Impact of New Internal Control Frameworks

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Impact of New Internal Control Frameworks"

Transcription

1 Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0

2 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Greg Schu Partner, National Leader of Information Technology Audit Services Mark Kultgen Partner, National Leader of Internal Audit & SOX Services McGladrey at a Glance McGladrey is the 5 th largest public accounting firm in the US and is the US member of RSM International, the 7 th largest global network of independent accounting, tax, and consulting firms. Over 6,500 employees nationally located in more than 75 offices and over 700 offices in over 100 countries. We have a global team of over 1,000 risk management professionals. We provide the guidance and support for companies undertaking their first SOX compliance effort, helping them avoid a process that is long, tedious and costly. We help with selecting an appropriate compliance framework, internal controls documentation, a readiness assessment, or a fully outsourced compliance solution. Ranked 2 nd on 2012 Accounting Today VAR 100 for Microsoft Dynamics, Deltek, Intacct and NetSuite. Associate Business Partner of SAP. We have collaborated with our clients on more than 1,000 Sarbanes-Oxley engagements. 1

3 Agenda & Objectives Topic Minutes Overview of Control Frameworks 20 COSO Impact On Your SOX Program 10 Questions and Closing 10 2

4 Control Frameworks: Recent Guidance Financial Statement Focus COSO Internal Control Integrated Framework - May 2013 PCAOB Staff Audit Practice Alert No. 11 Considerations For Audits of Internal Control Over Financial Reporting - October 24, 2013 SEC Remarks Before the 2013 AICPA National Conference on Current SEC and PCAOB Developments Audit Policy and Current Auditing and Internal Control Matters - December 9, 2013 IT Focus Sarbanes-Oxley Act 2002 Service Organization Controls (SOC) AICPA, 2011, 2013 COBIT 5 ISACA, 2012 ISO ISO 2013 HIPAA/HITECH HHS, 2013 Payment Card Industry PCI Security Standards Council, 2013 Framework for Improving Critical Infrastructure Cybersecurity NIST, 2014 Critical Security Controls (CSC, CCS) SANS Institute BITS Shared Assessment Program/Standard Information Gathering (SIG) 3

5 Control Frameworks: IT Focused 4

6 Frameworks - Purpose Why all the options? - Different industries, different standards - Healthcare focus - Financial reporting focus - Protecting cardholder information - General IT controls - General security and privacy 5

7 Frameworks How To Handle What are the identified risks, specifically IT? - Current risk assessment - Prioritized risks based on external and internal activities What framework makes sense? - Based on product and services provided - Based on location of the organization local/global What is the two three year business plan? - Company strategy growing, maintaining, downsizing Map out framework and common requirements. 6

8 Frameworks Common Themes Common threads across the frameworks: Identify the needs of - Management, stakeholders, shareholders, departments, oversight committees, regulatory functions Apply at an organization level - Protecting the organization - Consider the enterprise level and impact - Consider a holistic approach processes, culture, services, people, locations Oversight of the framework - Manage, monitor, detect, response, escalation 7

9 Framework for Improving Critical Infrastructure Cybersecurity NIST,

10 COBIT 5 ISACA,

11 ISO ISO

12 Framework for Improving Critical Infrastructure Cybersecurity NIST, 2014 Risk Assessment (ID.RA): The organization understands the cybersecurity risk to organizational operations (including mission, functions, image or reputation), organizational assets and individuals. ID.RA-1: Asset vulnerabilities are identified and documented. ID.RA-2: Threat and vulnerability information is received from information sharing forums and sources. CCS CSC 4 COBIT 5 APO12.01, APO12.02, APO12.03, APO12.04 ISA : , , , ISO/IEC 27001:2013 A , A NIST SP Rev. 4 CA-2, CA-7, CA-8, RA-3, RA-5, SA-5, SA-11, SI-2, SI-4, SI-5 ISA : , , ISO/IEC 27001:2013 A NIST SP Rev. 4 PM-15, PM-16, SI-5 ID.RA-3: Threats, both internal and external, are identified and documented. COBIT 5 APO12.01, APO12.02, APO12.03, APO12.04 ISA : , , NIST SP Rev. 4 RA-3, SI-5, PM-12, PM-16 11

