Presentation is loading. Please wait.

Presentation is loading. Please wait.

Elegantsolutions.ca What You Didn’t Know You Don’t Know About Compliance And What it Means to You as a Project Manager August 17, 2006 Boyd Carter, PMP.

Published byRebekah Tilley Modified over 9 years ago

Similar presentations

Presentation on theme: "Elegantsolutions.ca What You Didn’t Know You Don’t Know About Compliance And What it Means to You as a Project Manager August 17, 2006 Boyd Carter, PMP."— Presentation transcript:

1 Elegantsolutions.ca What You Didn’t Know You Don’t Know About Compliance And What it Means to You as a Project Manager August 17, 2006 Boyd Carter, PMP Elegantsolutions.ca “We have not designed the machines that are needed to build the machines that will be used to build the product that we are planning to take to market”. In other words: We don’t know what we don’t know.

2 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 2 Agenda  What you know you don’t know about compliance  What you didn’t know you don’t know about compliance  What it means to you as a project manager  Resources for the Project Manager  High-level annotated Microsoft Project Plan  Description of “must have” resource documents  Links to the best online resources  A copy of the presentation

3 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 3 What You Know You Don’t Know About Compliance Most people know they don’t know:  Details of the legislation  About Assessments and Attestations  What CFO Certification means

4 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 4 What You Know You Don’t Know About Compliance (Cont.) Details of the US Legislation  Sarbanes-Oxley Act of 2002 (Public Law 107-204---July 30, 2002, 107 th Congress of the United States of America)  Title I – Public Company Accounting Oversight Board  Section 102 – Registration with the Board (to prepare and/or issue Audit Reports)  AS2 (Auditing Standard No. 2)  Title II – Auditor Independence  Title III – Corporate Responsibility  Section 302 – Corporate Responsibility for Financial Reports  Title IV – Enhanced Financial Disclosures  Section 404 – Management Assessment of Internal Controls  Titles V – XI  V – Analysts Conflicts of Interest  VI – Commission Resources and Authority  VIII – Corporate and Criminal Fraud Accountability  IX – White-collar Crime Penalty Enhancements  X – Corporate Tax Returns  XI – Corporate Fraud and Accountability

5 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 5 What You Know You Don’t Know About Compliance (Cont.) Details of the Canadian Legislation  Bill 198 – An Act to implement budget measures and other initiatives of the Government, 3 rd Session, 37 th Legislature, Ontario, 2002 (and subsequent amendments)  Part XXVII – Amends the Ontario Securities Act  Ontario Securities Commission – A Self-funded Crown Corporation and the Regulator of Ontario’s Capital Markets: Charter of Corporate Governance ( The OSC administers the Securities Act Ontario and Commodity Futures Act, and is empowered to make legally binding rules. )  CSA – Canadian Securities Administrators is the council of Canada’s thirteen provincial and territorial securities regulatory authorities (SRAs).  NI 52-108 – Auditor Oversight  MI 52-109 – Certification of Disclosure…  MI 52-110 – Audit Committees  MI 52-111 – Reporting on Internal Control… (not implemented)  CSA Notice 52-313 – Status of MI 52-111 (Decision to not implement) and proposed amended and restated MI 52-109

6 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 6 What You Know You Don’t Know About Compliance (Cont.) About Assessments and Attestations  SEC. 302. CORPORATE RESPONSIBILITY FOR FINANCIAL REPORTS.  (a) REGULATIONS REQUIRED.—The Commission shall, by rule, require, for each company filing periodic reports under section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m, 78o(d)), that the principal executive officer or officers and the principal financial officer or officers, or persons performing similar functions, certify in each annual or quarterly report filed or submitted under either such section of such Act…  (SOX) SEC. 404. MANAGEMENT ASSESSMENT OF INTERNAL CONTROLS.  (a) RULES REQUIRED.—The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) to contain an internal control report, which shall—  (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and  (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.  (b) INTERNAL CONTROL EVALUATION AND REPORTING.—With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement. What’s different about 302 and 404?

7 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 7 What CFO Certification means This is what CEO/CFO Certification means to one corporation And similar requirements are in place for the US Exchanges Key Requirements for a Compliance Framework (SOX 404 or MI 109) What You Know You Don’t Know About Compliance Control Design Control Effectiveness

8 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 8 What You Didn’t Know You Don’t Know About Compliance Most people didn’t know they really don’t know what is required in order to assert “Internal Control Over Financial Reporting (ICFR or ICOFR)  Frameworks  How to develop a Control Design  How to evaluate Control Effectiveness  How to provide evidence to support Certifications and Attestations

9 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 9 Auditing Standard 2 (AS2) COBIT Control Objectives ITILActivities ISO 17799 Security Internal Controls - Integrated Framework (Not ERM) Version 2.0 benefits from lessons learned during the first two years. Sarbanes-Oxley Act of 2002 Bill 198 What You Didn’t Know You Don’t Know About Compliance - Frameworks

