Internal Control & Sarbanes-Oxley Act. ERPANET Workshop. Antwerp, April 14, PwC

Similar documents
B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

Checklist for Higher Education

Corporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

Community Bankers Conference

Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements

After completing this Session, you should be able to answer the following questions:

Business development companies

SOX and PCAOB. Introduction. SOX Act. In what year did the Sarbanes Oxley Act pass into law?

CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING

STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Chapter 18. Integrated Audits of Public Companies. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Sarbanes-Oxley Compliance

Road to Self Governance

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

EY Center for Board Matters. Leading practices for audit committees

AUDIT COMMITTEE CHARTER

Corporate Governance. Information Request List Family- or Founder-Owned Unlisted Companies. Commitment to Corporate Governance

AUDIT COMMITTEE CHARTER

4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.

AUDIT COMMITTEE CHARTER REINSURANCE GROUP OF AMERICA, INCORPORATED. the audits of the Company s financial statements;

BrightPath Early Leaning Inc. Audit Committee Charter

Evaluating Internal Controls

King III Chapter 7 & 9 Guidance on the Assessment of the System of Internal Control. June 2010

Corporate Governance Update. SOX 404 and Internal Controls

AWE LIMITED ACN

Internal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016

Practical Approach to Internal Controls for Pre & Post IPOs in Hong Kong & China

2. Agenda and minutes. Is an agenda prepared and distributed in advance of board meetings? Are minutes prepared and approved after board meetings?

Sarbanes-Oxley: Company Case Study - Viacom Inc. IT General Controls - Sustaining Compliance Efforts. Anthony Noble VP, IT Internal Audit

BioAmber Inc. Audit Committee Charter

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

AUDIT COMMITTEE CHARTER DATED AS OF AUGUST 5, 2010

Non-SEC Regulated Charter. Organization. Statement of Policy. Responsibilities

The Blue Sage Group. Sarbanes-Oxley. 404 Compliance Program. The Blue Sage Group

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

[RELEASE NOS ; ; FR-77; File No. S ]

29 th Regional Conference of WIRC

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

1. Corporate management (including the CEO) must certify monthly and annually their organization s internal controls over financial reporting.

GARMIN LTD. Audit Committee Charter. (Amended and Restated as of July 25, 2014)

How well you are prepared to deal with IFC

Audit Committee Performance Evaluation

covered member immediate family impaired not a covered member close relative not impaired

AEGON N.V. AUDIT COMMITTEE CHARTER

SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017

Internal Controls. June-20-17

Quality Control Review Checklist

CHARTER OF THE AUDIT, FINANCE AND RISK COMMITTEE OF THE BOARD OF DIRECTORS OF ACE AVIATION HOLDINGS INC.

FIAT CHRYSLER AUTOMOBILES N.V. AUDIT COMMITTEE CHARTER

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

NRCS AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

Form for reporting on the recommendations on corporate governance. 15 December

FDICIA Reporting for Financial Institutions. Reporting Changes Under Part 363 and SAS 130

BIO-RAD LABORATORIES, INC. (the Company ) Audit Committee Charter

3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013

GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER

AUDIT COMMITTEE CHARTER

Checkpoint Contents Accounting, Audit & Corporate Finance Library Editorial Materials Audit and Attest PCAOB Audits Chapter 1 Overview 100 Background

BIOSCRIP, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

CAAS 104 Cost Audit and Assurance Standard on Knowledge of Business, its Processes and the Business Environment

The Gym Group plc. (the Company ) Audit and Risk Committee - Terms of Reference. Adopted by the board on 14 October 2015 (conditional on Admission)

See your auditor clearly. Transparency report: How we perform quality audit engagements

SMITH & NEPHEW PLC TERMS OF REFERENCE OF THE AUDIT COMMITTEE

EFFICIENT USE OF AUDIT COMMITTEES

4.5 discuss with the external auditor the auditor s judgments about the quality and acceptability of the Group s accounting principles;

GAP INC. AUDIT AND FINANCE COMMITTEE CHARTER February 23, 2016

Audit Committee Performance Evaluation Form

Annual Assessment of the External Auditor

POLARIS INDUSTRIES INC. BOARD OF DIRECTORS AUDIT COMMITTEE CHARTER Revised January 26, 2017

ABCANN GLOBAL CORPORATION CORPORATE GOVERNANCE POLICIES AND PROCEDURES

PART I. Sarbanes-Oxley for the Finance Professional COPYRIGHTED MATERIAL

Stratus Properties Inc.

Proposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions

SOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER

We confirm that the representations we make in this letter are in accordance with the definitions as set out in Attachment I to this letter.

International Standard on Auditing (UK) 315 (Revised June 2016)

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF DROPBOX, INC.

Mapping of Original ISA 315 to New ISA 315 s Standards and Application Material (AM) Agenda Item 2-C

GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER

Auditing Standards and Practices Council

Sarbanes-Oxley 404(a) Efficient, Effective Consulting Solutions

Auditing Standard 16

Audit & Risk Management Committee Charter

AUDIT AND RISK COMMITTEE CHARTER

α β 19 November 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

ASX CORPORATE GOVERNANCE STATEMENT (FINANCIAL YEAR ENDED 31 DECEMBER 2017)

Audit Committee Charter

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS CHARTER

How to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA

PGDBFS 103 International Financial Accounting and Policy (IFAP)

SEC Votes to Propose Interpretive Guidance for Management to Improve Sarbanes-Oxley 404 Implementation

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a AUDITING THEORY AUDIT PLANNING

2. The auditors' report on a corporation's financial statements usually is addressed to the president of the company.

Gaining Financial Integrity Through Improved Internal Controls

Transcription:

Internal Control & Sarbanes-Oley Act ERPANET Workshop Antwerp, April 14, 2004 PwC

2 Pw Agenda Background The Sarbanes-Oley Act - An Overview Approach to 404 readiness

Background

Reasons for New Legislation 4 Pw

Congressional Votes ing Marijuana** 93 310 ing 31 Securities Litigation Reform Act Yes 387 No 130 Not voting 15 Authorizing Force again Yes 373 No 156 Not voting 12 Sarbanes-Oley Act Yes 522 No 3 Not voting 9 of Representatives only 5 Pw

6 Pw Criminal Penalties Escaping from prison 1 to 2 years Kidnapping involving ransom 3 to 5 years Second degree murder Sarbanes-Oley Certification 11 to 14 years 10 to 20 years Air piracy 20 to 25 years

7 Pw Is all wisdom coming from the US? Americans will always do the right thing.. after they have ehausted all other options. Sir Winston Churchill

The Sarbanes-Oley Act An Overview

Titles of the Act I. Public Company Accounting Oversight Board II. Auditor Independence III. Corporate Responsibility IV. Enhanced Financial Disclosures V. Analyst Conflicts of Interest VI. Commission Resources and Authority VII. Studies and Reports VIII. Corporate and Criminal Fraud Accountability IX. White Collar Crime Penalty SOX of 2002: An Act protect investors b improving the accur and reliability of corporate disclosur X. Corporate Ta Returns XI. Corporate Fraud and Accountability 9 Pw

SOX: Who will be affected and how? Eecutives: Responsibility for financial reporting and keeping the markets informed Certifications: - 302 Disclosure controles & procedures - 404 Internal controls for financial reporting - 906 CEO/CFO s written statement on fairness Implement Code of Ethics and whistleblower procedure Supervisory Board: Enhanced oversight Appointment of a financial epert Auditors: Independence Attestation on internal controls Definition of internal control over financial reporting : - Encompasses subset of internal controls addressed in the COSO Report that pertains to financial reporting objectives - Including controls over safeguarding assets 10 Pw

SOX: Section 302 certification Section 302 requires (starting March 2002): Quarterly certification by the CEO / CFO regarding the completeness and accuracy of quarterly reports as well as the nature and effectiveness of disclosure controls and procedures (DC&P) supporting the quality of information included in such reports Representations by CEO and CFO as required by Section 302 to include: Review of report: no untrue statement or omission of facts & fair presentation of finan position, results and cash flow Responsibility for design and maintenance of controls & controls effective during 90 prior to filing Disclosure of deficiencies in internal control and fraud to AC and auditor Significant changes that affect internal control and management response Actions: Enhance DC&P assessment and turn into consistent and continous process Ensure coverage of entire organization (incl. all material subsidiairies) Embedding into regular review and monitoring processes Disclosure controls and procedures need to ensure that information required to be disclosed by the issuer is recorded, processed, summarized and reported and is accumulated and communicated within the time periods specified in the Commission s rules and forms 11 Pw