13 Framework Impact on People and Systems What options have been considered for personnel? - Adequate staffing - Adequate skills - Train internally or contractor supplement - Co-source specific functions - Full outsourcing What options have been considered for solutions? - Build or buy - Rent (cloud) Evaluate annually and adjust as needed based on business needs and external activities. 12

14 Frameworks The frameworks require (nothing new): - Sponsorship and support - Policies, processes and procedures - People Time to implement Monitor results Service and support Adjust based on feedback 13

15 Framework What Is Different Emphasis on technology: - Infrastructure, systems, mobile; data Global risks more prevalent Impact not just to companies, but individuals and employees New normal - Regular monitoring (identity monitoring; LifeLock) - Check accounts, statements regularly - Electronic scams , text, mobile phone, websites 14

16 2013 COSO Framework Discussion 15

17 COSO Overview The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five sponsoring organizations formed in Provides thought leadership through the development of frameworks and guidance on: - Internal control - Enterprise risk management - Fraud Designed to improve organizational performance and governance, and to reduce the extent of fraud in organizations. Released original Internal Control-Integrated Framework in 1992, which has become the most widely used internal control framework. 16

18 Select COSO Frameworks Internal Control Integrated Framework (2013) ICOFR Guidance for Smaller Public Companies (2006) Internal Control Integrated Framework (1992) Enterprise Risk Management Integrated Framework (2004) 17

19 COSO Background Why update what works The 1992 Framework has become the most widely adopted control framework worldwide. Original Framework COSO s Internal Control Integrated Framework (1992 Edition) Refresh Objectives Reflect changes in business & operating environments Expand operations and reporting objectives Articulate principles to facilitate effective internal control Enhancements Updates Context Broadens Application Clarifies Requirements Updated Framework COSO s Internal Control Integrated Framework (2013 Edition) 18

20 Overview of What Is and Is Not Changing Update expected to increase ease of use and broaden application What is not changing... What is changing... Core definition of internal control Three categories of objectives and five components of internal control Each of the five components of internal control are required for effective internal control Important role of judgment in designing, implementing and conducting internal control, and in assessing its effectiveness Changes in business and operating environments considered Operations and reporting objectives expanded Fundamental concepts underlying five components articulated as principles with points of focus as additional guidance Additional approaches and examples relevant to operations, compliance, and non-financial reporting objectives added 19

21 2013 Framework Articulates Principles and Points of Focus 2013 COSO Cube Control Environment Risk Assessment Control Activities Information and Communication 5 Components 17 Principles Points of focus Controls Principles articulate fundamental concepts of components Points of focus describe important characteristics of principles Monitoring Activities Legend Components and Principles are requirements for an effective system of internal control Points of Focus and Controls are subject to management judgment 20

22 New Internal Control Principles Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies Slide Source: COSO IC-IF Outreach Deck_ ( 21

23 Update Clarifies Requirements for Effective Internal Control Effective internal control provides reasonable assurance regarding the achievement of objectives and requires that: - Each component and each relevant principle is present and functioning - The five components are operating together in an integrated manner Each principle is suitable to all entities; all principles are presumed relevant. Components operate together when: - all components are present and functioning - internal control deficiencies aggregated across components do not result in one or more major deficiencies Components are present and functioning if each relevant principle is present and functioning - no major deficiencies exist. 22

24 Control Environment More Detail Control Environment The set of standards, processes and structures that provide the basis for carrying out internal control across the organization. Newly defined principles 1. The organization demonstrates a commitment to integrity and ethical values. 2. The board of directors demonstrates independence of management and exercises oversight of the development and performance of internal control. 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 4. The organization demonstrates a commitment to attract, develop and retain competent individuals in alignment with objectives. 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. 23

25 Example Principle and Related Points of Focus Control Environment 1. Demonstrates commitment to integrity and ethical values. Points of Focus: Sets the tone at the top Establishes standards of conduct Evaluates adherence to standards of conduct Addresses deviations in a timely manner 24

26 Example of Controls Embedded in Other Internal Control Components Component Control Environment Principle 1. Demonstrates commitment to integrity and ethical values. Controls embedded in other components may effect this principle Human Resources review employees confirmations to assess whether standards of conduct are understood and adhered to by staff across the entity. Management obtains and reviews data and information underlying potential deviations captured in whistleblower hotline to assess quality of information. Internal Audit separately evaluates Control Environment, considering employee behaviors and whistleblower hotline results and reports thereon. Control Environment Information & Communication Monitoring Activities 25

