Sameer Pradhan 1 SOX Compliance

Sameer Pradhan 2 Internal Audit CARO RequirementCARO Requirement As per Sarbanes Oxley Act, 2002As per Sarbanes Oxley Act, 2002 Clause 49 of Listing AgreementClause 49 of Listing Agreement SAS 70 ReportSAS 70 Report

Sameer Pradhan 3 Internal Audit CARO RequirementCARO Requirement Requirement of CARO – Auditor’s comment on internal audit Clause 49 of Listing AgreementClause 49 of Listing Agreement - A pplicable to listed companies in Indian Stock Exchange. SAS 70 ReportSAS 70 Report - Use of Service Organizations like payroll - Hewitt, MF accounting – Syntel Outsourcing, etc

Sameer Pradhan 4 Internal Audit Sarbanes Oxley Act, 2002 Applies to all companies listed in SECApplies to all companies listed in SEC US based company and its subsidiaries, foreign companies like Patni, TATA Motors ADR listed in NYSC.US based company and its subsidiaries, foreign companies like Patni, TATA Motors ADR listed in NYSC. Sec 404 – Internal control on Financial ReportingSec 404 – Internal control on Financial Reporting Certification by CEO/CFO on quarterly basis.Certification by CEO/CFO on quarterly basis.

Sameer Pradhan 5 Internal Audit Sarbanes Oxley Act, 2002 Senator Paul Sarbanes Mike Oxley

Sameer Pradhan 6 End in Mind… a statement acknowledging your responsibility for establishing and maintaining adequate “internal control over financial reporting“ a statement acknowledging your responsibility for establishing and maintaining adequate “internal control over financial reporting“ a statement identifying the internal control framework you used to conduct your evaluation of the effectiveness of internal control over financial reporting a statement identifying the internal control framework you used to conduct your evaluation of the effectiveness of internal control over financial reporting an assessment of the effectiveness of your company's internal control over financial reporting as of the end of your most recent fiscal year. an assessment of the effectiveness of your company's internal control over financial reporting as of the end of your most recent fiscal year. Assertion: a statement as to whether or not your company's internal control over financial reporting is effective Assertion: a statement as to whether or not your company's internal control over financial reporting is effective disclosure of any “material weaknesses“ in your company's internal control over financial reporting. disclosure of any “material weaknesses“ in your company's internal control over financial reporting. If there are any disclosed material weaknesses, then you are not permitted to conclude that your internal control over financial reporting is effective If there are any disclosed material weaknesses, then you are not permitted to conclude that your internal control over financial reporting is effective a statement that your independent auditors have issued a report on your assessment of internal control over financial reporting a statement that your independent auditors have issued a report on your assessment of internal control over financial reporting

Sameer Pradhan 7 How to be there.., Financial Controls must be suitably designed using established criteria (COSO) · Control objectives and related financial controls are appropriately documented · Documentation is auditable · Key financial controls are identified (Assertions) · Management perform the own tests of: the design of controls over financial reporting the design of controls over financial reporting the effectiveness based on key financial controls the effectiveness based on key financial controls · Deficiencies are documented, disclosed and addressed.

Sameer Pradhan 8 Applying the COSO Framework Control Environment  Sets tone of organization- influencing control consciousness of its people.  Factors include integrity, ethical values, competence, authority, responsibility.  Foundation for all other components of control. Risk Assessment  Risk assessment is the identification and analysis of relevant risks to achieving the entity ’ s objectives – forming the basis for determining control activities. Monitoring  Assessment of a control system ’ s performance over time.  Combination of ongoing and separate evaluation.  Management and supervisory activities.  Internal audit activities. Control Activities  Policies/procedures that ensure management directives are carried out.  Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties. Information & Communication  Pertinent information identified, captured and communicated in a timely manner.  Access to internal and externally generated information.  Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action.

Sameer Pradhan 9 Controls Preventative and Detective Controls Preventative and Detective Controls Manual and Automated Controls Manual and Automated Controls Business Performance Review / Monitoring Controls Business Performance Review / Monitoring Controls General Computer Controls (IT Level Controls) General Computer Controls (IT Level Controls) Application Controls (Transaction Level Controls in Computer System) Application Controls (Transaction Level Controls in Computer System)

Sameer Pradhan 10 Control objectives for Transaction Processing Completeness of records (C) - controls over completeness are designed to ensure that: Completeness of records (C) - controls over completeness are designed to ensure that: All transactions are recorded once and only once. All transactions are recorded once and only once. All transactions are recorded in the correct period and in the correct legal entity. All transactions are recorded in the correct period and in the correct legal entity. Accuracy of records (A) - controls over accuracy are designed to ensure that: Accuracy of records (A) - controls over accuracy are designed to ensure that: All transactions are accurately recorded in the general ledger, including correct classification to ensure compliance with disclosure requirements. All transactions are accurately recorded in the general ledger, including correct classification to ensure compliance with disclosure requirements. Assets and liabilities are recorded at an appropriate value. Assets and liabilities are recorded at an appropriate value. Changes to standing data are accurately input. Changes to standing data are accurately input. Validity of records (V) - controls over validity are designed to ensure that: Validity of records (V) - controls over validity are designed to ensure that: Transactions are authorized. Transactions are authorized. Transactions are genuine and they relate to Company. Transactions are genuine and they relate to Company. Changes to standing data are authorized. Changes to standing data are authorized. Restricted access to assets and records (R) - controls to restricted access are designed to ensure that: Restricted access to assets and records (R) - controls to restricted access are designed to ensure that: There is appropriate segregation of duties with respect to key controls. There is appropriate segregation of duties with respect to key controls. Physical assets (e.g. gold bullion) are appropriately safeguarded. Physical assets (e.g. gold bullion) are appropriately safeguarded.

