1 / 15

Sarbanes-Oxley Project

Sarbanes-Oxley Project. Summary of COSO Framework. Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC. COSO Control Framework.

verena
Télécharger la présentation

Sarbanes-Oxley Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC

  2. COSO Control Framework • The SEC requires companies to use a control framework to evaluate their internal controls over financial reporting. The most popular framework is COSO (Committee of Sponsoring Organizations) of the Treadway Commission. • COSO Framework requires both an entity level and process level focus on internal controls over financial reporting.

  3. Internal Control Definition • Internal Control is defined as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations

  4. COSO Control Framework

  5. Control Environment • Provides the discipline and structure for the overall system of internal control • Established and maintained by management (foster control conscientiousness) • Includes overall control culture – the attitudes and habits of senior management • Internal Control Environment factors include: • Organizational Structure • Assignment of authority and responsibility • Commitment to competence • Integrity and ethical values • Board of Directors and Audit Committee • Management philosophy and operating style

  6. Risk Assessment • Establish Objectives at both the entity and process level • Identify and analyze risks associated with objectives • Recognize that Risk Assessment is a critical element in designing internal controls over financial reporting • A Risk Assessment includes: • Determining the severity of a risk • Assessing likelihood of risk frequency • Determining how the risk should be managed

  7. Risk Assessment(Continued) • COSO provides the following assertions that underlie an entity’s financial statements: • Existence • Occurrence • Completeness • Rights and Obligations • Valuation or Allocation • Presentation and Disclosure • The Foreign Corrupt Practices Act provides these assertions: • Authorization • Completeness and Accuracy • Proper Classification • Evaluation of Balances • Access to Assets

  8. Control Activities • Policies and procedures that ensure management directives are carried out • Ensures that necessary actions are taken to address risks • Occurs throughout the organization at all levels and functions • Control activities include: • Authorizations • Segregation of Duties • Recording • Safekeeping • Reconciliations

  9. Control Activities (Continued) • Adequate Controls exist when management has designed them in a manner that achieves reasonable assurance that risks have been managed effectively • Reasonable Assurance implies that material errors and irregularities will be prevented or detected and corrected within a timely period by employees during the normal course of performing their duties.

  10. Types of Controls • Preventive • Detective • Primary • Secondary • Pervasive • Manual • Automated • IT General Controls • Pervasive, Preventive, Detective • IT Application Controls • Pervasive, Preventive, Detective

  11. Internal Control Assessment • Assessment of internal controls is required at design and operating levels • A Design deficiency exists when a necessary control is missing or an existing control is not properly designed to achieve the control objective • An Operating deficiency exists when a properly designed control is not operating as designed or the person performing the control does not possess the necessary authority or qualifications to effectively perform the control

  12. Degree of Control Deficiencies • Control deficiencies can range from inconsequential to material weaknesses • A Significant Deficiency is one that could adversely affect the entity's ability to initiate, record, process and report financial data consistent with the assertions of management in the financial statements • An Material Weakness is a significant deficiency in one or more of the internal controls that alone or together preclude internal controls from reducing to an appropriately low level the risk that material misstatements in the financial statements will not be prevented or detected in a timely manner

  13. Information & Communication • Pertinent Information must be identified and communicated in a form and timeframe that enables people to carry out their responsibilities • The quality of information received and given influences the quality of decisions made • Information is needed at all levels of an organization to run the business and achieve objectives • Communication must take place, dealing with expectations, responsibilities and other matters

  14. Monitoring • Is a process that assesses the quality of internal controls over time • Ensures that internal controls are operating as expected • Applied to all activities of an organization • Should focus on high risk areas • Monitoring can be accomplished by: • Ongoing Activities • Separate Evaluations

  15. Any Questions? Larry

More Related