PCAOB Public Company Accounting Oversight Board



Similar documents
PCAOB Public Company Accounting Oversight Board

PCAOB. The Honorable Christopher Cox Chairman Securities and Exchange Commission 100 F Street, NE Washington, DC 20549

Review of the SEC s Systems Certification and Accreditation Process

STAFF AUDIT PRACTICE ALERT NO. 5 AUDITOR CONSIDERATIONS REGARDING SIGNIFICANT UNUSUAL TRANSACTIONS. April 7, 2010

Guide to Pcaob Inspections

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL 400 MARYLAND AVENUE, S.W. WASHINGTON, DC

Virginia Commonwealth University Police Department

2012 FISMA Executive Summary Report

Report on Inspection of Gregory & Associates, LLC (Headquartered in Salt Lake City, Utah) Public Company Accounting Oversight Board

Subject: GSA On-line Procurement Programs Lack Documentation and Reliability Testing

Code of Ethical Conduct

STANDING ADVISORY GROUP MEETING

Standards for the Professional Practice of Internal Auditing

Henkel s Compliance Management System (CMS)

Report on Inspection of B F Borgers CPA PC (Headquartered in Denver, Colorado) Public Company Accounting Oversight Board

Re: PCAOB Release No (Docket Matter No. 41) Concept Release on Audit Quality Indicators ( Concept Release )

Fiscal Policies and Procedures Fraud, Waste & Abuse

Border Security: U.S. Customs and Border Protection Provides Integrity-Related Training to Its Officers and Agents throughout Their Careers

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System

U.S. CORPORATE ETHICS AND COMPLIANCE POLICY

Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan

STANDING ADVISORY GROUP MEETING

Office of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL

PCAOB Concept Release on Audit Quality Indicators Summary & Considerations for Stakeholder Comment

ELEMENT FINANCIAL CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS

PROCEDURES FOR REPORTING BY EMPLOYEES OF COMPLAINTS AND CONCERNS REGARDING QUESTIONABLE ACTS

CODE OF CONDUCT AND ETHICS

FERRARI N.V. AUDIT COMMITTEE CHARTER (Effective as of January 3, 2016)

Inspection of MS Group CPA L.L.C. (Headquartered in Edison, New Jersey) Public Company Accounting Oversight Board

Report on Inspection of Kabani & Company, Inc. (Headquartered in Los Angeles, California) Public Company Accounting Oversight Board

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Johnson Electric Group Code of Ethics and Business Conduct

The SEC s Whistleblower Program Christian Bartholomew June 2012 Sarah Nilson

COMPLIANCE PROGRAM FOR XL GROUP PLC

Our Vendor Code of Conduct

2. What do people mean when they say "Sarbanes-Oxley"?

VCU HEALTH SYSTEM Compliance Program. Updated August 2015

MEDICAID COMPLIANCE POLICY

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

JHSPH Acceptable Use Policy

Inspection of Chang G Park (Headquartered in San Diego, California) Public Company Accounting Oversight Board

March 28, Dear Chairmen Rockefeller, Murray, Mica, and Latham:

Clear Creek ISD CQ (REGULATION) Business and Support Services: Electronic Communications

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Notification and Federal Employee Antidiscrimination and Retaliation Act Report. Fiscal Years United States Nuclear Regulatory Commission

) ) ) ) ) ) ) ) ) ) )

AUDIT REPORT. Materials System Inventory Management Practices at Washington River Protection Solutions

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF THE INSPECTOR GENERAL. August 9, 2005

May 2 1,2009. Re: DHS Data Privacy and Integrity Advisory Committee White Paper on DHS Information Sharing and Access Agreements

PROFESSIONALISM in PRACTICE

CODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS

POLICY Adopted by Board of Education: 4/20/05

MEAD JOHNSON NUTRITION COMPANY CODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS

Guide to Public Company Auditing

Inspection of Fazzari + Partners LLP Chartered Accountants (Headquartered in Vaughan, Canada) Public Company Accounting Oversight Board

Transcription:

PCAOB Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org September 27,2011 The Honorable Mary L. Schapiro Chairman Securities and Exchange Commission 100 F Street, NE Washington, DC 20549 Dear Chairman Schapiro: I am pleased to transmit a summary of a recent performance review by the Public Company Accounting Oversight Board's ("PCAOB") Office of Internal Oversight and Performance Assurance ("IOPA"), entitled, Review of the Public Company Accounting Oversight Board's Controls Over Employee Internet Activity. Shortly after I joined the PCAOB, I asked IOPA to conduct this review to provide me assurance as to the effectiveness of the PCAOB's content-filtering tools and other processes to detect and prevent inappropriate activity. At the same time, I directed the Office of Administration, which oversees the Office of Information Technology ("Oir), to evaluate available IT tools to detect internet activity that may be contrary to PCAOB policy and consider whether any new content-filtering technologies could enhance the PCAOB's detection capabilities. The PCAOB's Office of Administration identified and, in May 2011, implemented new software that allows for enhanced screening, blocking, and reporting of inappropriate internet activity. IOPA has examined OIT's implementation of this software and determined that it does provide a more sensitive detection tool and more robust reporting. Since implementing this new software, OIT has detected several instances of inappropriate use, each of which has been addressed, through employee counseling or discipline, as appropriate. In addition to resolving these specific incidents, in June 2011, the PCAOB's Ethics Officer and Director of Compliance and Risk Management issued an organization-wide Ethics and Compliance Alert to highlight "Dos and Don'ts" when using PCAOB information technology and to inform employees of the recent enhancements to the PCAOB's internet monitoring technologies. I also emphasized the importance of compliance with the PCAOB's policy on acceptable use of PCAOB equipment in a June Town Hall meeting with all employees. And I understand that the Ethics Officer has asked each division and office director to meet with their staffs to reinforce this message.

PCAOB Public Company Accounting Oversight Board The Honorable Mary L. Schapiro September 27,2011 Page 2 IOPA's review resulted in two recommendations for future action. The Chief Administrative Officer ("CAO") concurred with both recommendations. First, given that our more sensitive content-filtering software may detect more matters that require review, IOPA recommended that the PCAOB further define processes for the disposition of potential instances of inappropriate use of PCAOB technology, including documentation requirements. The CAO, with others in the Office of Administration, worked with the Office of General Counsel and implemented this recommendation. Second, IOPA recommended that the PCAOB determine the need for additional or enhanced forensic capabilities and, if appropriate, include estimates for such enhancements in future OIT budget requests. The CAO directed OIT to review the need for additional capabilities and OIT has allocated both time and resources in the 2012 budget to make that determination. The Board intends to publish the attached summary on the PCAOB's Web site on or about October 5, 2011. You and your staff should feel free to contact me or the Director of IOPA, Peter Schleck (202-207-9085), if you have any questions or would like any additional information about the review. Sincerely, Enclosure: Review of the Public Company Accounting Oversight Board's Controls Over Employee Internet Activity (IOPA-2011-002), September 9,2011 cc: The Honorable Elisse B. Walter The Honorable Luis A. Aguilar The Honorable Troy A. Paredes

1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org REVIEW OF THE PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD S CONTROLS OVER EMPLOYEE INTERNET ACTIVITY (IOPA-2011-002) INTERNAL OVERSIGHT AND PERFORMANCE ASSURANCE UBACKGROUND AND OBJECTIVE Government agencies and other public organizations suffer reputational harm when news headlines broadcast that their employees engaged in inappropriate internet activity using company computers or networks. The Public Company Accounting Oversight Board (PCAOB) seeks to prevent such inappropriate activity and thereby avoid this type of reputational embarrassment through its employee policies and trainings. The PCAOB s Ethics Code, its Policy on Acceptable Use of Information Technology, and its Policy Prohibiting Sexual Harassment establish guidelines for employee internet usage. The Office of Internal Oversight and Performance Assurance (IOPA) conducted this review to determine whether the PCAOB has effective tools and processes in place to detect and prevent inappropriate internet content or activity. 1/ RESULTS IN BRIEF Our review disclosed that OIT was working to enhance its internet monitoring tools; however, we noted some inconsistencies regarding the disposition and documentation of potential violations. As of late May 2011, the PCAOB s Office of Information Technology (OIT) was in the process of deploying new software that allowed for better screening, blocking, and reporting of inappropriate internet usage. Within the first few days following initial deployment, OIT had identified instances of inappropriate activity 1/ This is a public summary of the report. The full report, prepared in accordance with Government Auditing Standards, has been issued to the Board. The full report includes a detailed discussion of the review objective, scope, and methodology.

Controls Over Employee Internet Activity Page 2 by three PCAOB employees. Such activity included using PCAOB equipment to view material inappropriate for the workplace. At the time of our review, OIT was gathering additional information and considering appropriate action. OIT had coordinated its efforts with the Ethics Officer, the Director of Human Resources (HR), and the Office of General Counsel (OGC). Disciplinary action for these employees was also under active consideration. 2/ Our review also disclosed that OIT had identified, and was working to address, a number of remaining technical weaknesses in its overall strategy for internet content filtering. Moreover, based on our review of available documentation as well as discussions with OIT, the Office of General Counsel (OGC), and HR IOPA concluded that the PCAOB s process for dealing with five previous internet usage incidents, that occurred between 2007 and 2011, had not been consistent and was not always well documented. OIT s Associate Director for Security told IOPA that content-filtering technologies used by the PCAOB prior to late May 2011 may not have detected all violations that occurred. In fact, the relatively small number of known incidents may have contributed to a belief that internet misuse was a relatively low-risk concern at the PCAOB. In this regard, there had been no PCAOB-wide communication about internet usage since 2007, when the Policy on Acceptable Use of Information Technology (Acceptable Use Policy) was published and the PCAOB Exchange featured a related article. Employees did receive some guidance regarding appropriate internet usage during mandatory Respect in the Workplace Training, which was held in 2008 and 2011. On June 23, 2011, the PCAOB s Ethics Officer and Director of Compliance and Risk Management emailed an Ethics and Compliance Alert, highlighting the Dos and Don ts of internet usage, to all PCAOB employees. The email summarized the governing PCAOB policies and gave explicit examples of appropriate, and inappropriate, internet usage. The email alert, along with recent Town Hall comments from the PCAOB Chairman, provided, in our view, a realistic assessment regarding technology in the workplace and the necessity for employees to exercise good 2/ During follow-up discussions, an HR representative informed IOPA that HR had individually counseled each of the three employees who had visited inappropriate sites, provided them with a written warning, and documented the incident in each employee s personnel file. However, OIT also informed IOPA that during this same time period, OIT had discovered that additional employees were possibly engaging in inappropriate internet activity.

Controls Over Employee Internet Activity Page 3 judgment. In this regard, recent news stories featuring Federal employees and public officials who have misused technology have clearly demonstrated that such incidents can quickly damage an organization s reputation and distract attention from its public service mission. The full report included two recommendations to the Chief Administrative Officer (CAO) aimed at improving aspects of the PCAOB s processes for dealing with misuse of technology. The CAO provided a written response to a draft of the report, which fully supported IOPA s recommendations and stated that steps were already underway to address the recommendations.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information