Presentation is loading. Please wait.

Presentation is loading. Please wait.

#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.

Published byGervais Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc."— Presentation transcript:

1 #327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.

2 2 Overview Identifying legal and regulatory risks Quantifying and weighing these risks Proactively mitigating legal and regulatory risk Communicating legal and regulatory risk to the business process owners

3 3 Identifying Legal and Regulatory Risks COSO framework –Control environment –Information and communication –Risk assessment –Monitoring Determining where the gaps are –Inherent risk –Controls in place

4 4 Internal Control – Integrated Framework Familiar Cube Three objective categories Five Components Entity and organizational units

5 5 Control Environment Integrity and ethical values Commitment to competence Board of Directors/Audit Committee Management’s philosophy and operating style Organizational Structure Assignment of authority and responsibility Human resource policies and procedures

6 6 Information and Communication Information is identified, captured, processed and reported by information systems. Relevant information includes industry, economic and regulatory information obtained from external sources, as well as internally generated information. Communication is inherent in information processing. Communication also takes place in a broader sense, dealing with expectations and responsibilities of individuals and groups. Effective communication must occur down, across and up an organization and with parties external to the organization.

7 7 Risk Assessment Entity-wide objectives –Include broad statements of what an entity desires to achieve, and are supported by related strategic plans Activity level objectives –Flow from entity-wide objectives –Are frequently stated as goals with specific targets and deadlines Risks –Consider external and internal factors that could impact achievement of the objectives Managing Change –Economic, industry and regulatory environments change and entities' activities evolve; mechanisms are needed to identify and react to changing conditions.

8 8 Monitoring Ongoing monitoring occurs in the ordinary course of operations, and includes regular management and supervisory activities, and other actions personnel take in performing their duties that assess the quality of internal control system performance. The scope and frequency of separate evaluations will depend primarily on an assessment of risks, and ongoing monitoring procedures. Internal control deficiencies should be reported upstream with certain matters reported to top management and the board.

9 9 ERM Integrated Framework Expands the original cube Four objective categories Eight Components Entity and organizational units

10 10 ERM Framework Objective Setting –Strategic High level goals Aligned with mission/vision –Operations Relates to effectiveness and efficiency –Reporting Effectiveness; relates to internal and external – Compliance Applicable laws and regulations

11 11 Compliance Objectives Relevant laws and regulations –Examples Wage and hour laws EEOC IRS/SEC Dependent on external factors –Examples: Environmental regulation Sarbanes-Oxley Act Homeland Security/Patriot Act Tend to be similar –Across entities or industries

12 12 Applicable Laws and Regulations Establish minimum standards for behavior –Entities must integrate into compliance objectives Compliance records –Significantly – positively or negatively – affect an entity’s reputation in the community and marketplace Overlap of objectives –Compliance objectives can affect other categories Strategic, operational, reporting

13 13 Achievement of Objectives Measurable targets toward which an entity moves Will have differing degrees of importance and priority Reasonable assurance objectives are achieved –May not pertain to all objectives –Compliance objectives are largely under entity’s control –Has the ability to do what’s needed to meet them

14 14 Risk Appetite Expressed as the acceptable balance between: –Growth, risk and return – OR – –Risk-adjusted shareholder value-added measures Risk appetite vs strategy –Strategy may exceed entity’s risk appetite –Strategy may not embrace sufficient risk to allow entity to achieve its vision/mission Guide resource allocation

15 15 Risk Tolerances Acceptable levels of variation relative to the achievement of objectives Measurable Performance measures –Help ensure actual results will be within the acceptable risk tolerances –Based on relative importance of related objectives

16 16 Event Identification Governmental changes –Changes in overall climate Legislation –Sarbanes-Oxley Act –Patriot Act Regulation –Certain required processes and disclosures

17 17 Proactively Mitigating Legal and Regulatory Risk Some examples –Establish a compliance office –Establish policies and procedures for appropriate legal reviews of contracts –Ensure line recognizes primary compliance responsibilities –Review privacy policies and practices –Benchmark against government requirements and best practices

18 18 Mitigating Risk vs Impeding Progress Establish guidelines –What requires review –Articulate where leverage may be applied Develop tools –Checklists –Standard language Empower business partners to perform their own control self assessment

19 19 Communicating Legal and Regulatory Risk Use layperson’s terms –Avoid “sounding” like an attorney or compliance officer Demonstrate with examples –Likelihood – have other entities been affected –Impact – what is a worst case scenario Know your audience –Sales objectives often collide with legal risk management –What does the risk mean to the executive group

20 Open Discussion and Examples

21 Questions?

22 22 For More Information: Deborah Frazer, CPA, CISA, CISSP Senior Director, Internal Audit PalmSource, Inc. deborah.frazer@Palmsource.com

23 Thank you!

Download ppt "#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc."

Similar presentations

Internal Control Integrated Framework

Internal Control Integrated Framework
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.

Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
Internal Control.

Internal Control.
8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.

8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
Audit Planning and Analytical Procedures Chapter 8.

Audit Planning and Analytical Procedures Chapter 8.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Purpose of the Standards

Purpose of the Standards
Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.

Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.

Similar presentations

Ads by Google