27 Transition & Impact Users are encouraged to transition applications and related documentation to the updated Framework as soon as feasible. Updated Framework will supersede original Framework at the end of the transition period (i.e., December 15, 2014). During the transition period, external reporting should disclose whether the original or updated version of the Framework was used. Impact of adopting the updated Framework will vary by organization: Does your system of internal control need to address changes in business? Does your system of internal control need to be updated to address all principles? Does your organization apply and interpret the original Framework in the same manner as COSO? Is your organization considering new opportunities to apply internal control to cover additional objectives? 26

28 Steps for Implementing 2013 Framework Understand the Framework Identify key stakeholders Awareness / education / training Map existing controls to principles Gap analysis / remediation Update documentation Timing considerations Updated Framework will supersede original Framework on December 15, 2014 Earlier implementation encouraged During the transition, external reporting should disclose which version of the Framework was used 27

29 SOX 404 Ramifications 28

30 Transitioning to COSO 2013 Required for fiscal years ending after December 15, 2014; early adoption is encouraged. During the transition period, external reporting should disclose whether the original or updated version of the Framework was used. In, and by itself, many are finding the transition to COSO 2013 to be a mapping/documentation exercise. - Process level controls: Mostly an exercise in mapping controls to the COSO principles (in addition to the financial statement assertions) - Entity level controls: Enhancing documentation around entity-level controls and then mapping to the COSO principles HOWEVER, there are other considerations 29

31 Regulatory Observations Recent SEC Remarks some have suggested that auditors and the PCAOB have higher expectations than management when considering the adequacy of entity-level controls or the severity of control deficiencies I continue to question whether all material weaknesses are being properly identified. It is surprisingly rare to see management identify a material weakness in the absence of a material misstatement. it may be useful for management to dust off the SEC s 2007 interpretive guidance and compare management s ICFR evaluation process to the SEC guidance to see if improvements are in order. PCAOB Alert No. 11 Focus Greater testing of system-generated data and reports that support downstream controls More thorough documentation mapping of assertions to the controls identified More substantive testing to evidence auditor s understanding of reviews performed over a control s effectiveness, including the reviewer s competence Increasing the level of control design testing and documentation to more thoroughly evidence the auditor s level of comfort that controls are designed to adequately address their stated objectives 30

32 Additional Factors to Consider Other considerations while transitioning: - Degree of separation that exists between financial controls in place and those identified for SOX 404 purposes - Degree of documentation that exists for entity-level controls Now may be an opportune time to refresh your entire SOX 404 compliance program, including: - Scope - Entity-level controls - Recent changes (e.g., process changes, acquisitions) - Adequacy of control design documentation - Increased control-based testing vs. inquiry and observation - Financial statement assertion coverage - Tools and templates 31

33 Recommended Actions It depends: - What is your motivation for considering a formalized internal control framework? - Where is your company in its internal control maturity model? At a minimum: - Familiarize yourself with COSO s updated Framework and other relevant control frameworks - Discuss with audit committee/board and management Consider: - Adopting a formal internal control framework - Establishing a process for identifying, assessing and implementing necessary changes in controls and related documentation - Developing and implementing a plan to meet key objectives of your selected framework 32

34 Questions? Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Greg Schu Partner, National Leader of Information Technology Audit Services Mark Kultgen Partner, National Leader of Internal Audit & SOX Services

35 Appendix A Points of Focus 34

36 Points of Focus Control Environment Principle 1. Demonstrates commitment to integrity and ethical values Sets the tone at the top Establishes standards of conduct Evaluates adherence to standards of conduct Addresses deviations in a timely manner Principle 2. Exercises oversight responsibility Establishes oversight responsibilities Applies relevant expertise Operates independently Provides oversight for the system of internal control Principle 3. Establishes structure, authority and responsibility Considers all structures of the entity Establishes reporting lines Defines, assigns and limits authorities and responsibilities Principle 4. Demonstrates commitment to competence Establishes policies and practices Evaluates competence and addresses shortcomings Attracts, develops and retains individuals Plans and prepares for succession Principle 5. Enforces accountability Enforces accountability through structures, authorities and responsibilities Establishes performance measures, incentives and rewards Evaluates performance measures, incentives and rewards for ongoing relevance Considers excessive pressures Evaluates performance and rewards or disciplines individuals 35

