Presentation on theme: "Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC."— Presentation transcript:
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC
Sample General Education Session 2Parkfield Group COSO Control Framework The SEC requires companies to use a control framework to evaluate their internal controls over financial reporting. The most popular framework is COSO (Committee of Sponsoring Organizations) of the Treadway Commission. COSO Framework requires both an entity level and process level focus on internal controls over financial reporting.
Sample General Education Session 3Parkfield Group Internal Control Definition Internal Control is defined as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations
Sample General Education Session 4Parkfield Group COSO Control Framework
Sample General Education Session 5Parkfield Group Control Environment Provides the discipline and structure for the overall system of internal control Established and maintained by management (foster control conscientiousness) Includes overall control culture – the attitudes and habits of senior management Internal Control Environment factors include: Organizational Structure Assignment of authority and responsibility Commitment to competence Integrity and ethical values Board of Directors and Audit Committee Management philosophy and operating style
Sample General Education Session 6Parkfield Group Risk Assessment Establish Objectives at both the entity and process level Identify and analyze risks associated with objectives Recognize that Risk Assessment is a critical element in designing internal controls over financial reporting A Risk Assessment includes: Determining the severity of a risk Assessing likelihood of risk frequency Determining how the risk should be managed
Sample General Education Session 7Parkfield Group Risk Assessment (Continued) COSO provides the following assertions that underlie an entity’s financial statements: Existence Occurrence Completeness Rights and Obligations Valuation or Allocation Presentation and Disclosure The Foreign Corrupt Practices Act provides these assertions: Authorization Completeness and Accuracy Proper Classification Evaluation of Balances Access to Assets
Sample General Education Session 8Parkfield Group Control Activities Policies and procedures that ensure management directives are carried out Ensures that necessary actions are taken to address risks Occurs throughout the organization at all levels and functions Control activities include: Authorizations Segregation of Duties Recording Safekeeping Reconciliations
Sample General Education Session 9Parkfield Group Control Activities (Continued) Adequate Controls exist when management has designed them in a manner that achieves reasonable assurance that risks have been managed effectively Reasonable Assurance implies that material errors and irregularities will be prevented or detected and corrected within a timely period by employees during the normal course of performing their duties.
Sample General Education Session 10Parkfield Group Types of Controls Preventive Detective Primary Secondary Pervasive Manual Automated IT General Controls Pervasive, Preventive, Detective IT Application Controls Pervasive, Preventive, Detective
Sample General Education Session 11Parkfield Group Internal Control Assessment Assessment of internal controls is required at design and operating levels A Design deficiency exists when a necessary control is missing or an existing control is not properly designed to achieve the control objective An Operating deficiency exists when a properly designed control is not operating as designed or the person performing the control does not possess the necessary authority or qualifications to effectively perform the control
Sample General Education Session 12Parkfield Group Degree of Control Deficiencies Control deficiencies can range from inconsequential to material weaknesses A Significant Deficiency is one that could adversely affect the entity's ability to initiate, record, process and report financial data consistent with the assertions of management in the financial statements An Material Weakness is a significant deficiency in one or more of the internal controls that alone or together preclude internal controls from reducing to an appropriately low level the risk that material misstatements in the financial statements will not be prevented or detected in a timely manner
Sample General Education Session 13Parkfield Group Information & Communication Pertinent Information must be identified and communicated in a form and timeframe that enables people to carry out their responsibilities The quality of information received and given influences the quality of decisions made Information is needed at all levels of an organization to run the business and achieve objectives Communication must take place, dealing with expectations, responsibilities and other matters
Sample General Education Session 14Parkfield Group Monitoring Is a process that assesses the quality of internal controls over time Ensures that internal controls are operating as expected Applied to all activities of an organization Should focus on high risk areas Monitoring can be accomplished by: Ongoing Activities Separate Evaluations
Sample General Education Session 15Parkfield Group Any Questions? Larry