Sameer Pradhan 11 Financial Reporting - Assertions Existence or Occurrence Existence or Occurrence Assets or liability exist at a given date (FG) Assets or liability exist at a given date (FG) Transaction occurred during a given period (Sales) Transaction occurred during a given period (Sales) Completeness Completeness All financial transactions are included for reporting (Purchases) All financial transactions are included for reporting (Purchases) Valuation or Allocation Valuation or Allocation All amounts represented at appropriate amount (Accounts receivable) All amounts represented at appropriate amount (Accounts receivable) Rights and Obligations Rights and Obligations Assets and Liabilities represents rights and obligations (Lease capitalized) Assets and Liabilities represents rights and obligations (Lease capitalized) Presentation & Disclosure Presentation & Disclosure Properly classified and disclosed (Long term liabilities) Properly classified and disclosed (Long term liabilities)

Sameer Pradhan 12 Documentation standards Management must document the design of controls related to all relevant assertions for all significant financial statement accounts Management must document the design of controls related to all relevant assertions for all significant financial statement accounts Documentation must encompass the entire process of: Documentation must encompass the entire process of: initiating initiating authorising authorising recording recording processing processing reporting individual transactions reporting individual transactions The required documentation might take various forms: flowcharts, policy manuals, accounting manuals, narrative memoranda, decision tables, procedural write-ups or completed questionnaires The required documentation might take various forms: flowcharts, policy manuals, accounting manuals, narrative memoranda, decision tables, procedural write-ups or completed questionnaires Flowcharts, supplemented by narrative descriptions, are frequently the most effective form of control documentation Flowcharts, supplemented by narrative descriptions, are frequently the most effective form of control documentation

Sameer Pradhan 13 Confirms that the documentation prepared by the company reflects its actual processes Confirms that the documentation prepared by the company reflects its actual processes Confirm that controls described in the documentation are actually those applied “in the field” Confirm that controls described in the documentation are actually those applied “in the field” Confirm that, at least, all key controls have been documented appropriately (completeness of the process documented) Confirm that, at least, all key controls have been documented appropriately (completeness of the process documented) Objectives of a walkthrough Walkthroughs should confirm that the documentation is appropriate to develop the testing plan

Sameer Pradhan 14 Gaps in Controls Processes not adequately documented (scope and quality) Processes not adequately documented (scope and quality) Controls not implemented Controls not implemented Controls poorly designed Controls poorly designed Controls not working effectively Controls not working effectively Control-related roles not assigned Control-related roles not assigned Non-existence of policies Non-existence of policies Gaps identified during documentation process – Will be shared on confirmation during walk-through process Gaps identified during documentation process – Will be shared on confirmation during walk-through process

Sameer Pradhan 15 Process identified for documentation Purchase of Materials and Accounts Payable Purchase of Materials and Accounts Payable Production Accounting Production Accounting Stock Accounting Stock Accounting Sales Accounting and Accounts Receivables Sales Accounting and Accounts Receivables Treasury and Banking Transactions Treasury and Banking Transactions General Accounting General Accounting Fixed Assets Fixed Assets ScopeScope

Sameer Pradhan 16 Master maintenance – BOM & Suppliers Master maintenance – BOM & Suppliers Issue of purchase orders Receivables Issue of purchase orders Receivables GAR and Inventory Verification GAR and Inventory Verification Raising debit notes on creditors Raising debit notes on creditors Accounting for creditors Accounting for creditors Payment processing Payment processing Purchase of Materials and Accounts Payable

Sameer Pradhan 17 Material Issues Material Issues Production accounting – back flashing Production accounting – back flashing Costing and standard updation Costing and standard updation Production Accounting

Sameer Pradhan 18 Physical Verification Physical Verification Stock valuation Stock valuation 3P Management 3P Management Stock Accounting

Sameer Pradhan 19 Master maintenance Master maintenance Receiving and accepting sales orders Receiving and accepting sales orders Dispatching Dispatching Accounting sales and debtors Accounting sales and debtors Provision for debtors Provision for debtors Sales Accounting to Receivables

Sameer Pradhan 20 Payment and receipt of money Payment and receipt of money Schedule of authority Schedule of authority Banking of receipts Banking of receipts Accounting for FOREX conversion and forward covers Accounting for FOREX conversion and forward covers Export Packing credit management Export Packing credit management Bank Recos. Bank Recos. Treasury and banking transactions

Sameer Pradhan 21 Inter Unit Transfer Inter Unit Transfer Cut offs and period end/ consolidation Cut offs and period end/ consolidation Journal entries Journal entries Restructuring provisions Restructuring provisions General Accounting

Sameer Pradhan 22 Capital Proposal approval and capital advances accounting Capital Proposal approval and capital advances accounting Receiving and accounting for capital WIP Receiving and accounting for capital WIP Additions to Fixed Assets and deletion from Fixed Assets Additions to Fixed Assets and deletion from Fixed Assets Depreciation Accounting Depreciation Accounting Impairment provisions Impairment provisions Physical verification Physical verification Fixed Assets

Sameer Pradhan 23 THANK YOU