37 Points of Focus Risk Assessment Principle 6. Specifies suitable objectives Operations objectives Reflects management s choices Considers tolerances for risk Includes operations and financial performance goals Forms a basis for committing resources External financial reporting objectives Complies with applicable accounting standards Considers materiality Reflects entity activities External non-financial reporting objectives Complies with externally established standards and frameworks Considers the required level of precision Reflects entity activities Internal reporting objectives Reflects management s choices Considers the required level of precision Reflects entity activities Compliance objectives Reflects external laws and regulations Considers tolerances for risk Principle 7. Identifies and analyzes risk Includes entity, subsidiary, division, operating unit and functional levels Analyzes internal and external factors Involves appropriate levels of management Estimates significance of risks identified Determines how to respond to risks Principle 8. Assesses fraud risk Considers various types of fraud Assesses incentive and pressures Assesses opportunities Assesses attitudes and rationalizations Principle 9. Identifies and analyzes significant change Assesses change in the external environment Assesses change in the business model Assesses change in leadership 36

38 Points of Focus Control Activities Principle 10. Selects and develops control activities Integrates with risk assessment Considers entity-specific factors Determines relevant business processes Evaluates a mix of control activity types Considers at what level activities are applied Addresses segregation of duties Principle 11. Selects and develops general controls over technology Determines dependency between the use of technology in business processes and technology general controls Establishes relevant technology infrastructure control activities Establishes relevant security management process control activities Establishes relevant technology acquisition, development and maintenance process control activities Principle 12. Deploys through policies and procedures Establishes policies and procedures to support deployment of management s directives Establishes responsibility and accountability for executing policies and procedures Performs in a timely manner Takes corrective action Performs using competent personnel Reassesses policies and procedures 37

39 Points of Focus Information and Communication Principle 13. Uses relevant information Identifies information requirements Captures internal and external sources of data Processes relevant data into information Maintains quality throughout processing Considers costs and benefits Principle 15. Communicates externally Communicates to external parties Enables inbound communications Communicates with the board of directors Provides separate communication lines Selects relevant method of communication Principle 14. Communicates internally Communicates internal control information Communicates with the board of directors Provides separate communication lines Selects relevant method of communication 38

40 Points of Focus Monitoring Activities Principle 16. Conducts ongoing and/or separate evaluations Considers a mix of ongoing and separate evaluations Considers rate of change Establishes baseline understanding Uses knowledgeable personnel Integrates with business processes Adjusts scope and frequency Objectively evaluates Principle 17. Evaluates and communicates deficiencies Assesses results Communicates deficiencies Monitors corrective actions 39

41 This document contains general information, may be based on authorities that are subject to change, and is not a substitute for professional advice or services. This document does not constitute assurance, tax, consulting, business, financial, investment, legal or other professional advice, and you should consult a qualified professional advisor before taking any action based on the information herein. McGladrey LLP, its affiliates and related entities are not responsible for any loss resulting from or relating to reliance on this document by any person. McGladrey LLP is an Iowa limited liability partnership and the U.S. member firm of RSM International, a global network of independent accounting, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. McGladrey, the McGladrey logo, the McGladrey Classic logo, The power of being understood, Power comes from being understood, and Experience the power of being understood are registered trademarks of McGladrey LLP. McGladrey LLP Von Karman Suite 500 Irvine, CA

An overview of COSO s 2013 Internal Control-Integrated Framework

An overview of COSO s 2013 Internal Control-Integrated Framework An overview of COSO s 2013 Internal Control-Integrated Framework Prepared by: Sara Lord, Partner, National Professional Standards Group, McGladrey LLP sara.lord@mcgladrey.com May 2013 Introduction In 1992,

More information

Internal Control Integrated Framework. May 2013

Internal Control Integrated Framework. May 2013 Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of

More information

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,

More information

SEC auditor independence considerations

SEC auditor independence considerations SEC auditor independence considerations When a PEG has a registered investment adviser September 2013 The Dodd-Frank Wall Street Reform and Consumer Protection Act requires most advisers of private funds

More information

COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP

COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP Disclaimer The material appearing in this presentation is for informational purposes only and should not be construed

More information

February 2015. Sample audit committee charter

February 2015. Sample audit committee charter February 2015 Sample audit committee charter Sample audit committee charter This sample audit committee charter is based on observations of selected companies and the requirements of the SEC, the NYSE,

