Welcome to the BDO Board Matters Quarterly Update Q3 2013 The presentation will begin shortly. For technical difficulties, please contact Learn Live Customer Support at: (888) 228-4188 or BDOonline_support@learnlive.com Page 1 Ac sense 2013 Board Matters Quarterly Update Q3 2013 September 2013 Page 2 Page 2 1
REMINDERS In order to receive participation credit, you must: Be appropriately registered for Webcast #80847 within the BDO Online CPE Network Be logged in for the entire webcast Be responsive to at least 75% of all polling/review questions Handouts are accessible by clicking on the handout button on your screen. Page 3 Q&A FEATURE Technical questions may be submitted via the Q&A Feature on your screen. Time permitting, presenters will respond to these at the end of the session. Please submit as much information as possible (e.g., slide number reference, presenter, etc.). Submit Technological Support Issues to LiveChat under the Support tab. Page 4 2
PRESENTER EXPERIENCE Amy has spent the past 9+ years within BDO s National Assurance Department directing the Professional Development Meeting (PDM) and Enhancing Audit Quality (EAQ) training series as well as the Ac sense SM client outreach program. The PDM and EAQ series are technical trainings that provide a venue to keep BDO s Assurance Professionals up-to-date on current and evolving accounting, auditing and financial reporting matters. Ac sense SM is BDO s external program designed for executive management and those charged with governance of both public and private companies to keep them informed on technical matters of importance. Amy also serves on the firm s International Financial Reporting Standards (IFRS) Task Force as well as BDO s Board Reflections initiative, which is a developing umbrella program dedicated to all matters of corporate governance that are of interest to BDO s clients and contacts. In collaboration with various leaders within BDO, Amy published BDO s Effective Audit Committees in the Ever Changing Marketplace and related practice aids. Amy E. Rojik Director, National Assurance BDO USA, LLP arojik@bdo.com 617-239-7005 Prior to joining BDO, Amy spent a combined 11 years with two big 6 accounting firms. During that time, she served larger public clients in the high technology and commercial and residential building products arenas as well as smaller private companies primarily in the wholesale distribution and biotechnology markets. Her experience includes assisting clients with several public debt offerings and acquisition transactions Additionally, she provided technical consultation on audit, accounting, and independence issues and developed internal/external technical trainings geared toward public and private companies. PROFESSIONAL AFFILIATIONS American Institute of Certified Public Accountants Massachusetts Society of Certified Public Accountants National Association of Corporate Directors EDUCATION M.B.A./M.S. in Accounting Northeastern University B.A. in Economics and Psychology Union College Page 5 PRESENTER EXPERIENCE John leads BOD s Risk Advisory Services practice with more than 25 years of public accounting and private industry experience. John has significant experience serving a broad range of clients primarily in the consumer products, insurance, distribution, services, life sciences, retail, energy, technology, and healthcare industries. John is responsible for risk, governance and control engagements assisting clients with their risk management, internal auditing and corporate governance activities, including Sarbanes-Oxley readiness and compliance, enterprise risk management ( ERM ) program development, risk assessment, IT and financial auditing, including John McLaughlin Partner, Risk Advisor Services BDO USA, LLP jmclaughlin@bdo.com 215-636-5665 SSAE 16/SOC 1 (formerly SAS 70) and SOC 2 examinations, internal audit strategy, planning and quality assurance for both audit committees and internal audit functions, developing and monitoring programs to measure compliance with laws and regulations, and evaluating and improving operational efficiency and effectiveness. Prior to joining BDO, John was a Senior Managing Director with LECG/SMART where he led their Risk Services practice which included internal audit services, IT audit, Sarbanes-Oxley compliance, ERM readiness, Internal Audit Transformation & Quality Assessment, and SAS 70 reviews. In addition, he was a former Internal Audit Services Director with PricewaterhouseCoopers, LLP ( PwC ), responsible for planning and directing a variety of client service activities including internal audit and information technology audit outsourcing, Sarbanes-Oxley readiness, enterprise risk assessment, pre- and post-implementation SAP and JD Edwards security and controls reviews, internal audit quality assessment and risk management consulting services. John was also an Internal Audit Director for ARAMARK Corporation. John has written several articles in an industry group newsletter and has been quoted in the Philadelphia Inquirer, Bloomberg, Risk Management, Treasury & Risk, and The Financial Management Network as an industry expert on the topics of enterprise risk, internal auditing and Sarbanes-Oxley. PROFESSIONAL AFFILIATIONS American Institute of Certified Public Accountants Information Systems and Control Association, Past Board Member Institute of Internal Auditors, Board Member International Board of Research and Education Advisors and Past President, Philadelphia Chapter Mercy Health System, Audit and Finance Committees Member Philadelphia Skating Club & Humane Society, Board Member EDUCATION B.S., Accounting, Saint Joseph s University Page 6 3
