View
223
Download
3
Embed Size (px)
Citation preview
8/3/2019 SOX an Overview
1/16
Hendrarini S
8/3/2019 SOX an Overview
2/16
Section 302 - Corporate Responsibility for FinancialReports
Section 401 Disclosures in Periodic Reports
Section 404 Management Assessment of InternalControls
Section 409 Real Time Issuer Disclosures
Section 802 Criminal Penalties for Altering
Documents
8/3/2019 SOX an Overview
3/16
Restore the public confidence in both publicaccounting and publicly traded securities
Assure ethical business practices through of executives
awareness and accountability
8/3/2019 SOX an Overview
4/16
External Auditors
Internal Auditors
Boards of Director and their committees
Top Executives Regulators
8/3/2019 SOX an Overview
5/16
Off-balance sheet transactions
Internal Control reports
Issuer must disclose wether or not its audit committee
is comprised of at least one financial expert, and if not,why.
Disclosure of material changes in the financialcondition or operations of the issuer
8/3/2019 SOX an Overview
6/16
The CEO and CFO must certify in each periode filingthat the financial information :
does not contain any untrue statement of a materialfact
And
fairly presents in all material respects the financialcondition and results of operations of the issuer
8/3/2019 SOX an Overview
7/16
Will our ASSET produce future benefit equal to theircost?
Do our LIABILITIES report all of the amounts we
expect to pay out? Is all REVENUE we reported really earned?
Have we recorded all of our EXPENSES for the period?
Have we described the critical ASSUMPTIONS
underlying our financial reports, and have wedescribed any significant CONTINGENCES?
8/3/2019 SOX an Overview
8/16
Responsibility for establishing and maintainingadequate internal control over financial reporting forthe company
Identify the framework used by management toevaluate the effectiveness of this internal control
Assessment of the internal control as of the end of theCompanys most recent year
8/3/2019 SOX an Overview
9/16
It is a process that provides reasonable assuranceregarding the reliability of financial reporting forexternal purposes, includes:
Provide the maintenance of records that reflect theCompanys transactions
Provide assurance that transactions are recorded inaccordance with GAAP
Provide assurance that assets are protected againsttheft or fraud
8/3/2019 SOX an Overview
10/16
5 components (COSO):
Control Environment (How decisions and policies aremade within a business and how authority and responsibly areassigned)
Risk Assessment (what could go wrong?)
Control Activities (procedures to control against risk)
Information and communication (How policies andcontrol structures are communicated to people within theorganization)
Monitoring(Whether controls are actually operating as expected)
8/3/2019 SOX an Overview
11/16
Identifying significant financial reporting elements(accounts or disclosures)
Identifying material financial statement risks within theseaccounts or disclosures
Determining which Entity Level Controls would addressthese risks with sufficient precision
Determining which Transaction Level Controls wouldaddress these risks in the absence of precise Entity Level
Controls Determining the nature, extent, and timing of evidence
gathered to complete the assessment of in-scope controls
8/3/2019 SOX an Overview
12/16
Include; Controls related to the control environment Controls over management override The companys risk assessment process
Centralized processing & controls including shared serviceenvironments Controls to monitor results of operations Controls to monitor other controls, including IA function,
AC, and self-assessment programs
Controls over the period-end financial reporting process Policies that address significant business control and risk
management practices
8/3/2019 SOX an Overview
13/16
Controls that apply to all systems components,processes, and data for a given organization orInformation Technology
Objective:
to ensure the proper development and implementationof applications, as well as the integrity of programs, data
files , and computer operations
8/3/2019 SOX an Overview
14/16
Most common ITGC:
Data center security controls
Computer oepration controls
Program Change management controls System development life cycle controls
8/3/2019 SOX an Overview
15/16
Sources:
Auditing Standard no. 5
Sarbanes Oxley Act 2002
Sarbanes Oxley for Dummies Various sources from Internet
8/3/2019 SOX an Overview
16/16