10 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 10  Conceptual Level  Framework Level  COSO (Sub-Components) Points of Focus - COBIT High- Level Control Objectives Level  COSO Bullets under Points of Focus – COBIT Detailed Control Objectives Level COBIT COSO COMPONENT COBIT DOMAIN THE CORE FRAMEWORK Pre-populated, fully annotated COSO and COBIT Control Objectives in increasing levels of detail. > The company’s detailed processes for achieving the Control Objectives > Risk of Non-compliance N-C THE EXTENDED FRAMEWORK The Compliance Teams may populate the Processes, Risks, Controls and Tests at their preferred levels of granularity. Activity-level guidance is provided with exemplar sets of controls and tests. > Company Controls  Tests and subsequent Remediation / Remediation Action Plans, if required What You Didn’t Know You Don’t Know About Compliance - Frameworks

11 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 11 Certifications typically take place after remediation is completed, but remediation could be cut off at a point in time and status certified at that point in time. (“Certification” is certification of status at a point in time, not certification of compliance.) If remediation is required, action plans are executed and the control re-tested. The current state of remediation (and future activity, if required) is documented at the time of certification. > Remediation > Remediation Action Plans Achieving Operational Effectiveness Documented at this level are the processes of the company Documented at this level are specific risks associated with the process Documented at this level are specific controls associated with the mitigation of risk > The company’s detailed processes for achieving the Control Objectives > Risk of Non-compliance N-C > Company Controls > Tests Documented at this level are specific tests associated with the control Control Design Control Effectiveness What You Didn’t Know You Don’t Know About Compliance - How to Develop a Control Design and Evaluate Control Effectiveness

12 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 12 “THE” Best Practices Frameworks  COSO – The Committee Of Sponsoring Organizations of the Treadway Committee  COBIT – Control Objectives for Information and Related Technology, Version 4 “THE” Best Practices Guidance  IT Control Objectives for Sarbanes-Oxley, Second Edition and “THE” Best Practices Project Plan  The Compliance Road Map from IT Control Objectives for Sarbanes-Oxley, Second Edition What You Didn’t Know You Don’t Know About Compliance - How to provide evidence to support Certifications and Attestations

13 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 13 What it Means to You as a Project Manager - How to provide evidence to support Certifications and Attestations Road Map Items 1 & 2

14 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 14 What it Means to You as a Project Manager - How to provide evidence to support Certifications and Attestations Road Map Items 3 & 4

15 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 15 What it Means to You as a Project Manager - How to provide evidence to support Certifications and Attestations Road Map Items 5 & 6

16 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 16 Resources for the Project Manager  High-level annotated Microsoft Project Plan – On your CD  Description and links to “must have” resource documents (Remember, links are active only when the presentation is in “slide show mode”)  AICPA (for COSO) http://www.aicpa.org/index.htm http://www.aicpa.org/index.htm  ISACA (for COBIT) http://www.isaca.org/ http://www.isaca.org/  ITIL (IT Infrastructure Library) http://www.itil.co.uk/ http://www.itil.co.uk/  ISO (International Organization for Standardization) http://www.iso.org/iso/en/prods- services/popstds/informationsecurity.html http://www.iso.org/iso/en/prods- services/popstds/informationsecurity.html  SEC on SOX http://www.sec.gov/spotlight/sarbanes-oxley.htm http://www.sec.gov/spotlight/sarbanes-oxley.htm  PCAOB Latest News http://www.pcaob.org/News_and_Events/Updates/index.aspx http://www.pcaob.org/News_and_Events/Updates/index.aspx  OSC List of Regulations http://www.osc.gov.on.ca/Regulation/Rulemaking/Current/rrn_part5_index.jsphttp://www.osc.gov.on.ca/Regulation/Rulemaking/Current/rrn_part5_index.jsp  The Canadian Securities Administrators http://www.csa-acvm.ca/home.htmlhttp://www.csa-acvm.ca/home.html  Deloitte on CSA Notice 52-313 (on dropping 52-111): http://www.deloitte.com/dtt/article/0,1002,sid%253D3557%2526cid%253D115078,00.html http://www.deloitte.com/dtt/article/0,1002,sid%253D3557%2526cid%253D115078,00.html  PWC’s CFOdirect Network http://www.cfodirect.pwc.com/CFODirectWeb/Controller.jpf?NavCode=MSRA-6NR6EKhttp://www.cfodirect.pwc.com/CFODirectWeb/Controller.jpf?NavCode=MSRA-6NR6EK  And, of course, elegantsolutions.ca http://www.elegantsolutions.ca/ http://www.elegantsolutions.ca/  More Useful Documentation – On your CD  A copy of the presentation – On your CD

17 Elegantsolutions.ca Copyright © 2006 elegantsolutions.ca www.elegantsolutions.ca (Permission is granted to use unchanged. elegantsolutions.ca) 17 Resources for the Project Manager Final thoughts for those attending today – buy these products for educational and project management purposes  COSO Small Public Companies Download  COSO Internal Controls – Integrated Frameworks download  COBIT4 Download and subscribe to COBIT Online  It Control Objectives for Sarbanes-Oxley, Version 2 (when it is released)  Mapping Documents from ISACA – some require registering and/or membership (Example – COBIT4 to PMBOC) To my knowledge, all documents provided on the CD are in the Public Domain (unless otherwise noted.).

