Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sarbanes-Oxley Act of 2002 Presentation to

Published byEarl Long Modified over 5 years ago

Similar presentations

Presentation on theme: "Sarbanes-Oxley Act of 2002 Presentation to"— Presentation transcript:

1 Sarbanes-Oxley Act of 2002 Presentation to
the Hampton Roads Chapter of APICS February 21, 2006 Susan West Manager, Accounting Newport News Sector Northrop Grumman Corporation 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

2 Agenda Background Requirements of the Sarbanes-Oxley Act
Compliance Methodology Industry Reaction Where do we go from here? Questions? 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

3 Background – Why was the Act passed?
Financial scandals at Enron, WorldCom, and others Desire to restore investor confidence and increase the transparency of the financial statements of publicly traded companies Desire to protect investors by improving the accuracy and reliability of corporate disclosures 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

4 Sarbanes-Oxley Act of 2002 Section 302 requires certifications of each quarterly and annual report by the CEO and CFO Section 404 requires an annual internal control report by management stating the responsibility of management for establishing and maintaining adequate internal control for financial reporting, and providing an assessment of the effectiveness of the internal control structure and procedures for financial reporting The external auditor is required to attest to and report on management's assessment pursuant to standards developed by the Public Company Accounting Oversight Board (PCAOB) 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

5 Compliance Methodology – What is an Internal Control?
The COSO (Committee of Sponsoring Organizations of the Treadway Commission) report, Internal Controls – Integrated Framework, defines internal control as a process, Effected by the entity’s board of directors, management, and other personnel. Designed to provide reasonable assurance regarding the achievement of objectives in the following three categories: Effectiveness and efficiency of operations, Reliability of financial reporting, and Compliance with laws and regulations. 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

6 Compliance Methodology – The SOX Project Management Office
The Enterprise PMO established at Corporate to oversee the company’s efforts to ensure compliance with Section 404 Sector PMOs were established to ensure focused effort and cooperation Both the Enterprise PMO and the Sector PMO have responsibility for executing the Section 404 project and must ensure the availability of appropriate resources, monitor and report progress to senior management, coordinate resolution of issues, and coordinate with external auditors 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

7 Compliance Methodology – The SOX Project Management Office
CEO Ron Sugar CFO Wes Bush Project Owners Corporate Policy Council Project Sponsors Corporate Policy Council Sector CFOs Corporate Treasurer Corporate Secretary Corporate VP Tax Corporate HR Representative SO 404 Steering Committee Chair Kenneth Heintz Project Management Office (PMO) Lead - Michael Hardesty Project Team Sector Project Teams Corporate & Sector PMOS Corporate Office Electronic Systems Integrated Systems Information Technology Mission Systems Newport News Ship Systems Space Technology PMO PMO PMO PMO PMO PMO PMO PMO 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

8 Compliance Methodology – Significant Accounts
Significant account selection based upon Quantitative criteria the amount of the account balance at year end Qualitative criteria Potential for material errors Size and composition Susceptibility to manipulation or loss High transaction volume Transaction complexity Subjectivity in determining balance Nature of the account 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

9 Compliance Methodology – Significant Processes
Need to identify and understand the transaction flows and business processes which generate the significant account balances – these are the significant processes Routine, non-routine, and estimation processes and transactions IT processes Financial statement close process Financial statement presentation and disclosure 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

10 Compliance Methodology – Risks and Controls
Risks - What Can Go Wrong? Ask where in the processing of transactions can errors occur that would be material? Identify the Mitigating Controls Controls that provide reasonable assurance that errors of significance do not arise and remain undetected Effective Controls provide reasonable assurance that stated objectives are met or that process risks are reduced to an acceptable level 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

11 Compliance Methodology – Completing SOX Documentation
Appropriate SOX documentation is in the form of a narrative and is supported by policies, procedures, and flowcharts Narratives are completed for each significant business process or sub process Narratives must contain detailed descriptions of the business process including transaction flows and control activities 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

