Professional Documents
Culture Documents
These slides are incomplete without the benefit of the comments made at the session. The
information and considerations presented herein do not constitute legal or any other type of
professional advice.
Internal Controls Optimization
Mattel
In August 2007, Mattel, Inc. announced it was recalling approximately one million
toys in the U.S. made in China due to excessive amounts of lead in the paint used.
• Recall included the following toys
Sesame Street
Fisher Price
Cars
Issue stems from vendors choosing to use cheaper, unapproved paint instead of the
approved “safe” paint
PricewaterhouseCoopers Page 2
Internal Controls Optimization
Reaction - Mattel
In light of the lead paint issue, Mattel sent out a press release to customers letting
them know of the recall and how to return affected toys
• Public reaction was everything from apologies in the WSJ or several articles
• This took place to late in the year to recover for the Christmas shopping season
PricewaterhouseCoopers Page 3
Internal Controls Optimization
Société Généralé
In January 2008, Société Généralé suffered a loss of $7.1 billion (€4.8 billion) due to
actions taken by a trader
Prosecutors contend trader made bets in one direction to rack up big gains then
made fake trades in opposite direction to hide the risk
In order to avoid detection, the trader would delete the fake trades before they were
checked then re-enter them when the check was complete
Personal Gain - No
PricewaterhouseCoopers Page 4
Internal Controls Optimization
PricewaterhouseCoopers Page 5
Internal Controls Optimization
Others:
Financial Reporting Controls Failures
– Enron, Worldcom, Société Généralé
– Options Backdating, Restatements
– And many more
PricewaterhouseCoopers Page 6
Internal Controls Optimization
PricewaterhouseCoopers Page 7
Internal Controls Optimization
PricewaterhouseCoopers Page 8
Internal Controls Optimization
PricewaterhouseCoopers Page 11
Internal Controls Optimization
An efficient and systematic process to define the risks which are
likely to impact the achievement of the organization's objectives
Identification of the existing controls universe and quantification of the
costs, process impact, and reliability associated with the operation
and validation of those controls
Identification of existing controls which will most efficiently and effectively
mitigate and manage those risks; elimination of redundant, inefficient or
ineffective controls
Redesign, automation, or implementation of new controls, to
increase the efficiency and effectiveness of the existing system of
controls
Design and implementation of a management oversight and reporting
structure to monitor the effectiveness of the system of controls, its
infrastructure, and the identification of process improvements
PricewaterhouseCoopers Page 12
Internal Controls Optimization
PricewaterhouseCoopers Page 13
Internal Controls Optimization
PricewaterhouseCoopers Page 14
Internal Controls Optimization
Reduce financial and business risks, costs and effort for your company
resources
Clarify roles and responsibilities and key business objectives and risks to
enhance the accountability within your organization
Utilize Internal Audit to spend more time assisting the company with new
risk management concerns.
PricewaterhouseCoopers Page 15
The Path Towards Internal Controls
Optimization
Internal Controls Optimization
Organizations should be able to evaluate their controls environment, through self and risk
assessment practices.
Review the unique aspects of your business that may require more or less time spent on
internal controls assessments
• “Tone at the Top”
• Decentralization,
• Diversity of products and revenue streams,
• Lack of standardization,
• Previous challenges or financial restatements
PricewaterhouseCoopers Page 17
Internal Controls Optimization
Business Strategy
Current Processes
Use of Technology
PricewaterhouseCoopers Page 18
Internal Controls Optimization
Risk-Based Approach
Goal: To identify the “right” controls. It’s not about finding a specific number of
controls, but identifying the controls that mitigate the key risks for the organization
Internal key risks to the organization should be identified either from a
financial, operational, or compliance perspective
The current business environment and corporate strategy will drive the
organizational direction and effect the specific risks encountered
PricewaterhouseCoopers Page 19
Internal Controls Optimization
PricewaterhouseCoopers Page 20
Internal Controls Optimization
PricewaterhouseCoopers Page 21
Internal Controls Optimization
PricewaterhouseCoopers Page 22
Internal Controls Optimization
PricewaterhouseCoopers Page 23
Internal Controls Optimization
PricewaterhouseCoopers Page 24
Internal Controls Optimization
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon
the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to
the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its
members, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act,
in reliance on the information contained in this publication or for any decision based on it.
© 2007 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP (a Delaware limited liability
partnership) or, as the context requires, other member firms of PricewaterhouseCoopers International Ltd., each of which is a separate and independent
legal entity. *connectedthinking is a trademark of PricewaterhouseCoopers LLP.
PricewaterhouseCoopers Page 26