A Sarbanes-Oxley Roadmap to Business Continuity

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "A Sarbanes-Oxley Roadmap to Business Continuity"

Transcription

1 A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT GROUP

2 Background In July of 2002, U.S. Congress passed the Sarbanes - Oxley Act (SOX) mandating that all public companies (SEC registrants) make changes to the way their financial results are reported. Legislation was a response to the high profile failures experienced in the United States during and intended to be a massive restructuring to the regulatory system governing US capital markets that would improve the quality of financial reporting and disclosures. Public Company Accounting Oversight Board (PCAOB) was created to oversee the activities of the auditing profession.

3 The Sarbanes-Oxley Act contains two Sections (302, 404) dealing with management responsibility for controls and one Section (409) on real-time reporting Internal Controls and Procedures for Financial Reporting Disclosure Controls and Procedures Notes Cash Flow Income Statement Balance Sheet Financial Statements Financial Statements Business Properties Legal Proceeding s Annual Report on Form 10-K Section 404 Section 302

4 Three Sources of SOX Guidelines Frameworks Best Practices Future Standards CobiT COSO

5 Departments Impacted by SOX Finance IT Sales Human Resources Customer Service Marketing Other 100% 95.7% 43.5% 39.1% 30.4% 17.4% 8.7% Source: The Robert Francis Group

6 SOX-Driven Changes Which of the following is the company changing to address SOX? Source: Robert Francis Group Audit Procedures Reporting Procedures Financial Systems Re-training of Personnel Organizational Structure Reporting Frequency Reporting Technologies 78.3 % 52.2% 43.5% 26.1% 21.7% 21.7% 17.4%

7 Complexity of SOX for IT How does SOX compare with other compliance or regulatory projects in IT in terms of complexity and impact of resources and expense? Source: Robert Francis Group Higher Not sure/do Not Know Same Much Higher Lower Slightly Higher 30.4% 26.1% 17.4% 17.4% 4.3% 4.3% 48+% rated SOX impact as higher

8 Does SOX Mandate an Enterprise-wide Business Continuity Process? NO A BCP is not required by PCAOB (March 2004) SAS70 (type 2) 3 rd party service providers AICPA suspended BCP requirement during SOX Growing number of executives influenced by external auditors with knowledge of business continuity and potential risks Conclude they must have business continuity processes or show why they do not

9 Defining Internal Control (IC) Section 404 attestation is based on two assessments Adequate documentation of ICs Sufficient evidence (testing) A company must have a framework against which management can make assertions Completeness Accuracy Validation (authorization) Restriction

10 What s Required for Key Controls Five W s WHO performs the control? WHAT is being done and WHAT could go wrong? WHEN and WHERE is control being performed or occurring? WHY is control activity performed to prevent or detect what? What evidence is there?

11 Why are General Controls Important? Weak General Computer Controls Strong General Computer Controls Automated control procedures, and manual control procedures that use computer-generated information, are dependent on effectiveness of general computer controls.

12 COSO Framework Five Components The process which ensures that relevant information is identified and communicated in a timely manner The evaluation of internal and external factors that impact an organization s performance The process to determine whether internal control is adequately designed, executed, effective and adaptive The policies and procedures that help ensure that actions identified to manage risk are executed and timely The control conscience of an organization. The tone at the top All five components must be in place for a control to be effective

13 Tying It All Together Control Environment Executive Management IT Services OS/Data/Telecom/Continuity/Networks IT General Controls Application Controls Source: IT Governance Institute Business Process Finance Business Process Manufacturing Business Process Logistics Business Process Etc.

14 IT Control Components IT Considerations in Control Environment Systems planning Governance Enterprise policies Operating style Collaboration Information Sharing Code of Conduct Fraud Prevention IT General Controls Systems Security / Access Change Management System Development Computer Operations Application Controls Authorization Configuration / account mapping Exception / edit reports Interface / conversion System access

15 Roadmap to Compliance Tone at the Top Engagement Walk-Thru Assertions (C, A, V, R) Definition of Materiality/Significance Significant Accounts and Processes Scope locations, cycles Control framework Remediation Testing Management certification

16 Roadmap to Compliance Phase I Tone at the Top Identify all relevant documents, policies, procedures and communications Audit Committee Charter Standards of Conduct Officer Code of Ethics Complaint Reporting Mechanisms Whistleblower Policies Assess adequacy of documentation and tone Internal audit monitoring and risk assessment

