Sarbanes-Oxley Act - PowerPoint PPT Presentation

1 / 27

About This Presentation

Title:

Sarbanes-Oxley Act

Description:

Sarbanes-Oxley Act Effectivity of Internal Control on financial reporting Han Levink March 7, 2006 Why Sarbanes-Oxley? The SOA was enacted in 2002, largely in ... – PowerPoint PPT presentation

Number of Views:192

Avg rating:3.0/5.0

Slides: 28

Provided by: Levin5

Category:

more less

Transcript and Presenter's Notes

Title: Sarbanes-Oxley Act

1
Sarbanes-Oxley Act

Effectivity of Internal Control
on financial reporting
Han Levink
March 7, 2006

2
Why Sarbanes-Oxley?

The SOA was enacted in 2002, largely in response
to a number of major corporate and accounting
scandals involving some of the most prominent
companies in the US
These scandals have resulted in a great loss of
public trust in corporate accounting and
reporting practices

3
Section 302 Corporate Responsibility for
financial reports

Statement (verklaring)
Inhoud van (niet-)financiële rapportages is juist
en volledig
Rapportagesystemen zijn betrouwbaar
Tijdige rapportage
Objective
Transparantie van financiële informatie

4
Section 404Management Assessment of internal
controls

Management is verantwoordelijk voor opzetten en
handhaven van een adequaat Internal Control
Framework (ICF) en adequate procedures met
betrekking tot de financiële verslaglegging
Oordeel over de effectiviteit van het ICF en
procedures in een statement

5
Implications of sections 302 and 404

Cijfermatige weergave van de prestaties op een
juiste en eenduidige wijze in het jaarverslag
Aantonen dat deze cijfers op een betrouwbare en
controleerbare manier tot stand zijn gekomen
Consequentie Controle op controle
Omslag van Trust me and Tell me naar
Show me and Prove me
The external auditor has attested to, and
reported on, managements evaluation of internal
controls

6
Effects of SOA on ICF

Show me and prove me
in Internal Control Framework (ICF)
No material weaknesses
No significant deficiencies
in key controls

7
Material weakness

Defined as a condition in which the design or
operation of one or more of the internal control
components does not reduce to a relatively low
level the risk that misstatements caused by error
or fraud in amounts that would be material in
relation to the financial statements may occur
and not be detected within a timeley period by
employees in the normal course of performing
their assigned functions

8
Effects of implementation of SOA on an
organisation

Organisational
Investments and benefits
Culture and people
Statements

9
Significant factors of SOA impact on an
organisation

Quality of excisting ICF
Processes in which key controls are present
should be clearly described and should be actual
Damage to image
Problems on e.g. capital market, labor market
CPAs are reserved
Sanctions by Public Company Accounting Oversight
Board (PCAOB)
Feeling of comfortabilty of management
See next pages

10
Organisational effects

Higher risk awareness of employees
Higher awareness of employees regarding their
tasks and responsibilities
Tasks and responsibilities are made more
explicitly and if necessary made more
standardized
Increase of importancy of culture and way of
working as a control system
Efficiency advantages by uniformization of
(redundant) processes

11
Organisational effects

Focus on describing of relations and
hand-over-moments between departments
Clear definition of key controls
SOA activities as part of daily work (CSF would
be the embedding in organisation)
Documentation (seven years project and test
plans, description of processes, control
documentation sheets, testscripts, testfiles)
Reallocation of priorities (by law) despite of
customer projects (ROI might decrease)

12
Investments and benefits

Dutch survey in 2004 on average 2000 internal
mandays were used (app. 1 million Euro) and
IT-investments range from 0.3 to 3 million Euro.
USA (Johnson Group) annual expenses on SOA 2.5
of salesvolume
University of Illinois in USA in 2004 in total
120 million hours on Section 404 and CPAs in
total 12 million hours estimate of total of
expenses 10 Billion Dollar

13
Culture and people

Effect of implementation of an ICF on
organisational culture differs from company to
company
Implementation of ICF should be an objective, not
a tool (not creating a bureaucratic culture)
Need for an entrepeneur culture
Initiatives taken by employees
Being respected by management
This requires
internal communication and
training

14
Culture and people

Objective of internal communication and
training
Mindset of management and employees in fact
change management should be executed smoothly

