AN ASSESSMENT OF THE COSTS AND BENEFITS ASSOCIATED WITH THE IMPLEMENTATION OF SARBANES OXLEY SECTION 404 IN A SOUTH AFRICAN CONTEXT

Similar documents
SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017

Increasing External Auditor Reliance

Corporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:

See your auditor clearly. Transparency report: How we perform quality audit engagements

4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

White Paper. Effective and Practical Deployment of COSO: Entity Level Control and Lessons Learned. July 10, 2008 THE ROBERTS COMPANY, LLC

Assurance Services. thinking strategically to your best advantage

SOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER

Chapter 1. Learning Objective 1, 2. Capital Allocation. Efficient Capital Allocation. Financial Accounting and Accounting Standards

Internal Control & Sarbanes-Oxley Act. ERPANET Workshop. Antwerp, April 14, PwC

DAVITA INC. AUDIT COMMITTEE CHARTER

Evaluating Internal Controls

Speech by SEC Staff: Remarks before the 2007 AICPA National Conference on Current SEC and PCAOB Developments

The New COSO Framework: Avoiding Deficiencies and Driving Change

Quality Assessments what you need to know

Preparing an audit report for Limited Partnerships

Proposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

The Audit Committee of the Supervisory Board of CB&I

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

Internal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016

Inspection of Petrie Raymond, Chartered Accountants L.L.P. (Headquartered in Montreal, Canada) Public Company Accounting Oversight Board

Gaining Financial Integrity Through Improved Internal Controls

[RELEASE NOS ; ; FR-77; File No. S ]

Re: PCAOB Rulemaking Docket Matter No. 37

Chapter 2 The Public Accounting Profession

International Forum of Independent Audit Regulators Report on 2013 Survey of Inspection Findings April 10, 2014

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

STANDING ADVISORY GROUP MEETING

Audit Client Briefing

Global investor survey on corporate reporting

AUDIT COMMITTEE CHARTER

AGS 10. Joint Audits AUDIT GUIDANCE STATEMENT

Directors Responsibilities- Corporate Governance

Leading the Global. Next Decade Doing More with Less The Lean Internal Audit Model. Larry Rieger

NORFOLK SOUTHERN CORPORATION. Committee s Role and Purpose

Report on Inspection of KPMG Auditores Consultores Ltda. (Headquartered in Santiago, Republic of Chile)

What does an external auditor look for in SAP R/3 during SOX 404 Audits? Ram Bapu, CISSP, CISM Sandra Keigwin, CISSP

Report on Inspection of KPMG AG Wirtschaftspruefungsgesellschaft (Headquartered in Berlin, Federal Republic of Germany)

The Impact of IAS and Sarbanes Oxley on UK Organisations

The Future of Internal Auditing:

CORPORATE GOVERNANCE King III - Compliance with Principles Assessment Year ending 31 December 2015

Report on. Issued by the. Public Company Accounting Oversight Board. June 16, 2016 THIS IS A PUBLIC VERSION OF A PCAOB INSPECTION REPORT

BrightPath Early Leaning Inc. Audit Committee Charter

CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017

BUSINESS ETHICS AND CORPORATE GOVERNANCE TERMINOLOGY AND CONCEPTS

UNIVERSAL BUSINESS PAYMENT SOLUTIONS ACQUISITION CORPORATION CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

The World Bank Audit Firm Assessment Questionnaire

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

Audit Committee Self-Assessments: Why and How?

SARBANES-OXLEY INTERNAL CONTROL PROVISIONS: FILE NUMBER 4-511

Public Company Accounting Oversight Board

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively.

FIAT CHRYSLER AUTOMOBILES N.V. AUDIT COMMITTEE CHARTER

Should boards and CEOs care about COSO ERM 2017? By Tim J. Leech

2013 COSO Internal Control Framework Update. September 5, 2013

CORPORATE GOVERNANCE GUIDELINES

SOX FOR NPO S Focus on Control. Stephen L. Kuptz, CPA

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

For the first time in the history of corporate financial reporting and. Management Reporting on Internal Control. Use of COSO 1992 in.

