSarbanes-Oxley Compliance Kit
Kit February 2018 This product is NOT FOR RESALE or REDISTRIBUTION in any physical or electronic format. The purchaser of this template has acquired the rights to use it for a SINGLE Disaster Recovery
More informationCHARTER OF THE BOARD OF DIRECTORS
SUN LIFE FINANCIAL INC. CHARTER OF THE BOARD OF DIRECTORS This Charter sets out: 1. The duties and responsibilities of the Board of Directors (the Board ); 2. The position description for Directors; 3.
More informationAuditing Standard 16
Certified Sarbanes-Oxley Expert Official Prep Course Part K Sarbanes Oxley Compliance Professionals Association (SOXCPA) The largest association of Sarbanes Oxley Professionals in the world Auditing Standard
More information2016 INSPECTION OF BHARAT PARIKH & ASSOCIATES CHARTERED ACCOUNTANTS. Preface
2016 INSPECTION OF BHARAT PARIKH & ASSOCIATES CHARTERED ACCOUNTANTS Preface In 2016, the Public Company Accounting Oversight Board ("PCAOB" or "the Board") conducted an inspection of the registered public
More informationContinuous Controls Monitoring for Transactions: The Next Frontier for GRC Automation
Research Publication Date: 15 January 2009 ID Number: G00164382 Continuous Controls Monitoring for Transactions: The Next Frontier for GRC Automation French Caldwell, Paul E. Proctor Continuous controls
More informationREPORT 2016/033 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS
More informationStatement on Risk Management and Internal Control
INTRODUCTION The Board affirms its overall responsibility for the Group s system of internal control and risk management and for reviewing the adequacy and effectiveness of the system. The Board is pleased
More information1. Listed companies must have a majority of independent directors (303A.01)
COMPLIANCE REPORT WITH THE FINAL CORPORATE GOVERNANCE RULES OF THE NEW YORK STOCK EXCHANGE (NYSE) AS APPROVED BY THE SECURITIES & EXCHANGE COMMISSION ON NOVEMBER 4, 2003 AS MODIFIED ON NOVEMBER 3, 2004,
More informationAssurance Services. thinking strategically to your best advantage
Assurance Services thinking strategically to your best advantage Behind BNKJ s assurance services are many years of experience, which cut across varied industries and business Assurance services mean far
More informationReport on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2014 (Headquartered in Toronto, Canada) Issued by the Public Company Accounting Oversight
More informationFor personal use only
Rules 4.7.3 and 4.10.3 1 Appendix 4G Key to Disclosures Corporate Governance Council Principles and Recommendations Name of entity Victory Mines Limited ABN/ARBN Financial year ended 39 151 900 855 30
More information