12 Compliance Methodology – Changes in Business Processes
When systems or business processes change prior to year end, those changes must be incorporated in documentation and any new controls need to be assessed Identify and document changes to internal control over financial reporting Test the new controls for effectiveness Timing of process changes must allow for development of required sample size 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

13 Compliance Methodology – Testing
(Evaluating and Monitoring the Effectiveness of Controls) Management must test the controls in order to evaluate and draw a conclusion as to their effectiveness Internal Audit conducts SOX testing on behalf of management SOX testing must be structured such that the auditor can determine whether the controls operated as management asserts and resulted in the timely correction of any errors At the conclusion of testing, the auditor must identify and communicate any issues or exceptions 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

14 Compliance Methodology – Electronic Data Compilation & Storage
Use of Risk Navigator software to document assessment activities: Store documentation supporting compliance Capture electronic certifications 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

15 SOX Compliance – Cradle to Grave
Significant Account A C O U N T S R E I V B L Significant Processes Process Owners Billings Prepare Process Narratives Next Slide One account can be affected by many processes Billings is only one of the significant processes that impact the Accounts Receivable account Treasury’s Accounts Receivable and Cash Receipts & Disbursements processes would also be documented and tested Focus on key controls Identify manual vs. automated controls Identify frequency of controls 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

16 SOX Compliance – Cradle to Grave, continued
Sector PMO / Internal Audit / Process Owner Process Owners Sector PMO / Internal Audit Develop process test plan to include sample sizes for each test to be conducted and formal audit program Loads Process Narrative, Risks, and Controls to Risk Navigator Hold entrance conference with Process Owner From Previous Slide Focus on key controls Maximize testing of automated controls Assistant Controller Manager of Billings Internal Audit Internal Audit Document test results in work papers Execute test plan for Process Next Slide Flash Reports are issued for findings Typically the duration of the testing phase is 4 to 5 weeks 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

17 SOX Compliance – Cradle to Grave, continued
Sector PMO / Internal Audit / Process Owner Process Owner Hold Exit Conference and discuss findings Identifies Corrective Action Plan to mitigate findings From Previous Slide Evaluate finding for classification as a material weakness, significant deficiency or deficiency Clearly state whether controls are operating effectively The Process Owner’s Action Plan is a written formal commitment with firm dates Internal Audit Process Owner Re-tests to validate Corrective Action Plan Implements Corrective Action Plan If previous findings are found to have not been mitigated, they may now be classified as a significant deficiency Adhering to the Action Plan previously submitted to the PMO and Internal Audit 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

18 Industry Reaction Public Accounting Public Companies
Lots of new business Now regulated Public Companies Costly to comply Distraction from running the business Not enough focus on fraud risk 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

19 Industry Reaction Benefits to Public Companies ~
Segregation of Duties strengthened System access more tightly controlled Increased focus on account reconciliations Heightened awareness of internal controls More formalized controls over non-routine transactions and the Financial Reporting Process Less reliance on external auditors for technical matters Opportunity to evaluate best practices 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

20 Let’s focus on … Fraud Risk
Where do we go from here? Let’s focus on … Fraud Risk 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

21 Public Service Announcement from Your Company’s SOX personnel …
Compliance with the Sarbanes-Oxley Act makes good business sense, minimizes organizational risks, and is required by law. 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

22 for effective internal control.
Another Public Service Announcement from Your Company’s SOX personnel … EVERYONE in the organization is responsible for effective internal control. 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

23 Sarbanes-Oxley Act of 2002 Presentation to
the Hampton Roads Chapter of APICS February 21, 2006 Susan West Manager, Accounting Newport News Sector Northrop Grumman Corporation 4/26/ :39 PM HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

Download ppt "Sarbanes-Oxley Act of 2002 Presentation to"

Similar presentations

Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Nature of an Integrated Audit

Nature of an Integrated Audit
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Chicagoland IASA Spring Conference

Chicagoland IASA Spring Conference
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING

Similar presentations

Ads by Google