15
Internal communication and training in an
entrepeneur culture

CEO / CFO
Effect of SOA on work
Signing for SOA compliance
Controlling of annual SOA process
Mindset
Attention for creating risk awareness employees
Required Knowledge
SOA and COSO (Committee of Sponsoring
Organizations of the Treadway Commission)
Annual (signing)process

16
Internal communication and training in an
entrepeneur culture

Business Unit Manager
Effect of SOA on work
Final responsibility SOA compliance for the BU
Building/executing testing strategy and test
plans
Mindset
Recognize and propagate interest of SOA
Give priority to and sponsor SOA
Required knowledge
See CEO/CFO annual test proces
Secure SOA criteria in other / new projects

17
Internal communication and training in an
entrepeneur culture

Head of department
Effect of SOA on work
Keeping ICF up to date
Change management as a result of tests and audits
keeping control matrices actual
Risk analysis and designing IC measurements
Securing of SOA criteria in other / new projects
Mindset see BU manager
Required Knowledge
See BU Manager ICF reference documentation
Be able to judge processes and controls
Be able to design IC measurements

18
Internal communication and training in an
entrepeneur culture

Employees
Effect of SOA on work
Cooperate in test activities
Execute and judge IC measurements and IT controls
Mindset
Understand interest of being in control
Recognizing interest of testing
Involved with change management
Required Knowledge
What is SOA different kind of controls
Familiar with test processes, test directives
Familiar with processes and ICs in own
department

19
Statements

After updating ICF an approval procedure starts
Each division / unit / department states that
processes, IC measurements, applications and
IT-infrastructure are in control
Resulting in a network of statements
But each statement should be reviewed and signed
CEO/CFO rely on statements before final sign-off
Cultural aspect
In case of fear culture unreliable statements
In case of bureaucratic culture time consuming
Best result in an entrepeneur culture

20
Recommendations by SEC for bookyear 2005

Gebruik zowel kwantitatieve als kwalitatieve
controls bij de bepaling van significante
accounts en hanteer een top-downaanpak
Hanteer een risico-gebaseerde aanpak die de
grootste risicogebieden eerst afdekt
Richt aandacht niet alleen op financiële, maar
ook op operationele controls
Verbeter de effectiviteit van de financiële
controls door ze met de bedrijfsprocessen te
integreren
Zie SOA niet als een compliancy-verplichting maar
als kans om gehele business performance te
verbeteren gebruik hierbij het ICF als bril
voor analyse en verbetering.

21
Internal Control Framework

In the US, the most broadly accepted framework
for internal control is provided by the Committee
of Sponsoring Organizations of the Treadway
Commission (COSO)
COSO defines Internal control as a process
effected by an organizations board of directors,
management, and other personnel that provides
reasonable assurance regarding achievement of
objectives in three catogories

22
COSO objectives in 3 categories

Effective and efficient operations focuses on
key objectives, such as performance and
profitability goals and the safeguarding of
company assets
Reliable financial reporting covers the
preparation of reliable financial statements and
other financial information
Compliance with apllicable laws and regulations
to avoid damage to a companys reputation or
other negative outcomes

23
COSOs 5 components to achieve the internal
control objectives

Control environment serves as the foundation for
an ICF by providing structure, policy, code of
conduct, etc.
Risk assessment identification and analysis of
business risks and how they should be managed
Control activities specific policies and
procedures to ensure that objectives are achieved
Information and communication suport all other
components by communicating control
responsibilities to employeees
Monitoring covers the oversight of internal
controls by management

24
Requirements to report on the effectiviness of
internal controls for financial reporting

Purpose of IC for financial reporting (SEC) is to
ensure
that companies have processes designed to provide
reasonable assurance that
Transactions are properly authorized
Assets are safeguarded against unauthorized or
improper use
Transactions are properly recorded and reported
to permit the preparation of the financial
statements in conformity with GAAP

25
SOA no rules for reporting on IC

Although rules and standards for reporting on
internal controls and procedures for financial
reporting pursuant to 404 and 103 of SOA have
not been established, companies still need to
establish reasonable guidelines and bounderies as
a basis for identyfying, designing, and
maintaining controls and procedures for financial
reporting
?Within this context the COSO framework can be
very helpful as a reference point in avoiding
material weaknesses and significant deficiencies

26
Criteria for effective internal control

According to COSO, determining whether a
particular IC systeem is effective is a
subjective judgement resulting from an assessment
of whether the 5 components are present and
functioning effectivily
Controls can differ in the degree to which they
address a particular risk, so that complementary
controls can be satisfactory

27
Conclusion