版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)
文檔簡介
1、達(dá)盟上海財(cái)務(wù)管理咨詢TMF Services Ltd. SOX Training Agenda1.Overview of Sarbanes-Oxley Act 2.COSO Internal Control Framework3.What Could Go Wrong (Risk) 4.Internal Control 5.Typical mistakes in control identification6.Risk and Control Mapping7.Identification of Key Control8.Control Deficiency9.Walkthrough10.Te
2、st of Control11. Comparison between Walkthrough and Test of Control12.SOX Project Overview13.SOX Documentation and Requirement Overview of Sarbanes Oxley ActGeneral Introduction to the ActWhat were the Causes?Introduction to Various Key SectionsOverview of Sarbanes Oxley ActThe Sarbanes-Oxley Act is
3、 a USlaw enacted by President Bush onJuly 30, 2002 formally known as“The Public Company AccountingReform and Investor ProtectionAct(上市公司會(huì)計(jì)改革與投資者維護(hù)法案).Overview of Sarbanes Oxley ActWhat were the Causes?:1. Why enact Sarbanes-Oxley?EnronWorldComRestore Investor ConfidenceIncreased TransparencyReform A
4、ccounting Industry2. Protecting the interests of:-Shareholders Pension beneficiariesEmployeesOverview of Sarbanes Oxley ActWhat the Act did: Added new financial disclosure requirements Increased CEO/CFO responsibilities and penalties Created a Public Company Accounting Oversight Board (PCAOB), with
5、standard-setting, investigative, and disciplinary authority Strengthened auditor independence rules Added internal control reporting requirementOverview of Sarbanes Oxley ActThe Act contains 11 titles with various sections:Title I: Public Company Accounting Oversight BoardTitle II: Auditor Independe
6、nce Title III: Corporate Responsibility (Section 302)Title IV: Enhanced Financial Disclosures (Section 404)Title V: Analyst Conflicts of InterestTitle VI: Commission Resources and Authority Title VII: Studies and ReportsTitle VIII: Corporate and Criminal Fraud Accountability Title IX: White-collar C
7、rime Penalty Enhancements (Section 906)Title X: Corporate Tax ReturnsTitle XI: Corporate Fraud and Accountability Overview of Sarbanes Oxley ActSection 404 requirement:Requires each annual report to contain an “internal control report,which must include:1. A statement of managements responsibility f
8、or establishing andmaintaining adequate internal controls over financial reporting;2. Managements assessment of the effectiveness of the companysinternal control over financial reporting as of the end of thecompanys most recent fiscal year;3. A statement identifying the framework used by management
9、toevaluate the effectiveness of the internal control over financialreporting; and4. A statement that the external auditor has issued an attestation report on managements assessment.Overview of Sarbanes Oxley ActThe SECs final 404 rules preclude management from concludingthe effectiveness of the inte
10、rnal control over financial reporting if one or more “material weakness is identified.The rules also require management to disclose any“material weaknesses identified in the course of the evaluation.Overview of Sarbanes Oxley ActDeadline for Implementation of SOX 404 Requirement:Company TypeUpdated
11、DeadlineOld DeadlineU.S. Company and accelerated filersForeign private issuers and non-accelerated filersThe Company with aggregate market value of common equity lower than USD$75 millionAnnual report for a fiscal year ending on or after Nov. 15, 2004 (revised in Feb. 2004)Annual report for a fiscal
12、 year ending on or after July 15, 2006 (revised in Mar. 2005)Annual report for a fiscal year ending on or after July 15, 2007 (revised in Sep. 2005)Annual report for a fiscal year ending on or after June 15, 2004Annual report for a fiscal year ending on or after July 15, 2005Annual report for a fisc
13、al year ending on or after July 15, 2005Overview of Sarbanes Oxley ActA company becomes an “accelerated filer (加速呈報(bào)公司) after it first meets ALL 4 of the following requirements as of the end of a fiscal year: The aggregate market value of common equity is USD$75 million or more, measured as of the en
14、d of the companys second fiscal quarter; The company has been subject to the requirements of the Securities Exchange Act for at least 12 months as of the end of the fiscal year; The company has filed at least one annual report on Form 10-K; and The company is not eligible to use Form 10-KSB and Form
15、 10-QSB for its annual and quarterly reports as of the end of the fiscal year SOX Training Agenda1.Overview of Sarbanes-Oxley Act 2.COSO Internal Control Framework3.What Could Go Wrong (Risk) 4.Internal Control 5. Typical mistakes in control identification6.Risk and Control Mapping7.Identification o
16、f Key Control8.Control Deficiency9.Walkthrough10.Test of Control11. Relationship between Walkthrough and Test of Control12.SOX Project Overview13.SOX Documentation and Requirement COSO Internal Control FrameworkCOSO: The Committee of Sponsoring Organizations of the Treadway Commission (美國反對(duì)虛偽財(cái)務(wù)報(bào)告委員會(huì)
17、的贊助委員會(huì)/美國反欺詐性財(cái)務(wù)報(bào)告委員會(huì)管理組織)COSO was originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, an independent private sector initiative which studied the causal factors that can lead to fraudulent financial reporting and developed recommendations for public compani
18、es and their independent auditors, for the SEC and other regulators, and for educational institutions.The National Commission was jointly sponsored by five major professional associations in the United States, the American Accounting Association, the American Institute of Certified Public Accountant
19、s, Financial Executives International, The Institute of Internal Auditors, and the National Association of Accountants (now the Institute of Management Accountants). The Commission was wholly independent of each of the sponsoring organizations, and contained representatives from industry, public acc
20、ounting, investment firms, and the New York Stock Exchange.The Chairman of the National Commission was James C. Treadway, Jr., Executive Vice President and General Counsel, Paine Webber Incorporated and a former Commissioner of the U.S. Securities and Exchange Commission. (Hence, the popular name Tr
21、eadway Commission). Currently, the COSO Chairman is Larry E. Rittenberg.How is COSO related to SOX 404?Guidance from SEC provides that management is required to base its assessment of the companys internal control over financial reporting on a suitable and recognised control framework.COSO Framework
22、 to help client assess the effectiveness of the internal control environment and hence achieve compliance with SOX 404.COSO Internal Control FrameworkCOSO Internal Control FrameworkThe integrated framework defined by COSO:Internal Control-Integrated Framework (issued in 1992)Enterprise Risk Manageme
23、nt-Integrated Framework (issued in Sep. 2004)1. Control environment1. Internal environment2. Objective setting3. Event identification2. Risk assessment4. Risk assessment5. Risk response3. Control activities6. Control activities4. Information and communication7. Information and communication5. Monito
24、ring8. MonitoringCOSO Internal Control FrameworkThe control environment sets the tone of an organization, influencing the control consciousness of its peopleIntegrity & Ethical ValuesCommitment to CompetenceBoard of Directors / Audit CommitteeManagements Philosophy & Operating StyleOrganizational St
25、ructureAssignment of Authority & ResponsibilityHuman Resource Policies & PracticesCOSO Internal Control FrameworkEvery entity faces a variety of risks from external and internal sources that must be assessed.A pre-condition of risk assessment is the establishment of objectives.Risk assessment if the
26、 identification and analysis of relevant risks to achievement of the objectives, thus forming a basis for determining how the risks should be managed.COSO Internal Control FrameworkControl activities are policies and procedures that help ensure management directives are carried outEnsures that actio
27、ns are taken to address the risksThese actions are carried out at all levels of the organisation and include a range of activities such as approvals, authorisations, verifications, reconciliations, segregation of duties etc.COSO Internal Control FrameworkPertinent information must be identified, cap
28、tured and communicated in a form and timeframe that supports all other control components InformationObtaining external & internal informationProviding information to the right people at the right timeDevelopment / revision of information systemsCommunicationExternal & internal communication policy,
29、 e.g. employees roles & responsibilitiesChannels of communication for people to report suspected improprietiesReceptivity of management to employees performance improvement suggestionsOpenness & effectiveness of communication with external partiesExtent to which outside parties have been made aware
30、of the entitys ethical standardsTimely and appropriate follow-up by management on complaintsCOSO Internal Control FrameworkInternal control systems need to be monitored a process that assesses the quality of the systems performance over timeOngoing monitoringSeparate EvaluationsReporting deficiencie
31、sCOSO Internal Control Framework SOX Training Agenda1.Overview of Sarbanes-Oxley Act 2.COSO Internal Control Framework3.What Could Go Wrong (Risk) 4.Internal Control 5.Typical mistakes in control identification6.Risk and Control Mapping7.Identification of Key Control8.Control Deficiency9.Walkthrough
32、10.Test of Control11. Relationship between Walkthrough and Test of Control12.SOX Project Overview13.SOX Documentation and Requirement What Could Go Wrong?What Could Go WrongFor each significant account assertion ask where in the processing of tractions can be error that wouldbe material?What Could G
33、o Wrong?Definition of AssertionsAssertions are representations by management that are embodied in financial statement components. The only difference between an assertion and a potential error is how each is stated. An assertion is a positive statement (e.g., all transactions are recorded) whereas a
34、 potential error is the inverse, or a negative statement (e.g., all transactions are not recorded). Management uses assertions (or potential errors) to identify “what can go wrongs to determine whether management has placed into operation control activities sufficient to meet the risks to financial
35、reporting. What Could Go Wrong?1. Existence or Occurrence - Assets, liabilities and ownership interests exist at a specific date; recorded transactions represent events that actually occurred during the period.2. Completeness - All transactions & other events & circumstances that occurred during a s
36、pecific period & should have been recognized in the period have, in fact, been recorded.3. Valuation or Measurement - Assets, liabilities, revenue & expense components are recorded at appropriate amounts in conformity with company policy and applicable statutory financial accounting and reporting ru
37、les & regulations. Transactions are mathematically correct and appropriately summarized and recorded in the entitys books and records.4. Rights and Obligations - Assets are the rights, and liabilities are the obligations of the entity at a given date.5. Presentation and Disclosure - Items in the fin
38、ancial statements (ABACUS financial reporting package) are properly described, sorted and classified.6. Safeguarding - Assets are adequately safeguarded from misappropriation or use.7. Segregation of Duties - Authorization, custody, recording, and controlling are adequately segregated.SOX Project Ov
39、erview Assertion Potential Error Existence or occurrence Not business reality Completeness Incomplete Not timely Valuation or allocation InaccurateNot objective Inconsistent with selected principlesNot consistent from period to period Rights and obligations Not authorized Presentation and disclosure
40、 MisleadingSafeguarding Inadequately safeguarded Segregation of duties Inadequately segregated What Could Go Wrong?Example:Lets discuss “What Could Go Wrong? to the following sub-process:Fixed Assets acquisition;Fixed Assets disposal;Fixed Assets safeguarding;Segregation of duty. SOX Training Agenda
41、1.Overview of Sarbanes-Oxley Act 2.COSO Internal Control Framework3.What Could Go Wrong (Risk) 4.Internal Control 5.Typical mistakes in control identification6.Risk and Control Mapping7.Identification of Key Control8.Control Deficiency9.Walkthrough10.Test of Control11. Relationship between Walkthrou
42、gh and Test of Control12.SOX Project Overview13.SOX Documentation and Requirement Internal ControlInternal control is broadly defined by COSO as:A process, effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of
43、 objectives in the following three categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulationsInternal ControlInternal control over financial reporting is a process designed by management to provide reasonable assurance re
44、garding the reliability of financial reporting and the preparation of financial statements in accordance with generally accepted accounting principles (US GAAP / the A&RG) and includes those policies and procedures that:(1) Pertain to the maintenance of records that accurately and fairly reflect our
45、 daily financial transactions (including dispositions of assets),(2) Provide reasonable assurance that transactions are recorded as necessary and that receipts and expenditures are made only in accordance with authorizations of management and directors; and(3)Provide reasonable assurance regarding p
46、revention or timely detection of unauthorized acquisition, use or disposition of assets.Internal ControlAn activity that mitigates business risk.Examples include:Authorization controlsSystem configuration and account mapping controlsException/edit reportsKey performance indicatorsManagement reviewRe
47、conciliationSegregation of dutiesSystem access controlsPhysical assets safeguardTrainingInternal ControlDocumentation of Actual internal Control: Who performs the controls (competence/experience of the individuals), including whether appropriate segregation of duties is achieved and, if not, how the
48、 associated risks are mitigated?How the actual controls effectively meet the related control objective(s)?How often the controls are performed?How detected exceptions are followed up?Internal ControlInternal control Type:1. Manual2. Automated3. IT-dependentWe can also classify Internal control as:A.
49、 Prevent controlB. Detect controlInternal ControlManual Prevent ControlsManual Prevent controls are controls thatAre not performed by the computerAre not reliant on computer generated information Prevent errors from occurring during transaction processingExamples include:Approving a manual purchase
50、order (e.g., physical signature on a manual purchase order) Contracts are kept in a locked cabinet by a specified staff.Internal ControlManual Detect ControlsManual Detect Controls are controls that:Are not performed by the computerAre not reliant on computer generated information Detect and correct
51、 errors that may have occurred in processed transactions on a timely basisExamples include:Prepare the bank reconciliation manually and investigate the significant reconciling items.Re-performance of a calculation.Internal ControlComparison of Manual Prevent v Detect controlsPreventDetectTakes place
52、 before an error occursNormally applies to a single transactionTakes place after an error occursNormally applies to a population of transactionsInternal ControlIT-Dependent controlsIT-Dependent controls are controls that use computer-produced information. They are therefore a hybrid control with bot
53、h a computer and human element. The computer-produced information is often referred to as electronic evidence. Examples include:Manual balancing/review of computer-produced information such as a bank reconciliation that uses computer-generated cash receipts and cash disbursements detailManual review
54、 and follow up of items on an exception or variance report such as management review of monthly variance report and follow-up on significant variances.Internal ControlIT-Dependent controls (continued)Because the IT-dependent control relies on computer-produced information or reports, it is important
55、 that appropriate controls are in place to ensure that the computer-produced information is complete and accurate. SOX Training Agenda1.Overview of Sarbanes-Oxley Act 2.COSO Internal Control Framework3.What Could Go Wrong (Risk) 4.Internal Control 5.Typical mistakes in control identification6.Risk a
56、nd Control Mapping7.Identification of Key Control8.Control Deficiency9.Walkthrough10.Test of Control11. Relationship between Walkthrough and Test of Control12.SOX Project Overview13.SOX Documentation and Requirement Typical mistakes in control identificationWho perform the control segregation of dut
57、y2.Control vs Activity3.Control vs PolicyControl vs Activity vs Policy1. Who perform the control?Risk:All changes to the master vendor file are not captured, input, recorded, and processed into the information system.Only independent check / review is considered to be “controlControl 1: VMM can only
58、 create / change the master vendor file based on approved forms and then the VMM double check the creation / change. Control 2: VMM runs SAP run vendor master change log and new vendor creation change log weekly, then deputy of VMM check the change log against the approved application form. PControl
59、 vs Activity vs Policy2. Control vs ActivityRisk: Changes to customer data file did not actually take place.Not all activities are “controlControl 1: Sales staff updates SAP based on the approved SAP Customer creation / change form with information of customers name, address, telephone no, fax no.,
60、proposed payment terms and order amount when opening a new customer account.Control 2: Sales staff runs SAP run customer master change log and new customer creation change log weekly, then deputy of sales staff checks the change log against the approved Customer creation / change form.PControl vs Ac
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。
最新文檔
- 精準(zhǔn)識(shí)別課件教學(xué)課件
- 智慧養(yǎng)老中心解決方案
- 頸椎病解刨結(jié)構(gòu)
- 2024年超高速加工中心投資項(xiàng)目資金申請(qǐng)報(bào)告書
- 車場停電應(yīng)急預(yù)案
- 第六章 機(jī)械能守恒定律-功能關(guān)系與能量守恒 2025年高考物理基礎(chǔ)專項(xiàng)復(fù)習(xí)
- 2-1-4 微專題1-碳酸鈉與碳酸氫鈉的相關(guān)計(jì)算 高一上學(xué)期化學(xué)人教版(2019)必修第一冊(cè)
- 骨水泥在糖尿病足的應(yīng)用
- 醫(yī)療器械合作協(xié)議書范本
- 社交網(wǎng)絡(luò)鉤機(jī)租賃合同
- 年產(chǎn)6000萬塊粉煤灰煤矸石燒結(jié)磚項(xiàng)目節(jié)能評(píng)估報(bào)告書
- 秘書五級(jí)總復(fù)習(xí)3 (收文發(fā)文+事務(wù)管理+自動(dòng)化100)附答案
- 人教版英語九全 Unit 8 It must belong to Carla. Section A(3a-3c)教案
- 移植物抗宿主病課件
- 全面解讀2020年《中華人民共和國民法典》之物權(quán)編PPT
- 高中生物必修一新教材課后習(xí)題與參考答案
- 水利部水利建設(shè)經(jīng)濟(jì)定額站
- 大班數(shù)學(xué)《貪心的三角形》課件
- 金屬和半導(dǎo)體材料電導(dǎo)(材料物理性能)
- 最新八年級(jí)道法上冊(cè)概括與評(píng)論題角度匯編
- 酒店組織架構(gòu)圖以及各崗位職責(zé)(完整版)
評(píng)論
0/150
提交評(píng)論