Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Published bySabina Harris Modified over 8 years ago

Similar presentations

Presentation on theme: "Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee."— Presentation transcript:

1 Vijay V Vijayakumar

2  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee of Sponsoring Organizations of Treadway Commission  COBIT - Control Objectives for Information and related Technology  Comparison of COSO and COBIT  Issues

3  Need ◦ Wide Spread Malpractices in financial accounting of Public Corporations e.g. Enron ◦ Cost investors billions of dollars ◦ Sarbanes-Oxley Act(SOX) was passed in 2002 to prevent such occurrences ◦ All public corporations have to comply with SOX  Intent ◦ To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes. ◦ Create new standards for corporate accountability as well as new penalties for acts of wrongdoing.  Impact: More focus on IT Governance(Internal Controls), transparency in business practices, more responsibility and accountability on Top Management.

4 6 Areas of Importance  Auditor Oversight  Auditor Independence  Corporate Responsibility  Financial Disclosures  Analyst conflicts of interest  civil and criminal penalties for fraud and document destruction

5  Auditor Oversight ◦ common source of error. ◦ No getting away from errors whether done intentional or unintentional by the auditor  Auditor Independence ◦ More independence to auditors  Corporate responsibility –  requires CEOs and CFOs to certify that reports have been reviewed and to the best of their knowledge.  CEO’s must evaluate internal controls before every reporting

6  Financial Disclosures: All disclosures should be attested by top management. All events that might have impact on financial conditions must be reported as soon as 48 hrs  Analyst conflicts of interest : Manipulation is under scrutiny of top management thereby reducing analyst conflicts of interest.  Civil and criminal penalties : fine of up to $1,000,000, or imprisonment for not more than 10 years, or both IT Governance can be helpful in placing internal controls and thereby comply with SOX Act

7  IT Management: ◦ Narrow focus ◦ ensures supply of IT services for normal operation.  IT Governance: ◦ includes IT Management ◦ to plan how the organization could meet its goals through optimal use of IT resources.

8  What are Internal Controls?  policies, procedures, practices, and organizational structures put in place to reduce risks  Are put in place all through the organization to reduce risks involved in various stages of operation  Objectives:  economy and efficiency of operations  reliability of financial and management reports  compliance with laws and regulations

9  Unified approach for evaluation of Internal Control System  Focuses on processes and people  Has 5 control components that assures sound business practices: ◦ Control Environment: management defines and communicates policies and procedures to employees ◦ Risk Management: Should be able to identify and analyze risks involved in business. ◦ Control Activities: Processes like approval, authorization, verification. Covers entire organization.

10 ◦ Information and Communication: Information should be able to make its way to the appropriate person in a timely way through proper communication channels. ◦ Monitoring: Controls checked for proper functioning periodically. Remedies made known to auditors and action taken.  Latest Version includes Objective setting, event identification and risk response

11  Framework consistent with COSO.  Rich, robust and most widely used  4 domains, 34 control objectives  Latest version is 4.1  Aligns IT with business objectives, quality standards, monetary controls and security needs

12  Planning and Organization : Assess how IT will be able to meet business needs  Acquisition and Implementation : IT solutions have to be developed or acquired to meet objectives  Delivery and Support : Continuous delivery and support of systems  Monitoring: monitors all IT process for quality and compliance with control requirement

13  COSO is useful for management while COBIT is useful for IT management, users, and auditors.  COSO is focused on effectiveness, efficiency of operations, reliable financial reporting, and compliance with laws and regulations  COBIT is used to support business requirements and the associated IT resources and processes  COSO is the model of choice for The Security and Exchange Commission

14  Cost of Compliance: Average industry spending per year – $6 billion. Not suitable for small corporations.  Continuous checking of Internal Controls  Maintaining Data Integrity  Security  Communication and Integrity

15  http://en.wikipedia.org/wiki/COBIT#COBIT_st ructure http://en.wikipedia.org/wiki/COBIT#COBIT_st ructure  http://www.sox-online.com

Download ppt "Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee."

Similar presentations

Sarbanes-Oxley Act of 2002 UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.

Sarbanes-Oxley Act of 2002 UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, 2002. Established.

Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
COBIT - II.

COBIT - II.
The Islamic University of Gaza

The Islamic University of Gaza
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Under the Microscope Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke Internal Control.

Under the Microscope Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke Internal Control.
Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.

Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.
Adam Bearhalter Kristy Kelly Julie Bland Alex Tiset.

Adam Bearhalter Kristy Kelly Julie Bland Alex Tiset.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Similar presentations

Ads by Google