Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.

Published byArthur McCarthy Modified over 8 years ago

Similar presentations

Presentation on theme: "The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now."— Presentation transcript:

1 The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now March 10, 2003 Michael Cobb (813) 222-6212 Insert Worlds Image / Client Specific Image Here PwC

2 The Sarbanes-Oxley Act of 2002 2 PricewaterhouseCoopers Sarbanes-Oxley Act of 2002 Requires quarterly certification by the CEO / CFO of all companies filing periodic reports under section 13 (a) or 15 (d) of the Securities Exchange Act of 1934 regarding the completeness and accuracy of such reports as well as the nature and effectiveness of internal controls supporting the quality of information included in such reports. Requires an annual report by management regarding internal controls and procedures for financial reporting, and an attestation as to the accuracy of that report by the company’s auditors. Section 302 Section 404

3 The Sarbanes-Oxley Act of 2002 3 PricewaterhouseCoopers Addressing DC&P Requirements Internal Accounting Controls Disclosure Requirements Financial Reporting Compliance Operations Internal Controls Over Financial Reporting Disclosure Controls and Procedures Internal Controls over Disclosure Requirements LEGEND

4 The Sarbanes-Oxley Act of 2002 4 PricewaterhouseCoopers What are the Questions That Need to be Asked?  What does our control structure look like and how does it operate?  Who is accountable?  How does it deal with change?  What are the critical control activities?  Are they monitored?  Is all of this documented?  How will I demonstrate that I have reviewed the controls every quarter?

5 The Sarbanes-Oxley Act of 2002 5 PricewaterhouseCoopers Why the Need for Control Structure Documentation?  Available for third-party purposes  Enables External Auditor’s attestation work  Enables ongoing assessment of operating effectiveness  Facilitates linkage to COSO  Supports management assertions  Reduces risk and supports operational efficiency

6 The Sarbanes-Oxley Act of 2002 6 PricewaterhouseCoopers Controls over the IT environment Most business processes are critically enabled by IT Achieving objectives is often dependent on IT based controls Many controls depend on data generated by IT systems IT controls need to be considered at 2 levels: –Controls over the IT environment (General Controls) –Controls over individual applications

7 The Sarbanes-Oxley Act of 2002 7 PricewaterhouseCoopers Audit of Financial Statements vs. 404 Controls Attestation Audit of Financial Statements Understanding and consideration of internal controls only to develop the audit approach Overall objective is the rendering of an opinion on the financial statements, not to opine on internal controls Internal control reports have been very rare in practice and are the subject of different auditing standards 404 Attestation 100% controls-based approach Must evaluate and test controls across business and functional areas to opine on effectiveness (broad and deep) Lack of errors, historically, in financial statements is not de-facto evidence unto itself, of an appropriate internal control structure

8 The Sarbanes-Oxley Act of 2002 8 PricewaterhouseCoopers Management’s Requirements Under Section 404 Section 404 – Management Must Assess Internal Controls Annually (effective date pending) Internal control report states management’s responsibility for establishing and maintaining adequate internal control structure and procedures for financial reporting. Management must assess effectiveness of internal control structure and procedures for financial reporting as of the end of the most recent fiscal year. Attestation by external auditor (Section 404 and 103).

9 The Sarbanes-Oxley Act of 2002 9 PricewaterhouseCoopers The Intersection of Sections 302 and 404 404: Basis for Auditors’ Evaluation And Testing 302: Management’s Certification Related to the Financial Reporting Elements of DC&P Internal Controls for Financial Reporting

10 The Sarbanes-Oxley Act of 2002 10 PricewaterhouseCoopers The Five Components under the COSO Framework Control Activities  Policies/procedures that ensure management directives are carried out.  Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties. Monitoring  Assessment of a control system’s performance over time.  Combination of ongoing and separate evaluation.  Management and supervisory activities.  Internal audit activities. Control Environment  Sets tone of organization- influencing control consciousness of its people.  Factors include integrity, ethical values, competence, authority, responsibility.  Foundation for all other components of control. Information and Communication  Pertinent information identified, captured and communicated in a timely manner.  Access to internal and externally generated information.  Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action. Risk Assessment  Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives-forming the basis for determining control activities. All five components must be in place for a control to be effective.

11 The Sarbanes-Oxley Act of 2002 11 PricewaterhouseCoopers Control Objectives and Types of Financial Controls to Be Identified Standard Control Objectives (All Cycles/Processes/Activities):  Completeness of input  Accuracy of input  Completeness and accuracy of output  Authorization/Validity  Timeliness  Others: –Safeguarding of assets –Segregation of duties Types of Financial Controls  Basic/Application Controls  Monitoring Controls  General/Computer Controls

12 The Sarbanes-Oxley Act of 2002 12 PricewaterhouseCoopers Mapping to Controls STEPS:  Map F/S line items to cycles/processes  Document each existing process (detailed flowcharts and narratives)  Identify controls in place  Test controls for effectiveness  Highlight missing controls  Assess impact of missing controls  Fill gaps —————————— FINANCIAL STATEMENTS CYCLES/PROCESSESCONTROLS to

13 The Sarbanes-Oxley Act of 2002 13 PricewaterhouseCoopers Implementation Issues  Resources  Training / Education  Project management  Scope Setting –Centralized vs. decentralized processes –Multinational / Multilocation –Common vs. independent systems –Acquisitions –Shared service centers  Measurement of control effectiveness  Reporting  Disclosure controls and procedures –Financial –Non-financial

14 The Sarbanes-Oxley Act of 2002 14 PricewaterhouseCoopers This process should be repeated as necessary in a continual effort to improve the level of maturity of an organization’s internal controls. Action Plan Following an iterative approach to evaluate and assess control environment will provide readiness for 404 certifications and improve 302 compliance Educate Management / Board Mobilize Collect Data on “As-Is” Environment Assess Maturity and Perform Gap Analysis Address Needs for Continuous Improvement

Download ppt "The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now."

Similar presentations

Internal Control Integrated Framework

Internal Control Integrated Framework
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.

Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Internal Control.

Internal Control.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Chapter 5 Risk Assessment: Internal Control Evaluation

Chapter 5 Risk Assessment: Internal Control Evaluation
CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004

CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Audit Committee Effectiveness – What Works Best

Audit Committee Effectiveness – What Works Best

Similar presentations

Ads by Google