More information

A Practical Approach to Implementing the COSO Internal Control Integrated Framework

A Practical Approach to Implementing the COSO Internal Control Integrated Framework A Practical Approach to Implementing the COSO Internal Control Integrated Framework Dr. Sandra B. Richtermeyer, CPA, CMA IMA s COSO Board Member Professor of Accountancy & Associate Dean Xavier University

More information

COSO 2013 Internal Control Framework

COSO 2013 Internal Control Framework COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1 Who/What

More information

COSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting

COSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 SIGNIFICANT CHANGES AFFECTING INTERNAL CONTROL

More information

COSO Framework 2013 & SOX Compliance. Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013

COSO Framework 2013 & SOX Compliance. Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013 COSO Framework 2013 & SOX Compliance Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013 What s Happened On May 14, 2013, after a little more than 20 years the Committee of Sponsoring

More information

COSO Internal Control Integrated Framework (2013)

COSO Internal Control Integrated Framework (2013) COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)

More information

2013 COSO Framework Deloitte Training

2013 COSO Framework Deloitte Training 2013 COSO Framework Deloitte Training Agenda Module Module 1 Module 2 Module 3 Module 4 Module 5 Module 6 Module 7 Module 8 Module 9 Module 10 Module 11 Topic COSO Background Objectives of Internal Control

More information

The Updated COSO Internal Control Framework

The Updated COSO Internal Control Framework The Updated COSO Internal Control Framework Frequently Asked Questions Second Edition Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing

More information

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall

More information

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied

More information

The Updated COSO Internal Control Framework. Frequently Asked Questions

The Updated COSO Internal Control Framework. Frequently Asked Questions The Updated COSO Internal Control Framework Frequently Asked Questions Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing thought leadership

More information

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF VIEWS AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN

More information

The 2013 COSO Framework & SOX Compliance

The 2013 COSO Framework & SOX Compliance The 2013 COSO Framework & SOX Compliance ONE APPROACH TO AN EFFECTIVE TRANSITION By J. Stephen McNally, CPA The 2013 COSO Framework & SOX Compliance ONE APPROACH TO AN EFFECTIVE TRANSITION By J. Stephen

More information

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,

More information

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers Sarbanes-Oxley Section 404: Compliance s for Foreign Private Issuers Table of Contents Requirements of the Act.............................................................. 1 Accelerated Filer s...........................................................

More information

Risk Assessment Standards Toolkit. Practical Guidance in Implementing SFAS 104 111

Risk Assessment Standards Toolkit. Practical Guidance in Implementing SFAS 104 111 Risk Assessment Standards Toolkit Practical Guidance in Implementing SFAS 104 111 Risk Assessment Standards Toolkit Practical Guidance in Implementing Statements on Auditing Standards 104 Through 111 About

More information

Corporate Governor. New COSO Framework links IT and business process

Corporate Governor. New COSO Framework links IT and business process Corporate Governor Providing vision and advice for management, boards of directors and audit committees Summer 2014 New COSO Framework links IT and business process Michael Rose, Partner, Business Advisory

More information

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased

More information

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition 1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

Re: PCAOB Release No. 2015-005 (Docket Matter No. 41) Concept Release on Audit Quality Indicators ( Concept Release )

Re: PCAOB Release No. 2015-005 (Docket Matter No. 41) Concept Release on Audit Quality Indicators ( Concept Release ) October 22, 2015 VIA E-MAIL comments@pcaobus.org Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington DC 20006-2803 Re: PCAOB Release No. 2015-005 (Docket Matter

More information

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners. Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international

More information

Audit of the Policy on Internal Control Implementation

Audit of the Policy on Internal Control Implementation Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.