17 Roadmap to Compliance Phase II Entity Level Assessment Corporate Americas Region Europe Region Rest of World ID material reporting organizations South Carolina Mexico South Carolina Milan Erfurt Budapest Milan China India Thailand China Manufacturing ID material units within each organization Materiality based on: Mexico Sao Paolo San Diego Marseilles Copenhagen Erfurt India Thailand Australia Distribution Revenue / Assets Subjectivity of entries / reporting Chicago Prague Japan Extraordinary / one-time charges History of issues

18 Open Position Personnel Requisition Form Candidate interviewed Prepare Offer Letter Accept Offer Provide Benefits summary to employee Termination Voluntary? 04 No Director of HR Approve Yes Yes Accrued Benefits paid Proper notice given? No 05 Accrued Benefits not paid Create Employee Action Form (EAF) Other P/R changes Department Approval Review by HR 03 Verify Increases within $ pool, properly authorized Input in ADP PR System Annual Increases Included with Annual Review and Approved 02 To PR/PRO Roadmap to Compliance Department Phase III Process Mapping Human Resources Candidate Cycle reviews begin with the cycles selected being based on the legal entity assessment in Phase II. Documentation of each cycle: Narrative of key controls Process Map (Flow chart) Control Matrix including all control objectives (Excel or software tool) Documents aim to provide external audit firms with a complete understanding of the flow of transactions and controls in place.

19 Roadmap to Compliance Phase IV Overall Internal Control Effectiveness Evaluation of the overall effectiveness of internal controls, identification of matters for improvement and the establishment of monitoring systems. Management assessment of effectiveness of controls. Internal Audit provides a report detailing areas for improvement and recommendations for ensuring an environment of continuous monitoring to maintain the system of internal control and take corrective action in a timely manner when necessary. External Audit Firm will commence its Attestation Dry Run

20 Source: SOX Compliance Roadmap

21 Alignment with Business Continuity Management involvement Risk Management Process and Change Management IT role

22 Key Aspects of SOX Audit Segregation of Duties is Key IT roles separate from process owners, specifically those in Finance Hand off from process owners requires control duality Program & Application specific IT & Process owner Manual & Automated Preventative & Detective Change Management is Critical Records and document management Configuration management Business process and controls changes Access Restriction (Security) is Mandated

23 Program Development Project management standards are defined and used for all aspects of system development life cycle (SDLC) Project initiation Analysis and design Construction or package selection Testing and quality assurance Data conversion Go-live Documentation and training

24 Program Changes Project management standards are defined and used for all aspects of the program change cycle Specification, approval and tracking of change requests Construction Testing and quality assurance Authorization of transfers to live environment Including emergency fixes and access to live environment Documentation and training

25 Situational Assessment A recent Deloitte survey of Fortune 500 companies indicates that a significant amount of work remains* Activity Documentation Evaluation of design effectiveness Testing of operating effectiveness Remediation Percentage Complete 75% 47% 21% 21% *Source: Does Your SOX 404 Work Measure Up?, IIA webcast May 25, 2004

26 What Constitutes a Gap? Type Likelihood Magnitude Deficiency Remote and/or Inconsequential Significant Deficiency More than remote and More than Inconsequential or Quantitatively significant Material Weakness More than remote and Material to Financial Statements *Source: Does Your SOX 404 Work Measure Up?, IIA webcast May 25, 2004

27 A Word on Testing Plan carefully to avoid mixed results because tests are not well designed Program Testing Application Testing Infrastructure Testing IT Management and interaction with process owners and stakeholders Functional and transaction based for systems key to financial statements and reporting, plus critical systems Shared services and support systems; OS, networks, backup, etc. Benchmark Testing Slowly changing systems, COTS

28 Remediation Challenges Effective Decision & Governance Process Complex Program Management Initiatives Significant IT Environment Changes Impact on Human Resources Complex Re-testing, Roll-Forward Testing Activities Overall Need for Best Practices

29 Span of Enterprise Risk Management Credit Risk Operational Risk Market Risk Operational Risk Management (ERM) Overall compliance Compliance Integrated solutions SOX Compliance Requirements Sarbanes-Oxley Quarterly Certification by C-Level Management Control Documentation and Testing Control Assurance 409 Real-time Reporting Government Regulations HIPPA Patriot Basel II GLBA FFIEC NRC

30 Risk Management & Business Continuity Disciplines of business continuity and risk management often blurred Use similar tools and techniques, including risk assessment, business continuity planning, and BIAs Business continuity encompasses all processes necessary to restore business functionality during a time of crisis Risk management incorporates a wider variety of functions, including positive impact, negative impact, and business nonstoppage Inherent value of business continuity is clearer when we consider that not all risks can be managed Unless risk management and business continuity are institutionalized into day-to-day activities, organizations will find themselves exposed

31 Questions? Source: John Wehr Source: John Wehr

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners. Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2

354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2 Index Accounts Payable Process Review Procedures Assessments, 191 Actions to Resolve Risks COSO ERM Control Activities, 97 Activity Management COSO ERM Control Activities, 81 AICPA SAS No. 1 Internal Controls

More information

International Institute of Management

International Institute of Management Executive Education Executive Action Learning Seminars Executive Seminars Executive Courses International Institute of Management Executive Education Courses CIO & Sarbanes Oxley Compliance SOX Implementation

More information

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT New Internal Control Requirements for Companies with Operations in India November 9, 2015 In the aftermath of major global financial frauds, several countries enacted legislation

More information

SARBANES-OXLEY SECTION 404

SARBANES-OXLEY SECTION 404 SARBANES-OXLEY SECTION 404 A TOOLKIT FOR MANAGEMENT AND AUDITORS VOLUME 2 Public Company Accounting Oversight Board The Public Company Accounting Oversight Board (PCAOB) was established by Congress under

More information

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall

More information

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition 1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...

More information

Sarbanes-Oxley Control Transformation Through Automation

Sarbanes-Oxley Control Transformation Through Automation Sarbanes-Oxley Control Transformation Through Automation An Executive White Paper By BLUE LANCE, Inc. Where have we been? Where are we going? BLUE LANCE INC. www.bluelance.com 713.255.4800 info@bluelance.com

More information

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,

More information

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER Page 1 of 7 A. GENERAL 1. PURPOSE The purpose of the Audit Committee (the Committee ) of the Board of Directors (the Board ) of Teck Resources Limited ( the Corporation ) is to provide an open avenue of

More information

Sarbanes-Oxley Section 404: Management s Assessment Process

Sarbanes-Oxley Section 404: Management s Assessment Process Sarbanes-Oxley Section 404: Management s Assessment Process Frequently Asked Questions ADVISORY Contents 1 Introduction 2 Providing a Road Map for Management 3 Questions and Answers 3 Section I. Planning

More information

Sarbanes-Oxley Act of Prof. Dr. Thomas Nösberger

Sarbanes-Oxley Act of Prof. Dr. Thomas Nösberger Learning Objectives 1. Background 2. Overview Sarbanes-Oxley Act 3. The new governance structure in the US 4. The Public Company Accounting Oversight Board 5. SOX 404 6. Internal control system Page 1

More information

The Role of Internal Audit In Business Continuity Planning

The Role of Internal Audit In Business Continuity Planning The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information

More information

Guide to Internal Control Over Financial Reporting

Guide to Internal Control Over Financial Reporting Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).

More information

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page

More information

Auditing Standard 5- Effective and Efficient SOX Compliance

Auditing Standard 5- Effective and Efficient SOX Compliance Auditing Standard 5- Effective and Efficient SOX Compliance September 6, 2007 Presented to: The Dallas Chapter of the Institute of Internal Auditors These slides are incomplete without the benefit of the

More information

Sarbanes-Oxley Compliance Workbook. From Zero to SOX. Sarbanes-Oxley Compliance Workbook. sensiba san filippo www.ssfllp.com sox@ssfllp.

Sarbanes-Oxley Compliance Workbook. From Zero to SOX. Sarbanes-Oxley Compliance Workbook. sensiba san filippo www.ssfllp.com sox@ssfllp. From Zero to SOX Zero to SOX An Overview The goals of a program to meet SOX 404 requirements go far beyond compliance. The process of building a sustainable, comprehensive internal control environment

More information

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers Sarbanes-Oxley Section 404: Compliance s for Foreign Private Issuers Table of Contents Requirements of the Act.............................................................. 1 Accelerated Filer s...........................................................

More information

Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk Section 404 Audits of Internal Control and Control Risk I. Introduction Preparation Questions: Which of the GAAS fieldwork standards requires and understanding of internal controls? What is the difference

More information

Antifraud program and controls assessment grid*

Antifraud program and controls assessment grid* Advisory Services Antifraud program and * Fraud risks & controls February 2008 *connectedthinking 2008 PricewaterhouseCoopers LLP. All rights reserved. PricewaterhouseCoopers refers to PricewaterhouseCoopers

More information

WHITE PAPER. Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements

WHITE PAPER. Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements WHITE PAPER Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements TABLE OF CONTENTS Executive Summary 2 Sarbanes-Oxley Section 404 Internal Controls 3 IT Involvement

More information

IFRS in Asia 2008 Driving the Capital Markets of Tomorrow 10-11 October 2008, Beijing, China

IFRS in Asia 2008 Driving the Capital Markets of Tomorrow 10-11 October 2008, Beijing, China International Accounting Standards Committee Foundation, Ministry of Finance (PRC), and Shulun Pan Certified Public Accountants IFRS in Asia 2008 Driving the Capital Markets of Tomorrow 10-11, Beijing,

More information

Sarbanes-Oxley and Business Continuity

Sarbanes-Oxley and Business Continuity Sarbanes-Oxley and Business Continuity Bob Janusaitis, CISA, CISM, CBCP ACP Houston Chapter January 13, 2004 About us established in 1996, provides comprehensive enterprise-wide, expert guidance on IT

More information

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies James Barkley, Simon Property Group, Inc. and David E. Weiss, DDR Corp. Introduction: As lawyers, particularly real estate

More information

2013 COSO Framework Deloitte Training

2013 COSO Framework Deloitte Training 2013 COSO Framework Deloitte Training Agenda Module Module 1 Module 2 Module 3 Module 4 Module 5 Module 6 Module 7 Module 8 Module 9 Module 10 Module 11 Topic COSO Background Objectives of Internal Control

More information

IT Governance Dr. Michael Shaw Term Project

IT Governance Dr. Michael Shaw Term Project IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3

More information

COSO Internal Control Integrated Framework (2013)

COSO Internal Control Integrated Framework (2013) COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)

More information

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS I. STATEMENT OF POLICY The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Halozyme Therapeutics,

More information

Self-Service SOX Auditing With S3 Control

Self-Service SOX Auditing With S3 Control Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with

More information

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role

More information

Developing Effective Internal Controls Using the COSO Model

Developing Effective Internal Controls Using the COSO Model Developing Effective Internal Controls Using the COSO Model Office of State Controller Internal Controls in a COSO Environment Seminar Raleigh, North Carolina March 2007 Mark S. Beasley Director, ERM Initiative

More information

STANDING ADVISORY GROUP MEETING

STANDING ADVISORY GROUP MEETING 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING BROKER-DEALER AUDIT CONSIDERATIONS JULY 15, 2010 Introduction

More information

CONTINUOUS CONTROLS MONITORING

CONTINUOUS CONTROLS MONITORING Clarity. Certainty. Confidence. CONTINUOUS CONTROLS MONITORING Support Regulatory Compliance Improve Cost Management Drive Operational Performance Executives today are more challenged than ever to make

More information

[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06]

[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting

More information

AUDIT COMMITTEE CHARTER

AUDIT COMMITTEE CHARTER AUDIT COMMITTEE CHARTER Purpose The Audit Committee ( Committee ) shall assist the Board of Directors (the Board ) in the oversight of (1) the integrity of the financial statements of the Company, (2)

More information

Module 6 Documenting Processes and Controls

Module 6 Documenting Processes and Controls A logical place to begin any comprehensive evaluation of internal controls is at the top entity-level controls that might have a pervasive effect on the organization. This includes a consideration of factors

More information

SARBANES-OXLEY SECTION 404 A TOOLKIT FOR MANAGEMENT AND AUDITORS

SARBANES-OXLEY SECTION 404 A TOOLKIT FOR MANAGEMENT AND AUDITORS SARBANES-OXLEY SECTION 404 A TOOLKIT FOR MANAGEMENT AND AUDITORS VOLUME 1 This volume addresses PwC risk management policies and audit methodology and is for internal distribution only. This toolkit volume

More information

Internal Control over Financial Reporting Guidance for Smaller Public Companies

Internal Control over Financial Reporting Guidance for Smaller Public Companies Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked Questions Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked

More information

Audit Committee Charter Altria Group, Inc. In the furtherance of this purpose, the Committee shall have the following authority and responsibilities:

Audit Committee Charter Altria Group, Inc. In the furtherance of this purpose, the Committee shall have the following authority and responsibilities: Audit Committee Charter Altria Group, Inc. Membership The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Altria Group, Inc. (the Company ) shall consist of at least three directors

More information

Communicating Internal Control Related Matters Identified in an Audit

Communicating Internal Control Related Matters Identified in an Audit Communicating Internal Control 1843 AU Section 325 Communicating Internal Control Related Matters Identified in an Audit (Supersedes SAS No. 112.) Source: SAS No. 115. Effective for audits of financial

More information

COSO P r e s e n t e d b y : A p r i l 8,

COSO P r e s e n t e d b y : A p r i l 8, COSO 2013 P r e s e n t e d b y : Tim Lietz A p r i l 8, 2 0 1 4 1 Our Time with You COSO Background Why COSO 2013? What Has Changed? Principles Overview Implementation Tasks and Challenges 2 COSO Background

More information

An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements

An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements Auditing Standard No. 5 An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements June 12, 2007 AUDITING AND RELATED PROFESSIONAL PRACTICE STANDARDS

More information

Navigating the Standards for Information Technology Controls

Navigating the Standards for Information Technology Controls Navigating the Standards for Information Technology Controls By Joseph B. O Donnell and Yigal Rechtman JULY 2005 - Pervasive use of computers, along with recent legislation such as the Sarbanes- Oxley

More information

COSO 2013 Internal Control Framework

COSO 2013 Internal Control Framework COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1 Who/What

More information

Ten Steps to SOX Compliance for Smaller Public Companies

Ten Steps to SOX Compliance for Smaller Public Companies Presented by: Bob Benoit Lord & Benoit, LLC One West Boylston St. Worcester, MA 01605 (508) 853-6404 Ten Steps to SOX Compliance for Smaller Public Companies Team IT Controls Timeline Effectiveness Of

More information

What Should IS Majors Know About Regulatory Compliance?

What Should IS Majors Know About Regulatory Compliance? What Should IS Majors Know About Regulatory Compliance? Working Paper Series 08-12 August 2008 Craig A. VanLengen Professor of Computer Information Systems/Accounting Northern Arizona University The W.

More information

OUTSOURCING AND SERVICE AUDITOR S REPORTS

OUTSOURCING AND SERVICE AUDITOR S REPORTS OUTSOURCING AND SERVICE AUDITOR S REPORTS FREEDOM TO DO BUSINESS Outsourcing and service Auditor s Reports 3 OUTSOURCING AND SERVICE AUDITOR S REPORTS SERVICE AUDITOR S REPORTS ARE GROWING IN IMPORTANCE,

More information

Industry Sound Practices for Financial and Accounting Controls at Financial Institutions

Industry Sound Practices for Financial and Accounting Controls at Financial Institutions Industry Sound Practices for Financial and Accounting Controls at Financial Institutions Federal Reserve Bank of New York January 2006 FINANCIAL AND ACCOUNTING CONTROLS: INDUSTRY SOUND PRACTICES FOR FINANCIAL

More information

IT s Role in Sarbanes-Oxley Act

IT s Role in Sarbanes-Oxley Act IT s Role in Sarbanes-Oxley Act SunView Software Whitepaper September 2006 Table of Contents Executive Summary............................ 2 Requirements for Successful SOX Compliance.......... 3 What

More information

Fraud and Role of Information Technology. September 2008

Fraud and Role of Information Technology. September 2008 Fraud and Role of Information Technology September 2008 Agenda IT Value Proposition Slide 2 Prior Interpretations of Internal Control Structure Have Addressed Three Separate Parts Which Were Audited Somewhat

More information

A SOX2007.com White Paper

A SOX2007.com White Paper A SOX2007.com White Paper SOX 404 and Small Companies: A Cost Effective Approach to 2007 Compliance Background The Sarbanes-Oxley Act (SOX) was passed by Congress in July 2002 to address corporate mismanagement

More information

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

SEATTLE GENETICS, INC. Charter of the Audit Committee of the Board of Directors

SEATTLE GENETICS, INC. Charter of the Audit Committee of the Board of Directors SEATTLE GENETICS, INC. Charter of the Audit Committee of the Board of Directors Purpose The purpose of the Audit Committee established by this charter will be to make such examinations as are necessary

More information

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Examination of an Entity s Internal Control 1403 AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:

More information

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors) Special Considerations---Audits of Group Financial Statements 607 AU-C Section 600 Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors) Source: SAS No.

More information

Impact of the Sarbanes-Oxley Act on the System of Internal Controls and IS Audit

Impact of the Sarbanes-Oxley Act on the System of Internal Controls and IS Audit Impact of the Sarbanes-Oxley Act on the System of Internal Controls and IS Audit Eva Šimková Hewlett-Packard s.r.o. Vyskočilova 1/1410 14021 PRAHA eva.simkova@hp.com Abstract: The purpose of this paper

More information

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners The Institute of Internal Auditors

More information

INTERNAL CONTROLS EVALUATION

INTERNAL CONTROLS EVALUATION INTERNAL CONTROLS EVALUATION Planning an Internal Controls Evaluation Project Internal Control Documentation Internal Control Testing Evaluation of Internal Control Deficiency Reporting Internal Control

More information

Case 14-08 Tiger Pride Enterprises

Case 14-08 Tiger Pride Enterprises Case -08 Tiger Pride Enterprises You are the audit senior for Tiger Pride Enterprises (Tiger Pride). The audit partner has asked you to review the AICPA Statement on ing Standards (SAS) AU-C 600, Special

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need

More information

STANDING ADVISORY GROUP MEETING INITIATIVES TO IMPROVE AUDIT QUALITY ROOT CAUSE ANALYSIS, AUDIT QUALITY INDICATORS, AND QUALITY CONTROL STANDARDS

STANDING ADVISORY GROUP MEETING INITIATIVES TO IMPROVE AUDIT QUALITY ROOT CAUSE ANALYSIS, AUDIT QUALITY INDICATORS, AND QUALITY CONTROL STANDARDS 1666 K Street, NW Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING INITIATIVES TO IMPROVE AUDIT QUALITY ROOT CAUSE ANALYSIS, AUDIT

More information

BAKER HUGHES INCORPORATED. CHARTER OF THE AUDIT/ETHICS COMMITTEE OF THE BOARD OF DIRECTORS (as amended and restated October 24, 2012)

BAKER HUGHES INCORPORATED. CHARTER OF THE AUDIT/ETHICS COMMITTEE OF THE BOARD OF DIRECTORS (as amended and restated October 24, 2012) BAKER HUGHES INCORPORATED CHARTER OF THE AUDIT/ETHICS COMMITTEE OF THE BOARD OF DIRECTORS (as amended and restated October 24, 2012) The Board of Directors of Baker Hughes Incorporated (the Company ) has

More information

MACQUARIE INFRASTRUCTURE CORPORATION AUDIT COMMITTEE CHARTER

MACQUARIE INFRASTRUCTURE CORPORATION AUDIT COMMITTEE CHARTER MACQUARIE INFRASTRUCTURE CORPORATION AUDIT COMMITTEE CHARTER A. Purpose The Audit Committee (the Committee ) has been established by the Board of Directors (the Board ) of Macquarie Infrastructure Corporation

More information

Impact of New Internal Control Frameworks

Impact of New Internal Control Frameworks Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com

More information

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF VIEWS AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN

More information

AMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER. Adopted June 25, 2015

AMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER. Adopted June 25, 2015 AMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER Adopted June 25, 2015 I. General Statement of Purpose The purposes of the Audit Committee of the Board of Directors (the Audit Committee ) of Amplify

More information

Consultation Response

Consultation Response Consultation Response PROPOSED AUDITING STANDARD AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING PERFORMED IN CONJUNCTION WITH AN AUDIT OF FINANCIAL STATEMENTS PCAOB Rulemaking Docket Matter No.

More information

Risk Management Advisory Services, LLC Capital markets audit and control

Risk Management Advisory Services, LLC Capital markets audit and control Risk Management Advisory Services, LLC Capital markets audit and control November 14, 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C., 20006-2803

More information

Fraud Prevention and Deterrence

Fraud Prevention and Deterrence Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining

More information

Sarbanes-Oxley and Sage MAS 90, 200, and 500. www.sagemas.com

Sarbanes-Oxley and Sage MAS 90, 200, and 500. www.sagemas.com Sarbanes-Oxley and Sage MAS 90, 200, and 500 www.sagemas.com Table of Contents Introduction... 3 Separating Truth From Fiction... 3 Impact of Sarbanes-Oxley... 5 Integrated Systems... 5 Security by Design...

More information

MATTEL, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER

MATTEL, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER Purpose MATTEL, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER The purpose of the Audit Committee (the Committee ) is to provide assistance to the Board of Directors (the Board ) of Mattel, Inc. (the

More information

Charter of the Audit Committee of the Board of Directors of Woodward, Inc.

Charter of the Audit Committee of the Board of Directors of Woodward, Inc. AUDIT COMMITTEE CHARTER Charter of the Audit Committee of the Board of Directors of Woodward, Inc. Purpose The Audit Committee (the Committee ) is appointed by the Board of Directors to oversee the accounting

More information

Introduction to IT Audit

Introduction to IT Audit Introduction to IT Audit January 23, 2008 Who We Are Randy Roehm Technology Risk Director Jason Brucker Technology Risk Manager Zeb Buckner Internal Audit Consultant Zeb.buckner@protiviti.com Darcie Allen

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers Sarbanes-Oxley Section 404: Compliance s for Foreign Private Issuers As of March 14, 2005 Table of Contents Requirements of the Act.............................................................. 1 Accelerated

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014

CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014 CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014 Purpose The Audit Committee (the Committee ) is created by the Board of Directors of

More information

Oceaneering International, Inc. Audit Committee Charter

Oceaneering International, Inc. Audit Committee Charter Oceaneering International, Inc. Audit Committee Charter Purpose The Audit Committee of the Board of Directors (the Committee ) is appointed by the Board of Directors (the Board ) to assist the Board in

More information

P&F INDUSTRIES, INC. AUDIT COMMITTEE CHARTER

P&F INDUSTRIES, INC. AUDIT COMMITTEE CHARTER P&F INDUSTRIES, INC. AUDIT COMMITTEE CHARTER MEMBERSHIP The Audit Committee (the "Committee") of the board of directors (the "Board") of P&F Industries, Inc. (the "Company") shall consist of three or more

More information

Sarbanes-Oxley 404. Sarbanes-Oxley Background. SOX 404 Internal Controls. Goals of Sarbanes-Oxley

Sarbanes-Oxley 404. Sarbanes-Oxley Background. SOX 404 Internal Controls. Goals of Sarbanes-Oxley Sarbanes-Oxley Background Sarbanes-Oxley 404 Internal Controls in Financial Reporting: Implications for Actuaries Legislation passed July 30, 2002 Applies to GAAP financial statements filed with SEC Effective

More information

MORRISON I FOERSTER. Legal Updates & News. A Guide to the Impact of SAS 70 on Outsourcing Projects January 2008 by Alistair Maughan, Susan McLean

MORRISON I FOERSTER. Legal Updates & News. A Guide to the Impact of SAS 70 on Outsourcing Projects January 2008 by Alistair Maughan, Susan McLean MORRISON I FOERSTER Legal Updates & News Legal Updates A Guide to the Impact of SAS 70 on Outsourcing Projects January 2008 by Alistair Maughan, Susan McLean Related Practices: Sourcing The worlds of outsourcing

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

February 2015. Sample audit committee charter

February 2015. Sample audit committee charter February 2015 Sample audit committee charter Sample audit committee charter This sample audit committee charter is based on observations of selected companies and the requirements of the SEC, the NYSE,

More information

BOTTOMLINE TECHNOLOGIES (DE), INC. AUDIT COMMITTEE CHARTER

BOTTOMLINE TECHNOLOGIES (DE), INC. AUDIT COMMITTEE CHARTER BOTTOMLINE TECHNOLOGIES (DE), INC. AUDIT COMMITTEE CHARTER A. Purpose The purpose of the Audit Committee is to assist the Board of Directors oversight of: the Company s accounting and financial reporting

More information

Charter of the Audit Committee of the Board of Directors of The Ensign Group, Inc. Adopted & Effective April 26, 2007 Last Revised October 29, 2015

Charter of the Audit Committee of the Board of Directors of The Ensign Group, Inc. Adopted & Effective April 26, 2007 Last Revised October 29, 2015 Charter of the Audit Committee of the Board of Directors of The Ensign Group, Inc. Adopted & Effective April 26, 2007 Last Revised October 29, 2015 1. Purposes. The primary purposes of the Audit Committee

More information

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued

More information

CALADRIUS BIOSCIENCES, INC. AUDIT COMMITTEE CHARTER

CALADRIUS BIOSCIENCES, INC. AUDIT COMMITTEE CHARTER I. STATEMENT OF POLICY CALADRIUS BIOSCIENCES, INC. AUDIT COMMITTEE CHARTER The Audit Committee shall assist the Board of Directors (the "Board") of Caladrius Biosciences, Inc. ("Caladrius ") in fulfilling

More information

HIGHFIELD RESOURCES LIMITED AUDIT, BUSINESS RISK & COMPLIANCE COMMITTEE CHARTER

HIGHFIELD RESOURCES LIMITED AUDIT, BUSINESS RISK & COMPLIANCE COMMITTEE CHARTER HIGHFIELD RESOURCES LIMITED AUDIT, BUSINESS RISK & COMPLIANCE COMMITTEE CHARTER HIGHFIELD RESOURCES LTD AUDIT, BUSINESS RISK & COMPLIANCE COMMITTEE CHARTER PART 1 - PRELIMINARY 1. Introduction 1.1 The

More information

Charter of the Audit Committee of the Board of Directors

Charter of the Audit Committee of the Board of Directors Charter of the Audit Committee of the Board of Directors Dated as of April 27, 2015 1. Purpose The Audit Committee is a committee of the Board of Directors (the Board ) of Yamana Gold Inc. (the Company

More information

Sarbanes-Oxley Section 404 Compliance: A Guiding Framework using igrafx SOX Accelerator

Sarbanes-Oxley Section 404 Compliance: A Guiding Framework using igrafx SOX Accelerator Sarbanes-Oxley Section 404 Compliance: A Guiding Framework using igrafx SOX Accelerator 2007 Corel Corporation. All Rights Reserved. Table of Contents Introduction...P - 1 Using igrafx for SOX Compliance...P

More information

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology Inclusive of, framework, procedures and methodology Contents 1 Introduction 1 1.1 Legislative Framework and best practice 1 1.2 Purpose of Enterprise Risk Management 2 1.3 Scope and Applicability 3 1.4

More information

September 9, 2015. Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

September 9, 2015. Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C. One South Wacker Drive, Suite 500 Chicago, IL 60606 www.mcgladrey.com Office of the Secretary 1666 K Street, N.W. Washington, D.C. 20006-2803 Re: PCAOB Rulemaking Docket Matter No. 041 McGladrey LLP appreciates

More information

26 February 2007. Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC 20549-1090

26 February 2007. Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC 20549-1090 3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 26 February 2007 Ms. Nancy M. Morris, Secretary

More information

PASSUR AEROSPACE, INC (the "Company") AUDIT COMMITTEE CHARTER. The purpose of the Audit Committee (the Committee ) shall be as follows:

PASSUR AEROSPACE, INC (the Company) AUDIT COMMITTEE CHARTER. The purpose of the Audit Committee (the Committee ) shall be as follows: Purpose PASSUR AEROSPACE, INC (the "Company") AUDIT COMMITTEE CHARTER The purpose of the Audit Committee (the Committee ) shall be as follows: 11. To oversee the accounting and financial reporting processes

More information

The Financial Reporter

The Financial Reporter Article from: The Financial Reporter December 2004 Issue 59 Actuarial Aspects of SOX 404 Laura J. Hay and Richard H. Browne Laura J. Hay is principal at KPMG LLP in New York, N.Y. She can be reached at

More information

Audit of the Test of Design of Entity-Level Controls

Audit of the Test of Design of Entity-Level Controls Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents

More information