PRESENTER EXPERIENCE Eric Spatz specializes in internal controls consulting, including Sarbanes-Oxley compliance, internal audits and SSAE 16 services. Eric has over ten years of accounting and consulting experience servicing public and private clients in a broad range of industries, including manufacturing, retail, pharmaceutical, and aerospace. He maintains effective communication with the senior management teams and audit committees of his clients and works proactively with his clients to ensure that their needs and objectives are being met and exceeded throughout the course of his engagements. Eric Spatz Manager, Risk Advisory Services BDO USA, LLP espatz@bdo.com 212-885-8000 Eric has managed a variety of Sarbanes-Oxley consulting, internal audit and SSAE 16 engagements, ensuring the delivery of all underlying reports and all aspects of such engagements, including process documentation and evaluation, key control testing, and the reviews of external auditor process comments. Eric has been an active and proficient user of data mining tools, such as ACL and IDEA, and maintains a sharp focus on developing and maintaining operational efficiencies for his clients. Additionally, Eric has routinely advocated his clients interests to their external auditors. PROFESSIONAL AFFILIATIONS Institute of Internal Auditors Association of Certified Fraud Examiners Institute of Management Accountants, Board Member/Treasury NY Chapter American Institute of Certified Public Accountants EDUCATION B.S. in Accounting, Frostburg State University Page 7 LEARNING OBJECTIVES At the conclusion of this program, participants will be able to: Recognize the key changes between the 2013 and 1992 COSO Frameworks Apply the underlying principles and points of focus specifically to consideration of: o changes in business and operating environments o prevention and detection of fraud o increased relevance of technology o financial and non-financial reporting o Internal and external reporting o Sarbanes-Oxley 404 compliance Page 8 4
COSO NEW RESOURCES Internal Control-Integrated Framework (2013 Edition) Consists of three volumes: Executive Summary Framework and Appendices Illustrative Tools for Assessing Effectiveness of a System of Internal Control Sets out: Definition of internal control Categories of objectives Components and principles of internal control Requirements for effectiveness http://www.coso.org Source: COSO Page 9 COSO NEW RESOURCES Internal Control over External Financial Reporting: A Compendium Illustrates approaches and examples of how principles are applied in preparing financial statements Considers changes in business and operating environments during past two decades Provides examples from a variety of entities public, private, not-for- profit, and government Aligns with the updated Framework http://www.coso.org/ic.htm Source: COSO Page 10 5
WHY AN UPDATE COSO INTEGRATED INTERNAL CONTROL FRAMEWORK? 1992 2013 Source: COSO Page 11 2013 FRAMEWORK COMPARED TO 1992 FRAMEWORK What is not changing... Core definition of internal control Three categories of objectives and five components of internal control Each of the five components of internal control are required for effective internal control Important role of judgment in designing, implementing and conducting internal control, and in assessing its effectiveness What is changing... Changes in business and operating environments considered Operations and reporting objectives expanded Fundamental concepts underlying five components articulated as principles Additional approaches and examples relevant to operations, compliance, and non-financial reporting objectives added Source: COSO Page 12 6
CONSIDERATION OF BUSINESS AND OPERATING ENVIRONMENTS Environments changes... have driven Framework updates Expectations for governance oversight Globalization of markets and operations Changes and greater complexity in business Demands and complexities in laws, rules, regulations, and standards Expectations for competencies and accountabilities Use of, and reliance on, evolving technologies Expectations relating to preventing and detecting fraud COSO Cube (2013 Edition) Source: COSO Page 13 UPDATE ARTICULATES PRINCIPLES OF EFFECTIVE INTERNAL CONTROL Source: COSO Page 14 7
Navigating the COSO Update Framework Page 15 PRINCIPLES AND POINTS OF FOCUS Points of Focus Represent important characteristics i of a Principle. i Intended to assist management in obtaining persuasive evidence to support its determination that the components and relevant principles are present and functioning. Management may consider other points of focus Bottom line Points of Focus matter a great deal. Page 16 8
INTERACTION OF SARBANES-OXLEY AND THE 2013 COSO FRAMEWORK Mapping of existing controls to principles and points of focus: Effort Time Resources Consideration of third party involvement Page 17 EVALUATING DEFICIENCIES IN INTERNAL CONTROL For a system of internal control to be effective, the updated Framework requires that: 1) Each of the five components and relevant principles is present and functioning; and 2) The five components operate together in an integrated manner Internal Control Deficiency A shortcoming in a component or components and relevant principle(s)that reduces the likelihood that the entity can achieve its objective. Major Deficiency an internal control deficiency or combination of deficiencies that severely reduces the likelihood that the entity can achieve its objectives. Essentially, a major deficiency indicates that a component and/or principle are not present or not functioning. Significant Deficiency and Material Weakness? The updated Framework recognizes criteria established by other standard setting bodies (e.g., SEC, PCAOB). COSO explicitly indicates the Updated Framework alone does NOT serve as a regulatory standard. Page 18 9
INFORMATION TECHNOLOGY Determine the dependency between the use of technology in business process and technology general controls Establish relevant technology infrastructure control activities Establish relevant security management process control activities Establish relevant technology acquisition, development, and maintenance process control activities Page 19 SCALABILITY Smaller company considerations: Fewer lines of business and fewer products within lines Concentration of marketing focus by channel or geography Leadership by management with significant ownership interest or rights Fewer levels of management with wider spans of control Less complex transaction processing systems Fewer personnel, many having a wider range of duties Limited ability to maintain deep resources in line as well as support staff positions such as legal, human resources, accounting, and internal auditing Approaches and examples in Compendium (Appendix C) Page 20 10
ERM AND THE INTERNAL CONTROL FRAMEWORKS Governance Enterprise Risk Management Internal Control Page 21 ASSESSMENT OF FRAUD RISK Source: COSO Illustrative Tools Template Page 22 11
TRANSITION TO THE UPDATED FRAMEWORK 2013 Framework will supersede 1992 Framework at the end of the transition period (i.e., December 15, 2014) Page 23 READINESS IN 2013 Users are encouraged to transition applications and related documentation to the 2013 Framework as soon as feasible During the transition period, external reporting should disclose whether the original i or updated d version of the Framework was used Impact of adopting the 2013 Framework will vary by organization Does your system of internal control need to address changes in business? Does your system of internal control need to be updated to address all principles? Does your organization apply and interpret the original framework in the same manner as COSO? Is your organization considering new opportunities to apply internal control to cover additional objectives? Source: COSO Page 24 12
NEXT STEPS Read COSO s updated Framework and illustrative documents Educate the Audit Committee, C-suite, operating unit and functional management Establish a process for identifying, assessing, and implementing necessary changes in controls and related documentation Develop and implement a transition plan timely to meet key objectives e.g., apply updated Framework by December 31, 2014 for external reporting Consider preparing a diagnostic of points of focus that pertain to your business to support underlying principles. Page 25 RESOURCES BDO Board Reflections at: http://www.bdo.com/library/boardreflections.aspx Ac sense SM Programs and Website at: http://www.bdo.com/acsense/ o NOTE: Link to a self-study course of today s program will be available shortly at: http://www.bdo.com/acsense/events/boardmattersq32 013.aspx Page 26 13
CPE CERTIFICATES Certificates will be processed and will be accessible by participants for printing as follows: 1. Individuals 1. Under the Participation tab below before exiting the webcast, OR 2. By logging onto the http://university.learnlive.com/bdoonline after the session is completed and clicking on My Learning - Completed Items. Under the Certificate column, click the Print button beside the completed webcast. 2. Group participants - After receipt and processing of submitted group sign-in sheets to cpe@bdo.com, group participants will be proctored into LearnLive and will be notified via e-mail when they can retrieve their certificates, following the steps above. 3. Sign-in sheets may be downloaded from the following: https://university.learnlive.com/content/public/1029/accessinstructions/ CPE%20Attendance%20Sheet.doc Page 27 EVALUATION We continually try and improve upon our programming and appreciate constructive feedback Following the program, we will be sending out a thank you e-mail that contains a link to a brief evaluation Thank you in advance for your consideration! Page 28 14
That concludes today s program. Thank you for attending! Page 29 15