GoldSRD Audit 101 Table of Contents & Resource Listing

Sarbanes Oxley Impact on Supply Chain Management

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

Corporate governance. Dutch Corporate Governance Code. Dutch Banking Code. Rabobank Group Code of Conduct

AUDIT COMMITTEE CHARTER

Audit Committee of the Board of Directors Charter CNL HEALTHCARE PROPERTIES II, INC.

2016 INSPECTION OF BHARAT PARIKH & ASSOCIATES CHARTERED ACCOUNTANTS. Preface

Audit and Advisory Services Integrity, Innovation and Quality. Audit of Internal Controls over Financial Reporting

AUDIT COMMITTEE CHARTER REINSURANCE GROUP OF AMERICA, INCORPORATED. the audits of the Company s financial statements;

) ) ) ) ) ) ) ) ) ) ) ) REPORTING ON WHETHER A PREVIOUSLY REPORTED MATERIAL WEAKNESS CONTINUES TO EXIST. PCAOB Release No July 26, 2005

Auditing Standard 16

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

9/13/2017 CHA-CHING! PAYROLL CONTROLS THAT PAY OFF PERSONAL INTRODUCTION. Personal Introduction. Melinda Stinnett, CPA, CIA Managing Director

Securitisation working with originators

Broad European Compliance to Sarbanes-Oxley Act Expected

Report on Inspection of KPMG Audit Limited (Headquartered in Hamilton, Bermuda) Public Company Accounting Oversight Board

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF MULESOFT, INC.

ARCHIVED Audit of Risk Management

Report on Inspection of KAP Purwantono, Sungkoro & Surja (Headquartered in Jakarta, Republic of Indonesia)

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

AUDITING AND ATTESTATION CHAPTER 1 PROFESSIONAL STANDARDS, AUDIT PROCESS, AND AUDIT PLANNING. Magic Memory Outline

Report on Inspection of Navarro Amper & Co. (Headquartered in Taguig City, Republic of the Philippines)

AICPA STANDARDS FOR PERFORMING AND REPORTING ON PEER REVIEWS. Effective for Peer Reviews Commencing on or After January 1, 2009

REPORT 2016/033 INTERNAL AUDIT DIVISION

Companion Policy Acceptable Accounting Principles and Auditing Standards

Powered by technology, our experts are unlocking the value of your audit. Dynamic Audit

GEMS Education Global Education Survey

*** It is a pleasure for me to speak to you today on the subject of Corporate

Audit Risk. Exposure Draft. IFAC International Auditing and Assurance Standards Board. October Response Due Date March 31, 2003

Challenges in Corporate Governance: The Role of Corporate Directors in Overseeing Financial Reporting

Gloucestershire Hospitals NHS Foundation Trust

An Analysis of Alleged Auditor Deficiencies in SEC Fraud Investigations:

Joint IIA/ ISACA/ ACFE Spring Fraud Conference: Fraud & the External Auditor, and You

Are YOU Smarter than a CPA Candidate???

Audit Committee Charter

Audit Committee Financial Experts

SOX106. Accounts Payable and Sarbanes-Oxley; Strengthening your Internal Controls- 10 hours. Objectives

up Texas Society of ~ Certified Public Accountants

Transcription:

AN ASSESSMENT OF THE COSTS AND BENEFITS ASSOCIATED WITH THE IMPLEMENTATION OF SARBANES OXLEY SECTION 404 IN A SOUTH AFRICAN CONTEXT by ANDRE HORN A research report submitted in partial fulfilment of the requirements for the degree of MASTER IN BUSINESS LEADERSHIP UNIVERSITY OF SOUTH AFRICA SCHOOL OF BUSINESS LEADERSHIP