Download ppt "Elegantsolutions.ca What You Didn’t Know You Don’t Know About Compliance And What it Means to You as a Project Manager August 17, 2006 Boyd Carter, PMP."

Similar presentations

Garrett L. Stauffer, CPA Partner PricewaterhouseCoopers LLP.

Garrett L. Stauffer, CPA Partner PricewaterhouseCoopers LLP.
OMB Regulatory Requirements. 2 1. Regulatory Requirements 2. Written Policies & Procedures 3. Documen- tation of Expenses 4. Managing Cash 5. Efficient.

OMB Regulatory Requirements Regulatory Requirements 2. Written Policies & Procedures 3. Documen- tation of Expenses 4. Managing Cash 5. Efficient.
OMB Circular A-123, Appendix A

OMB Circular A-123, Appendix A
1 National Police Board 16 September 2009 Elisabeth Styf President ECIIA Chief Audit Executive for the Swedish Police Service 21 police authorities, the.

1 National Police Board 16 September 2009 Elisabeth Styf President ECIIA Chief Audit Executive for the Swedish Police Service 21 police authorities, the.
Building on Our Core Values Building on Our Core Values © 2003 by the AICPA The Sarbanes-Oxley Act.

Building on Our Core Values Building on Our Core Values © 2003 by the AICPA The Sarbanes-Oxley Act.
Human Capital Investment Programme 2007-2013 Disability Activation Project (DACT) WELCOME Support Workshop Thursday 7 th February 2013 1.

Human Capital Investment Programme Disability Activation Project (DACT) WELCOME Support Workshop Thursday 7 th February
Launching into Learning.

Launching into Learning.
II. MARKET REGULATION. A. Government Regulation 1.Securities and Exchange Commission (SEC) – oversees the national securities industry, enforcing laws.

II. MARKET REGULATION. A. Government Regulation 1.Securities and Exchange Commission (SEC) – oversees the national securities industry, enforcing laws.
Additional Assurance Services: Other Information

Additional Assurance Services: Other Information
XBRL and the CSA Andrew Lowe Accountant, Corporate Finance Ontario Securities Commission November 5, 2009.

XBRL and the CSA Andrew Lowe Accountant, Corporate Finance Ontario Securities Commission November 5, 2009.
COMPENSATION EXCESS LEADS TO CORPORATE REFORM

COMPENSATION EXCESS LEADS TO CORPORATE REFORM
© 2004 Dechert LLP FORM N-CSR, CERTIFICATIONS AND DISCLOSURE CONTROLS AND PROCEDURES James F. DesMarais, Esq. MFS Investment Management Brian S. Vargo,

© 2004 Dechert LLP FORM N-CSR, CERTIFICATIONS AND DISCLOSURE CONTROLS AND PROCEDURES James F. DesMarais, Esq. MFS Investment Management Brian S. Vargo,
IT Controls Part I: Sarbanes-Oxley & IT Governance

IT Controls Part I: Sarbanes-Oxley & IT Governance
© 2007 PROSKAUER ROSE LLP® SARBANES-OXLEY ACT OF 2002 Presented by: Julie M. Allen 212.969.3155.

© 2007 PROSKAUER ROSE LLP® SARBANES-OXLEY ACT OF 2002 Presented by: Julie M. Allen
By Prince Gupta (CA Final Student). WHAT IS LISTING AGREEMENT? AGREEMENT BETWEEN STOCK EXCHANGE AND THE COMPANY DESIROUS OF GETTING THEIR SECURITIES LISTED.

By Prince Gupta (CA Final Student). WHAT IS LISTING AGREEMENT? AGREEMENT BETWEEN STOCK EXCHANGE AND THE COMPANY DESIROUS OF GETTING THEIR SECURITIES LISTED.
Sarbanes-Oxley Act of 2002 UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.

Sarbanes-Oxley Act of 2002 UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
1 4 th session: Corporate Governance – Sarbanes Oxley Performance Evaluation IMSc in Business Administration October-November 2009.

1 4 th session: Corporate Governance – Sarbanes Oxley Performance Evaluation IMSc in Business Administration October-November 2009.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The CPA Profession Chapter 2.

Similar presentations

Ads by Google