SOX: Section 404 certification Section 404 requires (domestic / foreign as of FY ending 15 November 2004 / 15 April 2005): Annual mngt report regarding effectiveness of internal control over financial reportin and attestation by the company s auditors as to the accuracy of mngt s assessment Representations by CEO and CFO as required by Section 404 to include: Management responsibility for adequate internal controls Conclusion about management s evaluation of internal controls for financial reporting Actions: Document of processes & internal controls (process/activity, risk, control, responsibi Management s evaluation of effectiveness (audits and self assessments) Attestation by eternal auditor Attestation by the auditor on management s report on internal control requires Management accepts responsibility and assess internal controls Controls are suitable designed and appropriately documented Internal control is the process, effected by an entity s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in three categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with laws and regulations 12 Pw

13 Pw SOX: Section 404 Assessment Management s assessment must be based on procedures sufficient both evaluate design and test operating effectiveness Management must maintain evidential matter, including documentation, provide reasonable support for the assessment (both design and testing) effectiveness Any material weakness in internal control over financial reporting precludes management from reporting that internal control is effective Reiteration of guidance regarding independence: Auditors may assist management in documenting internal controls. Management must be actively involved in the process; cannot delegat assessment responsibility to the auditor

SOX: Scope of 302 and 404 302: Disclosure controls and procedures 404: Internal controls & procedures for financial reporting (COSO & Cob Disclosure Requirements Operations Financial Reporting Internal Accounting Controls Compliance & Regulatory Disclosur Controls a Procedure Other asp Complianc Operation to DC&P Internal Co Over Finan Reporting 14 Pw

15 Pw SOX: Meeting SEC Epectations Compliance with COSO control standards (or other accepted standard IT Governance Institute recently recommended CobiT for general IT controls assessment) Clear documentation of internal controls as well as the testing processes Evidence that management have evaluated the adequacy of the design and the effectiveness of operation of the procedures and controls Evidence that the auditor has adequately evaluated the design and operation of financial controls Evidence that the audit committee and/or disclosure committee have taken a keen interesting the effectiveness of controls

16 Pw SOX: Auditor Responsibility (1) Independent evaluation of design effectiveness Independent tests of operating effectiveness Use of internal audit and management tests will need to be assessed to determine how they impact nature, timing and etent of auditor testing Requires some re-performance for each significant account, class of transactions, and disclosure Independent testing Limited use of or inability to use tests performed by others; e.g., internal aud Monitoring function may impair objectivity and ability to use in direct assistance Precluded from using internal testing related to certain controls

17 Pw SOX: Auditor Responsibility (2) Auditors Report: On management s assertion, if effective internal control or Directly on ineffectiveness of internal control over financial reporting Findings reported include: Significant Deficiency referred to in body of opinion A deficiency that could adversely affect an entity s ability to initiate, record, process and report financial data Material Weakness results in an ecept for qualified report A deficiency that precludes the entity s internal control from reducing to appropriately low level the risk that a material misstatement will not be prevented or detected on a timely basis.

Approach to 404 readiness

19 Pw Approach to 404 readiness Recommend a Sound but Practical approach Maimise what has already been achieved and is internally available Anticipate on upcoming Changes Value Added rom Sarbanes-Oley priate Control entation Approach Value Added Approach seek out operating improvements and identify best practices Formal management process to maintain compliance throughout organization Avoid process fatigue Opportunity for ROI ng Technology Use technology throughout organization to facilitate assessment and communication Compliance would add recurring costs

20 Pw Considerations Appropriate control documentation: Compliance with SOX 404 regulations and proof of compliance Timely identification of control weaknesses Facilitation of prioritization of remedial actions and action tracking Provides basis for attestation by the auditors Enabling technology: Consistency and quality of controls documentation Transparency of weaknesses and improvement areas Maintenance and improvement of controls documentation Linkage to other risk and quality initiatives Auditability of controls Facilitation of project management

21 Pw Project Structure Top down: develop at the center, eecution by opco s with support of Group te Development of process and controls standards by corporate & Group teams Methodology to be developed by corporate project team and tested and tailored pilot site (opportunity: etrapolate best practices) Based on Blueprint Internal Control Framework (guidelines following COSO/Cob and Roadmap (project steering) Steering Committee SOX 404 Core Project Team Group Team Group Team Group Team ICT Team

22 Pw Project Responsibilities Corporate project team also responsible for: Communication to divisional teams Monitoring of progress Consolidation/consistency Quality assurance on divisional input Change management and training Coordination with steering committee Quality, progress and consistency of opco activities and deliverables to be assured by project teams on Group level Eecution and addressing control gaps is the responsibility of each opco Decision to be taken on full roll out or selected companies only