Abstract This research report examines the cost and benefits of the Sarbanes-Oxley Act of 2002 (SOX) on South African companies who have had to comply due to them or their holding companies being listed on the New York Stock Exchange (NYSE) as well as voluntary adaptors of the code. This report further seeks to identify best practices implemented by these companies. Five South African companies participated in this research and the following key findings were identified: Implementation and management of SOX was a time consuming and expensive exercise for all the companies. There are significant consistencies amongst all the companies regarding the implementation of SOX, such as making use of a top-down risk based approach and the COSO framework The major differences between the companies were specifically regarding the software solutions used and the impact of the companies internal audit departments on SOX implementation and management. It is clear that companies don t agree on the most efficient and effective way forward with regards to software and the role of the internal audit department. All companies involved in the research expressed the opinion that they had not yet arrived in terms of SOX implementation, and that many measures still needed to be implemented to ensure that the processes work exactly as intended and as efficient and effective as possible. All were of the opinion that the benefit and worth of implementing and managing SOX outweighed the significant costs and time associated therewith. SOX increased awareness of and ownership of governance controls at ground level in these companies. It led to a greater appreciation for critical governance policies and procedures and a continued focus on the expansion and updating thereof. But most notably, SOX does give company executives a greater comfort that the numbers being produced and reported are accurate and can be relied upon. ii

Acknowledgements To my managers and subordinates at my company of employment who were prepared to give me the time and space (sometimes at inopportune moments) to conduct and complete this research. To Marianne van Vreden and the Johannesburg PwC office for giving me the opportunity to jointly work with them on this research, thus allowing me access to their clients for interviewing purposes and sharing their invaluable knowledge and expertise in this regards with me. To my study leader, Professor Gregory Dalton, for his patience, support, input and guidance without which this would not have been possible. To my wife Renetta, whose constant support, motivation and threats gave me the strength to complete this research report. To God, for blessing my life in abundance and for His never ending and unconditional love and grace. iii

Table of Contents Chapter 1: Orientation... Error! 1.1 Introduction... Error! 1.2 The reasons for the Sarbanes-Oxley Act being brought into beingerror! 1.3 Objectives of this research... Error! 1.4 Statement of the problem and sub-problemserror! Bookmark not defined. 1.5 Delimitation of the study... Error! 1.6 Importance of the study... Error! 1.7 Outline of the research report... Error! Chapter 2: Literature Review... Error! 2.1 Theoretical base: Need for of accurate financial reporting... Error! 2.2 The Sarbanes-Oxley Act... Error! 2.3 Comments in literature about the Act... Error! Chapter 3: Research Methodology... Error! 3.1 Problem Statement... Error! 3.2 Research Methodology... Error! 3.3 Sampling Method... Error! 3.4 Design of the research... Error! 3.5 Target Population... Error! 3.6 Sampling frame... Error! 3.7 Data collection method... Error! 3.7 Measuring instrument... Error! Chapter 4: Research Results... Error! 4.1 Section 1: Demographics of respondents Error! 4.2 Section 2: Implementation Resources... Error! 4.3 Section 3: Implementation costs... Error! 4.4 Section 4: Internal Audit involvement... Error! 4.5 Section 5: Risk Management Process... Error! 4.6 Section 6: Methodology... Error! 4.7 Section 7: Software... Error! 4.8 Section 8: Control Environment... Error! 4.9 Section 9: The utilisation of spreadsheets for key processes... Error! 4.10 Section 10: Continuing with SOX efforts... Error! 4.11 Section 11: General... Error! Chapter 5: Outcomes... Error! Chapter 6: Conclusions... Error! 6.1 Effort and resources... Error! 6.2 External consultants... Error! 6.3 Internal governance prior to SOX... Error! 6.4 Role of Internal Audit departments... Error! i

