logging in or signing up internal control -risk and sox Sshahin Download Post to : URL : Related Presentations : Let's Connect Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 1359 Category: Business & Fin.. License: All Rights Reserved Like it (2) Dislike it (0) Added: July 14, 2010 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... By: klithesh (37 month(s) ago) Hi, can you forward me internal control -risk and sox PPT to my email id - firstname.lastname@example.org Its really fantastic. Thanks a lot in advance. Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Slide 1: Internal Control Risk SOX Compliance Sherif Shahin 1 Slide 2: Internal Control 2 Internal Control : Internal Control 3 Internal Control is a process designed to provide reasonable assurance regarding the achievement of objectives in the following three categories : Effectiveness and Efficiency of Operations Processes are doing what they are intended to do (i.e., achieving their objectives), and doing so in an efficient manner - - i.e., making good use of available resources. 2. Compliance with Laws and Regulations Actions are consistent with all applicable laws and regulations. 3. Reliability of Financial Reporting Accuracy and reliability of Financial Statements. Types of Internal Controls : Types of Internal Controls Controls can be either preventive or detective Preventive Controls Built into the process or system to avoid or minimize risk. Helps make processes more efficient and can reduce cost of corrective actions. Detective Controls Provides a process assessment to identify potential issues for further review 4 Slide 5: Preventative Controls: “Prevent undesirable events from occurring” Knowledge that someone is reviewing your work Segregation of duties Limited access Levels of authorization Security badges Business rule set-up in automated systems 5 Slide 6: Detective Controls : “Detect and correct undesirable events after they occur.” Reconciliations Auditing Confirmations Exception reports Reviews done on a regular basis 6 Slide 7: Controls can be either Automated or Manual Automated Controls – Incorporated into application logic. Example: System automatically searches for a matching PO before paying an invoice Manual Controls – Performed by individuals outside of the system or application Example: Supervisor’s signature 7 Who is accountable for assurance that appropriate internal controls are in place? : Who is accountable for assurance that appropriate internal controls are in place? Management!!!! 8 Internal Controls can fail because: : Internal Controls can fail because: Employees can make mistakes or exercise poor judgment There can be collusion – where two or more individuals work together to steal Management may inappropriately override established policies or procedures. 9 Who’s responsible for the performance of internal control activities? : Who’s responsible for the performance of internal control activities? Everyone!!!!!! 10 Slide 11: Risk 11 Risk : Risk What are risks? A risk is anything that could jeopardize: Achieving our goals Operating effectively and efficiently Providing reliable financial data Protecting the assets from loss Complying with applicable laws, policies, and procedures 12 Risk : Risk What could go wrong in our unit? Fire System/application goes down Key employee calls in sick Misstatement financials Fraud 13 Risk Assessment – What is it? : Risk Assessment – What is it? It’s a process to: Identify significant risks Assess risks What is the likelihood of occurrence? What is the potential impact? Manage these risks through: Avoidance Acceptance and sharing (insurance) Mitigate with internal controls 14 Slide 15: What happens when internal controls are not in place or break down? 15 Slide 16: Misstatement financials is untrue declaration of financial data Fraud is generally defined in the law as an intentional misrepresentation of material existing fact made by one person to another 16 Providing reliable Financial data : Providing reliable Financial data The American Institute of Certified Public Accountants' Statement on Auditing Standards No. 31: Evidential Matter provides a logical framework for designing audit procedures. The framework is built around five financial statement assertions. The first three assertions--existence, completeness, and valuation--address whether accounts contain valid entries that are recorded accurately. The last two assertions--rights and obligations , and presentation and disclosure--focus on whether the entity's legal rights and obligations are presented properly and described adequately in the financial statements. 17 What are the assertions? : What are the assertions? CE- VOP 18 Slide 19: Completeness all transactions are recorded completely Existence all transactions which are recorded exists Valuation all transactions are reflected in its value Ownership all transactions are owned by the company Presentation all transactions are disclosed correctly 19 What is Fraud? : What is Fraud? Fraud : Typically requires 3 key elements: Did something bad/wrong “misrepresentation of facts” Done intentionally Resulted in unauthorized personal gain 20 Red Flags for Fraud : Red Flags for Fraud No vacation Voluntary overtime Unexplained variances Complaints No reconciliation One employee “does it all” Documentation is not original “Rush” requests 21 Who Commits Fraud? : Who Commits Fraud? Those having: Pressure - Usually caused by financial need or desire Ability to rationalize – Make excuses and do not think of crime as stealing Opportunity – Typically arises from weak controls or too much independence/ control given to someone 22 How Does Fraud Occur? : How Does Fraud Occur? Billing – Employee submits invoice for payment to bogus vendor or for personal expenses Non-cash – Employee steals office supplies, stamps, business services, identity of students/staff, etc. Expense reimbursement – Employee files expense report claiming personal travel, nonexistent meals, etc. Skimming – Employee accepts payment from customer but does not record Payroll – Employee takes unreported annual/sick leave, claims overtime for hours not worked, adds ghost employee to payroll 23 Slide 24: Sarbanes Oxley Act 24 What do these dates have in common? : What do these dates have in common? 25 December 2, 2001 Enron declares bankruptcy July 19, 2002 MCI Worldcom declares bankruptcy August 31, 2002 Arthur Anderson agrees to stop auditing public companies Slide 26: How Did Congress Respond? 26 Slide 27: Senator Paul SarbanesPaul Spyros Sarbanes (born February 3, 1933), Democrat, represented the state of Maryland in the United States Senate for thirty years Michael G. Oxley Michael Garver Oxley (born February 11, 1944), Republican, represented the 4th congressional district of Ohio in the U.S. House of Representatives. 27 Sarbanes-Oxley Act : Sarbanes-Oxley Act Key Background/Facts: Issued by U.S. Securities and Exchange Committee (SEC) in 2002 in response to corporate and accounting scandals involving well known US companies (e.g., Enron). Intended to restore public trust and confidence in corporate business practices, reporting and disclosures Applies to US publicly traded companies registered with the SEC; not applicable to institutions of higher education or other not-for-profit institutions 28 Sarbanes-Oxley Act : Sarbanes-Oxley Act Extremely comprehensive piece of legislature that contains 11 sections; Public Company Accounting Oversight Board External Auditor Independence Corporate Responsibility Enhanced Financial Disclosures Analyst Conflict of Interest Commission Resources and Authority Studies and Reports Corporate and Criminal Fraud Authority White-Collar Crime Penalty Enhancements Corporate Tax Returns Corporate Fraud and Accountability 29 Sarbanes-Oxley Act : Sarbanes-Oxley Act Corporate Responsibility – Section #302 Requires the CEO and CFO to certify with annual report that: 1- They have reviewed the report 2- There are no untrue statements of material fact or omission 3- The financial statements present the financial condition of operations 4- They are responsible for: A) Establishing and maintaining internal controls B) Material information is known to officers C) Have evaluated controls and presented their conclusions 5- They have disclosed to the auditors and audit committee all significant deficiencies and material weaknesses in controls that could adversely affect the financial data 6- They have indicated if there were significant changes in internal controls that could significantly affect internal Controls 30 Are the Numbers Right? Sarbanes-Oxley Act : Sarbanes-Oxley Act Enhanced Financial Disclosures – Section #404 Each annual report shall contain an internal control report which: States the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting. Contains an assessment, as of the end of the fiscal year, of the effectiveness of the internal control structure and procedures of the company for financial reporting. The public accounting firm shall attest to and report on the internal control assessment made by management. 31 Is the Process to Derive the Numbers Right? You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.