Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada.

Published byClemence Eaton Modified over 8 years ago

Similar presentations

Presentation on theme: "“Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada."— Presentation transcript:

1 “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada

2 Internal Reporting Track XBRL application to Internal Controls December 4th, 2007 Yuji Furusho CISA (Certified Information Systems Auditor) Fujitsu Limited

3 Background  Annual documentation and evaluation of Internal Controls are “formal activities” for listed companies in the following countries: ◦ U.S.- Sarbanes and Oxley Act (so-called SOX) ◦ Canada- Bill-198 / Regulation 52-109 ◦ Japan- Financial Products Exchange Act (so-called J-SOX) ◦ Korea, France, etc.  Evaluation of Internal Controls in accordance with the significance of the impact on the financial statements is key. ◦ This means that evaluation of the internal controls should be consistent with the significance of related accounts, and therefore consistent with the ultimate impact in the financial statements. - 1 -

4  Enterprise Model – connecting FS, GL, and business process Financial Statement (PL) sales (BS) A/R (BS) inventory ┆ General Ledger Hardware sales Maintenance sales ┆ Sales Process - Head Quarter - related accounts: (n) risk (n) control ┆ (PL) sales Software sales Sales Process - North Region - related accounts: (n) risk (n) control ┆ Software sales A/R - Software - 2 -

5  Internal Control Taxonomy to handle non-financial business process information. ◦ Definition of “Control Objective”, “Risk”, and “Control Activity” in a business process. ◦ “Design effectiveness”, “Operational effectiveness”, and “Remediation plan/status” as values. ◦ Utilization of “COSO elements”  For comprehensive Risk/Control identification.  For focusing not only “Risk” but also “Opportunity”. - 3 -

6 Instance Document location process coso: activity (n) subprocess Fixed elements COSO elements related acct key control result (score) result (narrative) remediation status issue F,O,C,S Internal Control Dimension (n)control activity related assertion (n)control activity ・ incomplete evidence ・ control exception ( exception on approval, processing, etc.) assertion - 4 - Company Extensio n (n)risk (n)control objective F,O,C

7  25 activities illustrated in COSO tool. 1/Activity : INBOUND 2/Activity : OPERATIONS 3/Activity : OUTBOUND 4/Activity : MARKETING AND SALES 5/Activity : SERVICE 6/Activity : PROCUREMENT 7/Activity : TECHNOLOGY DEVELOPMENT 8/Activity : HUMAN RESOURCES 9/Activity : MANAGE THE ENTERPRISE 10/Activity : MANAGE EXTERNAL RELATIONS 11/Activity : PROVIDE ADMINISTRATIVE SERVICES 12/Activity : MANAGE INFORMATION TECHNOLOGY 13/Activity : MANAGE RISKS 14/Activity : MANAGE LEGAL AFFAIRS 15/Activity : PLAN 16/Activity : PROCESS ACCOUNTS PAYABLE 17/Activity : PROCESS ACCOUNTS RECEIVABLE 18/Activity : PROCESS FUNDS 19/Activity : PROCESS FIXED ASSETS 20/Activity : ANALYZE AND RECONCILE 21/Activity : PROCESS BENEFITS AND RETIREE INFORMATION 22/Activity : PROCESS PAYROLL 23/Activity : PROCESS TAX COMPLIANCE 24/Activity : PROCESS PRODUCT COSTS 25/Activity : PROVIDE FINANCIAL AND MANAGEMENT REPORTING - 5 -

8  Using element / value to “link” taxonomies; ◦ FR taxonomy and GL taxonomy “xbrlinfo” elements in GL taxonomy ◦ GL taxonomy and IC (Internal Control) taxonomy “relatedAccount” element in IC taxonomy sales: “682,xxx” GL xbrlinfo: FR sales: xbrlinfo: “sales” taxonomy instance accountMainID: “EX00100” IC relatedAccount: GL accountMainID: relatedAccount: “EX00100” taxonomy instance - 6 -

9  The following “FS – GL (Trial Balance) – IC” model has been adopted for Proof-of-Concept. Financial Statement (PL) sales (BS) A/R (BS) inventory ┆ General Ledger ┆ Journal Entry ┆ Trial Balance (by location) (PL) sales (BS) A/R (BS) inventory ┆ Internal Control location x process related accounts (n) risk (n) control ┆ location definition acct-process mapping Definition using Dimensional Taxonomy aggregation - 7 -

10  Overall Structure Process Information Process Location Related Accounts etc. Sub-Process Information Control Objective Risk Control Activity Key Control etc. n 1 Evaluation and Remediation Design Effectiveness Operational Effectiveness Remediation Plan etc. 1 1 - 8 -

11  “Process Information” section Process Information process location related accounts Sales Process Software Service Dept. Sales, Account Receivable 【 Sample 】 - 9 -

12  “Sub-Process Information” section Sub-processAX05_Sales & billing StepSafaia/FOCS sales : COSO elements activity PROCESS ACCOUNTS RECEIVABLE sub-activity - control objective Accurately record all authorized sales returns and allowances and only such returns and allowances risk Inaccurate input of data control activity (sample) Mail customer statements periodically and investigate and resolve disputes or inquiries, by individuals independent of the invoicing function section - financial reporting - operation - compliance section - safeguarding asset assertion risk -risk ID -risk assertion control activity -control ID -control -control method (manual/auto) -evidence/related documents - 10 -

13  “Sub-Process Information” section – “risk” risk COSO elements company expansionassertion risk IDrisk existence complete- ness rights and obligation evaluation allocation and cut-off presentation and disclosure Inaccurate input of data Rxxxxxx --- ------ --- ------ ------------ ------- --------- ----------- - -- --- -------. Y Y - 11 -

14  “Sub-Process Information” section – “control activity” control activty (sample) control activity control ID control method of controlperson in charge evidences related manuals and rule documets assertion manualautomatic Mail customer statements periodically and investigate and resolve disputes or inquiries, by individuals independent of the invoicing function Cxxxx --- ---- -- ---- --- ------- -- - ----- - ------------- --- - ------- ------- --. Y Leader of xxx Dept 1. Request Form 1)------------ 2)----- ------ 3)--------- -existence -complet- eness -rights and obligation -evaluation -allocation and cut-off -Presenta- tion and discloture - 12 -

15  “Evaluation and Remediation” section design effectiveness - date - person in charge of evaluation - results - score - results - narrative key control - yes / no (Boolean) operational effectiveness - date - person in charge of evaluation - population - number of samples - results - score - results - narrative remediation - person in charge of evaluation - summary - due date - 13 -

16  Use of “dimensionItem” ◦ Multi dimension of “Control Objective”, “Risk”, and “Control Activity”  Use of Reference Link ◦ Use of “part element”, setting Boolean value;  Control objective: F/R, O/R, C, S/A  Assertion: Ex, C, R/O, Ev, A/C, P/D  Type of Control: Manual, Automatic - 14 - assertion – E/O - yes / no (Boolean) Risk Reference Link Evaluation Control Objective 1Risk 1Control Activity 1 Control Activity 2 Risk2Control Activity 3

17  Consistent and effective risk management for Financial Reporting by balancing financial risk significance and control importance. FR to GL GL to IC - 15 -

18  Identify and understand internal control implications on significant accounts – (Where and what kind of issues, etc. ) Financial Statement ▷ ▷ ▷ Internal Control A/RLocation A: A/R Location B: A/R 15 % 75 % processdepartmentscoreissue - 16 -

19  Identify and understand accounts affected by internal control issues. Internal Control ▷ ▷ ▷ Financial Statement Location A: A/R Location B: A/R A/R 15 % 75 % processdepartmentscoreissue deficiencies - 17 -

20  Flexible definition and evaluation through taxonomy. 1.Relationship among “Control Objective”, “Risk”, and “Control Activity” using dimensional model  Evaluation of “Control Objective” and “Control Activity” relationship, skipping “Risk” element, or evaluation of “Risk” and “Control Activity” relationship, skipping “Control Objective” 2.“Risk” or “Control Activity” evaluation with respect to specific “Control Objective”  A company may want to focus on “Financial Reporting” objective, while other may want to include “Operational Effectiveness” objective. 3.Identification of compensating controls  “Control Activity” relevant to “Risk” by evaluating “Related Assertion” - 18 -

21  Dimensional definition of “Control Objective”, “Risk”, and “Control Activity”. - 19 -

22  Flexible evaluation of “Risk” and “Control Activity” focusing on “Control Objective” – Company may want to focus on “Financial Reporting” for SOX auditing purpose. - 20 - Financial Reporting - yes / no (Boolean) Control Objective Reference Link Operational Effectiveness - yes / no (Boolean) Compliance - yes / no (Boolean) Safeguarding Asset - yes / no (Boolean) Control Objective Reference Link COSO Taxonomy Company Extension “part” element

23  Compensating controls may be identified through “assertion” attributes assigned to “Risk” and “Control Activity”. ◦ In cases of effectiveness failure of key controls, compensating controls may be identified along with assertions assigned to them. Risk E/O Y C Y V/A Y R/O - P/D - assertion Control 1 - key E/O Y C Y V/A - R/O - P/D - related assertion E/O Y C Y V/A - R/O - P/D - related assertion failure Find “Compensating control” Control 2 – non-key - 21 -

24 Yuji Furusho yfurusho@jp.fujitsu.com +81-3-6424-6227 THANK YOU!

Download ppt "“Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada."

Similar presentations

INTERNAL CONTROLS.

INTERNAL CONTROLS.
December 6, 2006 Makoto Koizumi

December 6, 2006 Makoto Koizumi
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Copyright © 2015 Pearson Education, Inc. General Ledger and Reporting System Chapter 16 16-1.

Copyright © 2015 Pearson Education, Inc. General Ledger and Reporting System Chapter
Internal Controls Becoming Compliant. Design & Implementation of Internal Controls. Design: Need to show that a framework is in place to establish internal.

Internal Controls Becoming Compliant. Design & Implementation of Internal Controls. Design: Need to show that a framework is in place to establish internal.
Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September.

Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September.
Chapter 8: Accounting Information Systems and Business Processes - Part II

Chapter 8: Accounting Information Systems and Business Processes - Part II
6 THE AUDIT PROCESS. AUDITRESPONSIBILITIES AND OBJECTIVES AUDITRESPONSIBILITIES Audit Objective Primary objective of the audit is to express an opinion.

6 THE AUDIT PROCESS. AUDITRESPONSIBILITIES AND OBJECTIVES AUDITRESPONSIBILITIES Audit Objective Primary objective of the audit is to express an opinion.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
ProCognis SOX 404 & COSO Implementation Presentation

ProCognis SOX 404 & COSO Implementation Presentation
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007

CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
The Elements of Auditing. Types of Audit Evidence Real Evidence – Physical (eg. building, inventory) – Nonphysical (eg. goodwill, rights) Documentary.

The Elements of Auditing. Types of Audit Evidence Real Evidence – Physical (eg. building, inventory) – Nonphysical (eg. goodwill, rights) Documentary.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Introduction to SAP R/3.

Introduction to SAP R/3.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.

SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.

Similar presentations

Ads by Google