6.5 Impact on risk management... Error! 6.6 Top down risk approach... Error! 6.7 Over-compliance... Error! 6.8 Change control... Error! 6.9 Status of internal control environments... Error! 6.10 Number of testing cycles... Error! 6.11 Centralised SOX functions... Error! 6.12 Control owner self-assessment... Error! 6.13 Cascading approach... Error! 6.14 Use of software... Error! 6.15 Improvements in control environment... Error! 6.16 Reduction in number of controls... Error! 6.17 Business process knowledge... Error! 6.18 Annual walk through tests... Error! 6.19 Unnecessary and/or duplicated controls.. Error! 6.20 Ownership of controls... Error! 6.21 Trust in numbers reported... Error! 6.22 Standardised processes and controls... Error! 6.23 Contributors to control deficiency... Error! 6.24 Typical problems remediated towards SOX compliance... Error! 6.25 Elimination of significant deficiencies... Error! 6.26 Use of spreadsheets... Error! 6.27 Additional value add... Error! 6.28 Benefits vs. Costs... Error! 6.29 Means to increase effectiveness of SOX complianceerror! Bookmark not defined. Chapter 7: Recommendations... Error! 7.1 Use of Internal Audit... Error! 7.2 Involving the Risk Management function.. Error! 7.3 Use of COSO... Error! 7.4 Use of entity level controls... Error! 7.5 Risk based approach towards evidence... Error! 7.6 Use of automated controls... Error! 7.7 Base lining approach to testing automated controlserror! Bookmark not defined. 7.8 Document management for SOX... Error! 7.9 The role of Information technology... Error! 7.10 Solution to manage segregation of duties and system access... Error! 7.11 Use of ISAE 3402 Report... Error! 7.12 Reducing the use of spreadsheets... Error! Chapter 8: Overall Conclusion... Error! Chapter 9: Recommendations for a future study... Error! List of References... Error! List of tables and figures... Error! ii

Appendix I: Questionnaire... Error! iii

Glossary of Terms CEO: Chief Executive Officer Typically the highest ranking officer of a company CFO: Chief Financial Officer Normally the top financial officer of a company Control Owner Self Assessment A sustainable process whereby each individual SOX control owner within a company performs effectiveness testing to verify that key controls are functioning properly, resulting in the detection or elimination of material misstatements ERP: Enterprise Resource Planning FASB: Financial Accounting Services Board A non-governmental organisation that sets accounting standards in the United States of America FPI: Foreign Private Issuer Companies not resident in the US who have listed on a US Stock Exchange FMCG: Fast Moving Consumer Goods GAAP: Generally Accepted Accounting Practices The standards constituting defined accepted practices for the preparation of financial statements. The FASB has primary responsibility for defining GAAP in the US IFRS: International Financial Reporting Standards Is a collection of accounting rules compiled by the International Accounting Standards Board a non profit organisation and is used by most countries outside of the US and Canada in order to complete their financial reporting iv

ITGC: Information Technology General Controls General controls in the Information Technology portion of a company s business ISAE: International Standard on Assurance Engagements JSE: Johannesburg Stock Exchange KPA: Key Performance Indicators In this research report Key Performance indicators relate to targets that are set (normally annually) with employees and which in most cases influence their bonuses and annual increases LLP: Limited Liability Partnership Often used by professional associations such as law and accounting firms. The owners of the company s liability is limited to the amount of capital that they have contributed NYSE: New York Stock Exchange PwC: Price Waterhouse Coopers PSG: Professional Standards Group Body within Arthur Andersen that was responsible for accounting advice and guidelines SEC: Securities and Exchange Commission Organisation founded in 1923 in America in order to regulate financial reporting and accounting in that country. Has gained increased prominence since the passing of the Sarbanes-Oxley Act with increased funding and wide ranging powers and penalties for those who do not follow its rules v

Sarbanes-Oxley: Sarbanes-Oxley Act of 2002 The Public Company Accounting Reform and Investor Protection Act signed into law on July 30, 2002. The Act enforces financial reporting and disclosure requirements, of which the most onerous is the CEO and CFO certification of the correctness of financial results. The Act is enforced by the SEC SOX: Sarbanes-Oxley Act of 2002 See definition for SOX SOX 404: Section 404 of the Sarbanes-Oxley Act This section of the Act requires certification by the specific company s management that: It acknowledges that it is responsible for establishing and maintaining the system of internal controls and procedures for financial reporting An assessment as at the end of the most recent financial year end of the effectiveness of the firms internal controls has been performed An attestation by the firms external auditors confirming the adequacy and accuracy of the companies controls and procedures has been completed SOX Location A geographic business location of a company where the nature and size of the operations at such location requires the implementation, management and testing of SOX controls. SPE: Special Purpose Entity A separate legal entity created by a company for a special purpose or to carry out a specific activity. Was used by Enron in order to remove loss making operations from the company s income statement and balance sheets; however a tightening in accounting rules will make this virtually impossible in future. US: United States of America vi

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback