internal control -risk and sox

Views:
 
     
 

Presentation Description

No description available.

Comments

By: klithesh (37 month(s) ago)

Hi, can you forward me internal control -risk and sox PPT to my email id - kumarlithesh@yahoo.com Its really fantastic. Thanks a lot in advance.

Presentation Transcript

Slide 1: 

Internal Control Risk SOX Compliance Sherif Shahin 1

Slide 2: 

Internal Control 2

Internal Control : 

Internal Control 3 Internal Control is a process designed to provide reasonable assurance regarding the achievement of objectives in the following three categories : Effectiveness and Efficiency of Operations Processes are doing what they are intended to do (i.e., achieving their objectives), and doing so in an efficient manner - - i.e., making good use of available resources. 2. Compliance with Laws and Regulations Actions are consistent with all applicable laws and regulations. 3. Reliability of Financial Reporting Accuracy and reliability of Financial Statements.

Types of Internal Controls : 

Types of Internal Controls Controls can be either preventive or detective Preventive Controls Built into the process or system to avoid or minimize risk. Helps make processes more efficient and can reduce cost of corrective actions. Detective Controls Provides a process assessment to identify potential issues for further review 4

Slide 5: 

Preventative Controls: “Prevent undesirable events from occurring” Knowledge that someone is reviewing your work Segregation of duties Limited access Levels of authorization Security badges Business rule set-up in automated systems 5

Slide 6: 

Detective Controls : “Detect and correct undesirable events after they occur.” Reconciliations Auditing Confirmations Exception reports Reviews done on a regular basis 6

Slide 7: 

Controls can be either Automated or Manual Automated Controls – Incorporated into application logic. Example: System automatically searches for a matching PO before paying an invoice Manual Controls – Performed by individuals outside of the system or application Example: Supervisor’s signature 7

Who is accountable for assurance that appropriate internal controls are in place? : 

Who is accountable for assurance that appropriate internal controls are in place? Management!!!! 8

Internal Controls can fail because: : 

Internal Controls can fail because: Employees can make mistakes or exercise poor judgment There can be collusion – where two or more individuals work together to steal Management may inappropriately override established policies or procedures. 9

Who’s responsible for the performance of internal control activities? : 

Who’s responsible for the performance of internal control activities? Everyone!!!!!! 10

Slide 11: 

Risk 11

Risk : 

Risk What are risks? A risk is anything that could jeopardize: Achieving our goals Operating effectively and efficiently Providing reliable financial data Protecting the assets from loss Complying with applicable laws, policies, and procedures 12

Risk : 

Risk What could go wrong in our unit? Fire System/application goes down Key employee calls in sick Misstatement financials Fraud 13

Risk Assessment – What is it? : 

Risk Assessment – What is it? It’s a process to: Identify significant risks Assess risks What is the likelihood of occurrence? What is the potential impact? Manage these risks through: Avoidance Acceptance and sharing (insurance) Mitigate with internal controls 14

Slide 15: 

What happens when internal controls are not in place or break down? 15

Slide 16: 

Misstatement financials is untrue declaration of financial data Fraud is generally defined in the law as an intentional misrepresentation of material existing fact made by one person to another 16

Providing reliable Financial data : 

Providing reliable Financial data The American Institute of Certified Public Accountants' Statement on Auditing Standards No. 31: Evidential Matter provides a logical framework for designing audit procedures. The framework is built around five financial statement assertions. The first three assertions--existence, completeness, and valuation--address whether accounts contain valid entries that are recorded accurately. The last two assertions--rights and obligations , and presentation and disclosure--focus on whether the entity's legal rights and obligations are presented properly and described adequately in the financial statements. 17

What are the assertions? : 

What are the assertions? CE- VOP 18

Slide 19: 

Completeness all transactions are recorded completely Existence all transactions which are recorded exists Valuation all transactions are reflected in its value Ownership all transactions are owned by the company Presentation all transactions are disclosed correctly 19

What is Fraud? : 

What is Fraud? Fraud : Typically requires 3 key elements: Did something bad/wrong “misrepresentation of facts” Done intentionally Resulted in unauthorized personal gain 20

Red Flags for Fraud : 

Red Flags for Fraud No vacation Voluntary overtime Unexplained variances Complaints No reconciliation One employee “does it all” Documentation is not original “Rush” requests 21

Who Commits Fraud? : 

Who Commits Fraud? Those having: Pressure - Usually caused by financial need or desire Ability to rationalize – Make excuses and do not think of crime as stealing Opportunity – Typically arises from weak controls or too much independence/ control given to someone 22

How Does Fraud Occur? : 

How Does Fraud Occur? Billing – Employee submits invoice for payment to bogus vendor or for personal expenses Non-cash – Employee steals office supplies, stamps, business services, identity of students/staff, etc. Expense reimbursement – Employee files expense report claiming personal travel, nonexistent meals, etc. Skimming – Employee accepts payment from customer but does not record Payroll – Employee takes unreported annual/sick leave, claims overtime for hours not worked, adds ghost employee to payroll 23

Slide 24: 

Sarbanes Oxley Act 24

What do these dates have in common? : 

What do these dates have in common? 25 December 2, 2001 Enron declares bankruptcy July 19, 2002 MCI Worldcom declares bankruptcy August 31, 2002 Arthur Anderson agrees to stop auditing public companies

Slide 26: 

How Did Congress Respond? 26

Slide 27: 

Senator Paul SarbanesPaul Spyros Sarbanes (born February 3, 1933), Democrat, represented the state of Maryland in the United States Senate for thirty years Michael G. Oxley Michael Garver Oxley (born February 11, 1944), Republican, represented the 4th congressional district of Ohio in the U.S. House of Representatives. 27

Sarbanes-Oxley Act : 

Sarbanes-Oxley Act Key Background/Facts: Issued by U.S. Securities and Exchange Committee (SEC) in 2002 in response to corporate and accounting scandals involving well known US companies (e.g., Enron). Intended to restore public trust and confidence in corporate business practices, reporting and disclosures Applies to US publicly traded companies registered with the SEC; not applicable to institutions of higher education or other not-for-profit institutions 28

Sarbanes-Oxley Act : 

Sarbanes-Oxley Act Extremely comprehensive piece of legislature that contains 11 sections; Public Company Accounting Oversight Board External Auditor Independence Corporate Responsibility Enhanced Financial Disclosures Analyst Conflict of Interest Commission Resources and Authority Studies and Reports Corporate and Criminal Fraud Authority White-Collar Crime Penalty Enhancements Corporate Tax Returns Corporate Fraud and Accountability 29

Sarbanes-Oxley Act : 

Sarbanes-Oxley Act Corporate Responsibility – Section #302 Requires the CEO and CFO to certify with annual report that: 1- They have reviewed the report 2- There are no untrue statements of material fact or omission 3- The financial statements present the financial condition of operations 4- They are responsible for: A) Establishing and maintaining internal controls B) Material information is known to officers C) Have evaluated controls and presented their conclusions 5- They have disclosed to the auditors and audit committee all significant deficiencies and material weaknesses in controls that could adversely affect the financial data 6- They have indicated if there were significant changes in internal controls that could significantly affect internal Controls 30 Are the Numbers Right?

Sarbanes-Oxley Act : 

Sarbanes-Oxley Act Enhanced Financial Disclosures – Section #404 Each annual report shall contain an internal control report which: States the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting. Contains an assessment, as of the end of the fiscal year, of the effectiveness of the internal control structure and procedures of the company for financial reporting. The public accounting firm shall attest to and report on the internal control assessment made by management. 31 Is the Process to Derive the Numbers Right?