More information

G24 - SAS 70 Practices and Developments Todd Bishop

G24 - SAS 70 Practices and Developments Todd Bishop G24 - SAS 70 Practices and Developments Todd Bishop SAS No. 70 Practices & Developments Todd Bishop Senior Manager, PricewaterhouseCoopers LLP Agenda SAS 70 Background Information and Overview Common SAS

More information

CHAPTER 3 INTERNAL CONTROL OVER FINANCIAL REPORTING: MANAGEMENT S RESPONSIBILITIES AND IMPORTANCE TO THE EXTERNAL AUDITORS

CHAPTER 3 INTERNAL CONTROL OVER FINANCIAL REPORTING: MANAGEMENT S RESPONSIBILITIES AND IMPORTANCE TO THE EXTERNAL AUDITORS A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 3 INTERNAL CONTROL OVER FINANCIAL REPORTING: MANAGEMENT

More information

BDO Seidman, LLP Accountants and Consultants

BDO Seidman, LLP Accountants and Consultants BDO Seidman, LLP Accountants and Consultants 330 Madison Avenue New York, NY 10017 (212) 885-8000 Phone (212) 697-1299 Fax Via E-mail: comments@pcaobus.org Office of the Secretary Public Company Accounting

More information

SARBANES-OXLEY SECTION 404

SARBANES-OXLEY SECTION 404 SARBANES-OXLEY SECTION 404 A TOOLKIT FOR MANAGEMENT AND AUDITORS VOLUME 2 Public Company Accounting Oversight Board The Public Company Accounting Oversight Board (PCAOB) was established by Congress under

More information

Effective Internal Audit in the Financial Services Sector

Effective Internal Audit in the Financial Services Sector Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors

More information

Sarbanes-Oxley Control Transformation Through Automation

Sarbanes-Oxley Control Transformation Through Automation Sarbanes-Oxley Control Transformation Through Automation An Executive White Paper By BLUE LANCE, Inc. Where have we been? Where are we going? BLUE LANCE INC. www.bluelance.com 713.255.4800 info@bluelance.com

More information

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page

More information

Role is Broader and More Strategic

Role is Broader and More Strategic Internal Control Transformation IC s Role is Broader and More Strategic CACUBO Winter Workshop - 2013 Introduction Cindy Berg Director McGladrey LLP 201 N Harrison Street Davenport, Iowa 52801 cindy.berg@mcgladrey.com

More information

AUD105-2nd Edition. Auditor s Guide to IT - 20 hours. Objectives

AUD105-2nd Edition. Auditor s Guide to IT - 20 hours. Objectives AUD105-2nd Edition Auditor s Guide to IT - 20 hours Objectives More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types

More information

Internal Control over Financial Reporting Guidance for Smaller Public Companies

Internal Control over Financial Reporting Guidance for Smaller Public Companies Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked Questions Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked

More information

fs viewpoint www.pwc.com/fsi

fs viewpoint www.pwc.com/fsi fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a

More information

Internal Auditing Guidelines

Internal Auditing Guidelines Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may

More information

Trends in Information Technology (IT) Auditing

Trends in Information Technology (IT) Auditing Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan

More information

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE CHARTERED INSTITUTE OF INTERNAL AUDIT DEFINITION OF INTERNAL AUDIT Internal auditing is an independent, objective assurance and consulting activity designed

More information

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE Committee of Sponsoring Organizations of the Treadway Commission Governance and Internal Control LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE By The Institute of Internal Auditors Douglas J. Anderson

More information

Oceaneering International, Inc. Audit Committee Charter

Oceaneering International, Inc. Audit Committee Charter Oceaneering International, Inc. Audit Committee Charter Purpose The Audit Committee of the Board of Directors (the Committee ) is appointed by the Board of Directors (the Board ) to assist the Board in

More information

New CFPB mortgage servicing rules present significant challenges for mortgage servicers

New CFPB mortgage servicing rules present significant challenges for mortgage servicers New CFPB mortgage servicing rules present significant challenges for mortgage servicers Prepared by: Jose Vivar, Director, McGladrey LLP 312-634-4394, jose.vivar@mcgladrey.com Michael Sher, Partner, McGladrey

More information

Brink's Modern. Internal Auditing. Eighth Edition. A Common Body of Knowledge ROBERT R. MOELLER WILEY

Brink's Modern. Internal Auditing. Eighth Edition. A Common Body of Knowledge ROBERT R. MOELLER WILEY Brink's Modern Internal Auditing Eighth Edition A Common Body of Knowledge ROBERT R. MOELLER WILEY Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

GAO. Government Auditing Standards. 2011 Revision. By the Comptroller General of the United States. United States Government Accountability Office

GAO. Government Auditing Standards. 2011 Revision. By the Comptroller General of the United States. United States Government Accountability Office GAO United States Government Accountability Office By the Comptroller General of the United States December 2011 Government Auditing Standards 2011 Revision GAO-12-331G GAO United States Government Accountability

More information

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement Understanding the Entity and Its Environment 1667 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55.) Source: SAS No. 109.

More information

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued

More information

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

AN OVERVIEW OF INFORMATION SECURITY STANDARDS AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

The Procter & Gamble Company Board of Directors Audit Committee Charter

The Procter & Gamble Company Board of Directors Audit Committee Charter The Procter & Gamble Company Board of Directors Audit Committee Charter I. Purposes. The Audit Committee (the Committee ) is appointed by the Board of Directors for the primary purposes of: A. Assisting

More information

Sarbanes-Oxley Section 404: Management s Assessment Process

Sarbanes-Oxley Section 404: Management s Assessment Process Sarbanes-Oxley Section 404: Management s Assessment Process Frequently Asked Questions ADVISORY Contents 1 Introduction 2 Providing a Road Map for Management 3 Questions and Answers 3 Section I. Planning

More information

Information Security Management System for Microsoft s Cloud Infrastructure

Information Security Management System for Microsoft s Cloud Infrastructure Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System

More information

CRR-NIST CSF Crosswalk 1

CRR-NIST CSF Crosswalk 1 IDENTIFY (ID) Asset Management (AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative

More information

NIST Cybersecurity Framework & A Tale of Two Criticalities

NIST Cybersecurity Framework & A Tale of Two Criticalities NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented

More information

The Committee of Sponsoring Organizations of the Treadway Commission

The Committee of Sponsoring Organizations of the Treadway Commission The Committee of Sponsoring Organizations of the Treadway Commission Request for Proposal to Develop Additional Application Guidance on Monitoring, Including Tools and Techniques October 17, 2006 The Committee

More information

Self-Service SOX Auditing With S3 Control

Self-Service SOX Auditing With S3 Control Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with

More information

[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06]

[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

Health care internal audit: Identifying prevalent risks within your organization

Health care internal audit: Identifying prevalent risks within your organization Health care internal audit: Identifying prevalent risks within your organization Overview The health care sector continues to go through many changes, presenting several new risks and a host of complicated

More information

Vendor Management Best Practices

Vendor Management Best Practices 23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations

More information

Loan Origination Governance & Controls:

Loan Origination Governance & Controls: Loan Origination Governance & Controls: Fannie Mae s Expectations of Lender Management Looking at Loan Quality as an Example 2011 Fannie Mae. Trademarks of Fannie Mae. 2013 Fannie Mae Trademarks of Fannie

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting. Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Internal Controls Over Financial Reporting Prepared by: Audit and Assurance Services Branch Project #: 14-05 November 2014

More information

Risk Considerations for Internal Audit

Risk Considerations for Internal Audit Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

ACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document.

ACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document. Internal Control ACCA P1 Internal Control Turnbull Report 1999 provided guidance for creating strong internal control system and later incorporated into Combined code, it was last revised in 2005 and still

More information

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT REPORT JUNE 2010 TABLE OF CONTENTS EXCUTIVE SUMMARY... 3 1 INTRODUCTION... 5 1.1 AUDIT OBJECTIVE. 5 1.2 SCOPE...5 1.3 SUMMARY

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Key Benchmarks. NACUBO 2013 Planning and Budgeting Forum September 17, 2013

Key Benchmarks. NACUBO 2013 Planning and Budgeting Forum September 17, 2013 Key Benchmarks NACUBO 2013 Planning and Budgeting Forum September 17, 2013 Agenda Purpose of ratios and benchmarking Important key performance measures definitions and calculations Analyzing the results

More information

J-SOX Compliance Approach Best Practices for Foreign Subsidiaries November 8, 2007

J-SOX Compliance Approach Best Practices for Foreign Subsidiaries November 8, 2007 J-SOX Compliance Approach Best Practices for Foreign Subsidiaries November 8, 2007 Protiviti Background Consulting firm dedicated to business and technology risk consulting, and internal audit services

More information

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship

More information

Audit of the Test of Design of Entity-Level Controls

Audit of the Test of Design of Entity-Level Controls Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents

More information

OUTSOURCING AND SERVICE AUDITOR S REPORTS

OUTSOURCING AND SERVICE AUDITOR S REPORTS OUTSOURCING AND SERVICE AUDITOR S REPORTS FREEDOM TO DO BUSINESS Outsourcing and service Auditor s Reports 3 OUTSOURCING AND SERVICE AUDITOR S REPORTS SERVICE AUDITOR S REPORTS ARE GROWING IN IMPORTANCE,