23 Pw Project Steps Step 0.1 Project setup Initial awareness, project owners, resources, budget Project team: roles & responsibilities Step 0.2 Develop Blueprint Internal Control Framework (COSO/Co Internal control requirements, objectives & components Control environment Risk assessment Control activities Monitoring Information & communication: guidelines & tools Step 0.3 Develop Roadmap Project time line, organisation & quality assurance Project communication, training and information sessions

Net Steps se 1 ject ation & isation Phase 2 Eecution Phase 3 Evaluation p 1 ation & ject ement p 2 ation ring & ject ning Step 3 Setting the Scope for Pilots Step 4 Pilot Eecution & Completion of Templates Step 5 Roll-out at the Selected Opcos Step 6 Evaluating Results & Gap Analysis Step 7 Assessment & Testing Step 8 Internal Reporting Step 9 Eternal Audit & Action Planning 24 Pw

25 Pw Net steps Phase 1: Preparation & Mobilisation Step 1: Mobilisation & project mngt Project organisation, project plan and initial communication Establishment of communication channels Step 2: Information gathering & detailed planning Overview of key processes Selected Opcos for pilot and full roll out Communication and training plan Detailed project plan & status reporting template Documentation templates

26 Pw Net steps Phase 2: Eecution Step 3: Setting the scope for the pilots Key business processes relevant for reporting One pilot for each selected process Communication to all selected Opcos Step 4: Pilot eecution and completion of templates Templates to be rolled out to all Opcos Trained Opco representatives Updated control self assessment questionnaire Updated detailed roll-out planning Step 5: Roll-out at the selected Opcos Populated documentation for all selected Opcos Updated control self assessment questionnaire

27 Pw Net steps Phase 3: Evaluation Step 6: Evaluation of results & gap analysis Assessment of key controls Identification of gaps (internal control weaknesses) High level action plan for improvement (closing the gaps) Completed and validated documentation on process, risk and controls Step 7: Assessment & testing Testing plan and eecution of internal testing Step 8: Internal reporting Overview of the assessment process Reported conclusions on effectiveness of internal control, weaknesses reportable conditions and improvement actions Clear process for 302 certification and 404 reporting Definition of the tet of the 302 certification and 404 reporting in SEC fi

28 Pw Selecting relevant Business Units Is location or business unit individually important? No Are there specific significant risks? No Are there locations or business units that are not important even when aggregated with others? No Are there documented entity - wide controls over this group? Yes Yes Yes Yes No Evaluate documentation and test significant controls at each location or business unit Evaluate documentation and and test controls over specific risks No further action required for such units Evaluate documentation and test entity - wide controls over group Some testing of controls at individual locations or business units required

DELIVERY & SUPPORT 29 Pw SOX: How does IT fit in (1)? : Control Objectives for mation and related hnology ITORING IT RESOURCES data application systems technology facilities people PO1 define a strategic IT plan PO2 define the information architecture PO3 determine technological direction PO4 define the IT organisation and relationships PO5 manage the investment in IT PO6 communicate management aims and direction PO7 manage human resources PO8 ensure compliance with eternal requirements PO9 assess risks PO10 manage projects PO11 manage quality PLANNING & ORGANISATION COSO CE RA CA ACQUISITION & IMPLEMENTATION

30 Pw SOX: How does IT fit in (2)? CobiT: IT RESOURCES RING data application systems technology facilities people DELIVERY & SUPPORT ACQUISITION & IMPLEMENTATION PLANNING & AI1 identify solutions ORGANISATION AI2 acquire and maintain application software AI3 acquire and maintain technology infrastructure AI4 develop and maintain procedures AI5 install and accredit systems AI6 manage changes COSO CE RA CA

31 Pw SOX: How does IT fit in (3)? SO CA A IC M CobiT: DS1 define service levels DS2 manage third party services DS3 manage performance and capacity DS4 ensure continuous service DS5 ensure systems security DS6 identify and attribute costs DS7 educate and train users DS8 assist and advise IT customers DS9 manage the configuration DS10 manage problems and incidents DS11 manage data DS12 manage facilities DS13 manage operations MONITORING IT RESOURCES data application systems technology facilities people DELIVERY & SUPPORT PLANNI ORGANIS ACQUISITION & IMPLEMENTATION

32 Pw SOX: How does IT fit in (4)? SO CA A IC M CobiT: M1 monitor the processes M2 assess internal control adequacy M3 obtain independent assurance M4 provide for independant audit MONITORING IT RESOURCES data application systems technology facilities people PLANNING ORGANISATI ACQUISITION & IMPLEMENTATION DELIVERY & SUPPORT

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback