P. 1
Sox

Sox

4.0

|Views: 484|Likes:
Published by cajitendergupta

More info:

Published by: cajitendergupta on Jul 17, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PPT, PDF, TXT or read online from Scribd
See more
See less

04/01/2012

pdf

text

original

Sarbanes-Oxley

Overview

1

Sarbanes-Oxley Act Summary
The Sarbanes-Oxley Act of 2002
§201 §202 §203 §204 §206 §301 §302 §303 §306 §307 §401 Prohibited Non-Audit Services Audit Committee Pre-Approval Audit Partner Rotation Auditor Reports to Audit Committee Auditor Conflicts of Interest Independent Audit Committee Certification of Periodic Reports Improper Influence on Conduct of Audits Pension Fund Black-Out Restrictions Conduct of Attorneys Disclosure of Off-Balance Sheet Transactions

§401 Disclosure of Pro-Forma Financial Information §401 Disclosure Material Correcting Adjustments §402 Prohibition on Loans to Directors and Executives §403 Insider Transactions – 2 Day Reporting §404 Management Report on Internal Controls §406 Officers §407 §409 §806, 1107 Code of Ethics Disclosure for Financial Financial Expert Disclosure Requirements Real-Time Disclosure Employee Whistleblower Protection 2

Sarbanes-Oxley Background
Accounting Scandals
Scams Off Balance Sheet Entity

LAW

REGULATION

Sarbanes-Oxley  US Congress approval Jan23’02.  Enacted July 30’02  Underline objective of protecting investor & improve accuracy & reliability of corporate disclosures New standards for corporate accountability and penalties for wrong doing  Applies primarily to companies filing annual reports with the SEC

Major Provisions  Creates new Public Company Accounting Oversight Board (PCAOB) for external auditors. (Section 103-105, 201-203).  Expands reporting requirements & accountabilities- requires CEO & CFO attestations / filing of internal control report with annual report. (Section 302).  Requires external auditors to attest to and report on management’s assessment in the internal controls report. (Section 404).  Makes audit committees and disclosure of a “financial expert” in audit committee. (Section 301 & 407).  Requires disclosures regarding code of ethics. (Section 406).  Increases civil and criminal penalties (Section 903-904).

•Enron
Improper Capitalization.

•Tyco
Improper Capitalization

•Worldcom
Improper Revenue booking

•Xerox •Qwest

Bodies Governing the Act PCAOB & SEC

3

Sec 404 of the Sarbanes Oxley Act
Sec 404 of this act establishes the following : • Responsibility of management for establishing and maintaining adequate internal control structure and procedures over financial reporting • Responsibility of management to disclose to shareholders the effectiveness of the internal control structure and procedures Documentation and testing Must include the following steps: • Evaluate whether the control is preventive or detective • Document that tests were planned and performed • Disclose material weakness • Identify the internal control framework used • State that the external accounting firm has issued an attestation report External Auditor Opinion Opinion 1 : Management’s assessment of internal control over financial reporting Opinion 2 : Effectiveness of internal control over financial reporting Company Annual Report (On Form 10K) is filed

4

Key Impacts
Account owner (Financial Disclosures)  Real time disclosures of Financial Statements as per US GAAP.  Internal control report duly attested by External Auditors included in 10K filings.  Disclosure of all off B/S transactions & Contractual obligations.  Adoption of code of ethics for senior finance officer.  Prohibition of credit or personal loan to director/CEO. Corporate & Criminal Fraud Accountability
5

Co.

Board of Directors & Senior Officers

 Certification of Financial Statements to be included in 10K and 10Q filings.  Potential Forfeiture of Bonuses & Profits due to Financial Statement Restatement.  Unlawful to exert improper influence upon an audit.  Disclosure in changes of securities ownerships of directors.  Appoint Financial Expert on the committee & disclose in 10K filings.  Members must be independent of the Company.  Directly responsible for Auditor appointment.  One year lag for hiring an audit team member in the board.  Disclose pre approvals for audit & non-audit services.  Establish compliant procedures for accounting & auditing matters.  Disclosures of fees paid to auditors in two fiscal years.

D E F A U L T

Related to Audit Committees

Sarbanes-Oxley Section 404
Approach

6

SOX Process flow
Process
Compensating

Risk Control No Control
Design GAP

Key

Preventive

Detective

Material weakness

Highly Effective

Ineffective
Operation GAP

Reported to Shareholders
Potential Significant deficiency

Reported to Audit Committee

Effective

Action plan to mitigate risk
7

Preventive & Detective Controls
Preventive Controls
 

Detective Controls

Detect problems before they arise. Prevent an error, omission from occurring .

Detect and report the occurrence of an error, omission.

Examples:6. Control access to physical facilities. 7. Use encryption software to prevent unauthorized disclosure of data.

Examples:6. Internal audit functions. 7. Review of activity logs to detect unauthorized access attempts.

8

Benefits of Internal Control
    

Complies with Rules and Regulations. Promotes reliability and integrity of Financial Reporting. Monitor Results. Safeguard Assets. Utilization of Resources Effectively and Efficiently.

9

Approach to SOX
 

Identify processes that are SOX significant Conduct Process Risk Self Assessment Step 1  PRSA Team works with Management to document and assess risks in their business Step 2  Controls for each significant risk are documented Step 3  Key controls are identified and test plans are developed and executed  Control Operator makes an assertion as to the effectiveness of each key control Step 4  Action plans are developed for missing, poorly designed, or ineffective controls. Step 5  Process owner certifies on the effectiveness of the collective controls 10

What is Process Risk Self Assessment

What is PRSA?
 

A robust approach that supports on-going self assessment by process owners. A methodology for focusing on significant risks and key controls..

PRSA will improve risk management and reduce loss, provide an automated single solution to meeting multiple regulatory requirements (Sarbanes-Oxley, Basle), strengthen customer relationships and improve shareholder value. Most importantly, PRSA provides senior leaders the evidence to support their internal control assessment/report.

11

Implications of Control Effectiveness-Based on the
results of Testing, the Control operator will assert the effectiveness of the control as follows:

Highly Effective Not Effective Effective fully  Applies to Other than Insufficient  Applies to only
automated controls.  Efficient use of internal resources  No exception in testing fully automated controls.  No exception in testing. documentation to support management’s certification. Exception detected in testing.

12

Sox Roles & Responsibilities
SOX Champion Serves as the liaison between the Process Owners and SOX 404 Project Office Process Owner Responsible for concluding whether or not their Process has effective internal controls over financial reporting Tester Executes the test plan, communicates the test results to Control operator/process owner SOX Project Office Supports the SOX effort through guidance documents, help etc. Internal Auditor Provides an objective assessment of the PRSA process External Auditor Gives an opinion on the effectiveness of management’s assessment of internal control over financial reporting
13

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->