More information

T The Revised COSO ERM Framework. Robert Hirth Chairman, COSO

T The Revised COSO ERM Framework. Robert Hirth Chairman, COSO T The Revised COSO ERM Framework Robert Hirth Chairman, COSO COSO: Thought Leadership to Improve Your Organization What the Heck is COSO?... Originally formed in 1985, COSO is a joint initiative of five

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information

The Legal Pitfalls of Failing to Develop Secure Cloud Services

The Legal Pitfalls of Failing to Develop Secure Cloud Services SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global

More information

A Sarbanes-Oxley Roadmap to Business Continuity

A Sarbanes-Oxley Roadmap to Business Continuity A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT New Internal Control Requirements for Companies with Operations in India November 9, 2015 In the aftermath of major global financial frauds, several countries enacted legislation

More information

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS I. STATEMENT OF POLICY The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Halozyme Therapeutics,

More information

Advanced Data Analytics, the Fraudsters Worst Enemy

Advanced Data Analytics, the Fraudsters Worst Enemy Advanced Data Analytics, the Fraudsters Worst Enemy Introducing Powerful Tools and Techniques to Uncover Fraud Agenda Overview of data analytics in the anti-fraud and fraud investigation context Capability

More information

Guide to Internal Control Over Financial Reporting

Guide to Internal Control Over Financial Reporting Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).

More information

CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION FORMULATION PROCESS

CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION FORMULATION PROCESS A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION

More information

Internal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned

Internal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned Internal Controls over Financial Reporting Integrating in Business Processes & Key Lessons learned Introduction Stephen McIntyre, CA, CPA (Illinois) Senior Manager at Ernst & Young in the Risk Advisory

More information

Compliance and Ethics at the Federal Reserve Bank of New York

Compliance and Ethics at the Federal Reserve Bank of New York Compliance and Ethics at the Federal Reserve Bank of New York Operational Risk and Internal Audit Course Marina Adams, Compliance Officer and AVP David K. Clune, Compliance and Ethics Officer Kevin White,

More information

2015-16 Internal Control Questionnaire and Assessment

2015-16 Internal Control Questionnaire and Assessment Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 9, 2015 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org TABLE

More information

Governance SPICE. ISO/IEC 15504 for Internal Financial Controls and IT Management. By János Ivanyos, Memolux Ltd. (H)

Governance SPICE. ISO/IEC 15504 for Internal Financial Controls and IT Management. By János Ivanyos, Memolux Ltd. (H) Governance SPICE ISO/IEC 15504 for Internal Financial Controls and IT Management By János Ivanyos, Memolux Ltd. (H) 1. Evaluating Internal Controls against Governance Frameworks Corporate Governance is

More information

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised) IFAC Board Exposure Draft August 2012 Comments due: December 11, 2012 Proposed International Education Standard (IES) 8 Professional Development for Engagement Partners Responsible for Audits of Financial

More information

Electronic Audit Evidence (EAE) and Application Controls. Tulsa ISACA Chapter December 11, 2014

Electronic Audit Evidence (EAE) and Application Controls. Tulsa ISACA Chapter December 11, 2014 Electronic Audit Evidence (EAE) and Application Controls Tulsa ISACA Chapter December 11, 2014 Agenda Recent IT-related PCAOB inspection themes: Internal control over financial reporting Multi-location

More information

FAQs New Service Organization Standards and Implementation Guidance

FAQs New Service Organization Standards and Implementation Guidance FAQs New Service Organization Standards and Implementation Guidance During the past two years several significant changes have occurred in audit and attest standards for reporting on controls at service

More information

Information about 2015 Inspections

Information about 2015 Inspections Vol. 2015/2 October 2015 Staff Inspection Brief The staff of the Public Company Accounting Oversight Board ( PCAOB or Board ) prepares Inspection Briefs to assist auditors, audit committees, investors,

More information

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Examination of an Entity s Internal Control 1403 AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:

More information

A SOX2007.com White Paper

A SOX2007.com White Paper A SOX2007.com White Paper SOX 404 and Small Companies: A Cost Effective Approach to 2007 Compliance Background The Sarbanes-Oxley Act (SOX) was passed by Congress in July 2002 to address corporate mismanagement

More information