Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Slides:



Advertisements
Similar presentations
Sarbanes-Oxley Act of 2002 UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
Advertisements

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Control and Accounting Information Systems
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
COBIT - II.
The Islamic University of Gaza
1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Under the Microscope Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke Internal Control.
Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.
Adam Bearhalter Kristy Kelly Julie Bland Alex Tiset.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
SOX Compliance Don’t fight what can help you. Skye L. Rogers  9 Years experience working in Systems & Operations in various roles.  4 years focusing.
Information Systems Controls for System Reliability -Information Security-
INTERNAL CONTROL OVER FINANCIAL REPORTING
Control environment and control activities. Day II Session III and IV.
Chapter 4 Internal Controls McGraw-Hill/Irwin
Information Technology Audit
Internal Auditing and Outsourcing
Internal Control and Control Self-Assessment
Information Security Framework & Standards
IT Control Objectives for Sarbanes-Oxley
Auditing Internal Control over Financial Reporting
Chapter 9: Introduction to Internal Control Systems
Chapter 3 Internal Controls.
Introduction to Internal Control Systems
This Lecture Covers Review of Internal Control Definitions.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Chapter Three IT Risks and Controls.
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
Chapter 5 Internal Control over Financial Reporting
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
Internal Control in a Financial Statement Audit
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
1 Information Technology (IT) Auditing & Control Instructor: Dr. Princely Ifinedo Cape Breton University (CBU)
TWO FIELDS…ONE JOB: THE RELATIONSHIP BETWEEN ACCOUNTING AND IT By: Jodi L. Benson July 2005.
Sarbanes-Oxley (SOX) John H. Messing, Esq. Law-on-Line,Inc. Providing 3 E’s -- E-Security, Encryption, E-Signatures 3900 E. Broadway Blvd., Suite 201 Tucson,
Chapter 9: Introduction to Internal Control Systems
S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
IS4680 Security Auditing for Compliance
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

Vijay V Vijayakumar

 SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee of Sponsoring Organizations of Treadway Commission  COBIT - Control Objectives for Information and related Technology  Comparison of COSO and COBIT  Issues

 Need ◦ Wide Spread Malpractices in financial accounting of Public Corporations e.g. Enron ◦ Cost investors billions of dollars ◦ Sarbanes-Oxley Act(SOX) was passed in 2002 to prevent such occurrences ◦ All public corporations have to comply with SOX  Intent ◦ To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes. ◦ Create new standards for corporate accountability as well as new penalties for acts of wrongdoing.  Impact: More focus on IT Governance(Internal Controls), transparency in business practices, more responsibility and accountability on Top Management.

6 Areas of Importance  Auditor Oversight  Auditor Independence  Corporate Responsibility  Financial Disclosures  Analyst conflicts of interest  civil and criminal penalties for fraud and document destruction

 Auditor Oversight ◦ common source of error. ◦ No getting away from errors whether done intentional or unintentional by the auditor  Auditor Independence ◦ More independence to auditors  Corporate responsibility –  requires CEOs and CFOs to certify that reports have been reviewed and to the best of their knowledge.  CEO’s must evaluate internal controls before every reporting

 Financial Disclosures: All disclosures should be attested by top management. All events that might have impact on financial conditions must be reported as soon as 48 hrs  Analyst conflicts of interest : Manipulation is under scrutiny of top management thereby reducing analyst conflicts of interest.  Civil and criminal penalties : fine of up to $1,000,000, or imprisonment for not more than 10 years, or both IT Governance can be helpful in placing internal controls and thereby comply with SOX Act

 IT Management: ◦ Narrow focus ◦ ensures supply of IT services for normal operation.  IT Governance: ◦ includes IT Management ◦ to plan how the organization could meet its goals through optimal use of IT resources.

 What are Internal Controls?  policies, procedures, practices, and organizational structures put in place to reduce risks  Are put in place all through the organization to reduce risks involved in various stages of operation  Objectives:  economy and efficiency of operations  reliability of financial and management reports  compliance with laws and regulations

 Unified approach for evaluation of Internal Control System  Focuses on processes and people  Has 5 control components that assures sound business practices: ◦ Control Environment: management defines and communicates policies and procedures to employees ◦ Risk Management: Should be able to identify and analyze risks involved in business. ◦ Control Activities: Processes like approval, authorization, verification. Covers entire organization.

◦ Information and Communication: Information should be able to make its way to the appropriate person in a timely way through proper communication channels. ◦ Monitoring: Controls checked for proper functioning periodically. Remedies made known to auditors and action taken.  Latest Version includes Objective setting, event identification and risk response

 Framework consistent with COSO.  Rich, robust and most widely used  4 domains, 34 control objectives  Latest version is 4.1  Aligns IT with business objectives, quality standards, monetary controls and security needs

 Planning and Organization : Assess how IT will be able to meet business needs  Acquisition and Implementation : IT solutions have to be developed or acquired to meet objectives  Delivery and Support : Continuous delivery and support of systems  Monitoring: monitors all IT process for quality and compliance with control requirement

 COSO is useful for management while COBIT is useful for IT management, users, and auditors.  COSO is focused on effectiveness, efficiency of operations, reliable financial reporting, and compliance with laws and regulations  COBIT is used to support business requirements and the associated IT resources and processes  COSO is the model of choice for The Security and Exchange Commission

 Cost of Compliance: Average industry spending per year – $6 billion. Not suitable for small corporations.  Continuous checking of Internal Controls  Maintaining Data Integrity  Security  Communication and Integrity

 ructure ructure 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.