Sarbanes-Oxley Act of 2002 - PowerPoint PPT Presentation

Loading...

PPT – Sarbanes-Oxley Act of 2002 PowerPoint presentation | free to download - id: 4902b7-Njg4Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Sarbanes-Oxley Act of 2002

Description:

Sarbanes-Oxley Act of 2002 Implements Sweeping Changes Affecting Corporate Governance and Disclosure, the Accounting Industry and Penalties for – PowerPoint PPT presentation

Number of Views:89
Avg rating:3.0/5.0
Slides: 22
Provided by: AnthonyP159
Learn more at: http://isacahouston.org
Category:
Tags: act | oxley | sarbanes

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Sarbanes-Oxley Act of 2002


1
  • Sarbanes-Oxley Act of 2002
  • Implements Sweeping Changes
  • Affecting Corporate Governance and Disclosure,
    the Accounting Industry and Penalties for
  • Securities Law Violations

April 2003
Presented By Lisa Anderson
2
Remember the Headlines
COLLAPSING GIANT November 29, 2001
After this background report on the fall of
energy giant Enron, energy experts discuss the
collapse of the largest trading firm in the
United States.
  • As today's closing bell sounded on Wall Street,
    shares of Enron traded at 36 cents, continuing a
    spectacular fall for a giant that only months ago
    was worth more than 80 a share. Once a poster
    child for the economic boom of the '90s, Enron is
    now on the verge of bankruptcy. At Houston
    headquarters, some of the company's 21,000
    employees feared for their jobs.

3
Remember the Headlines
SEC files fraud charges against WorldCom Bush
vows investigation into scandal June 26
WorldCom Inc., the nations No. 2 long-distance
company, REVEALED late Tuesday that almost 4
billion of expenses in 2001 and 797 million in
the first quarter of 2002 were wrongly listed on
company books as capital expenses, thus not
reflected in its earnings results. Presiden
t Bush vowed to hold people accountable and the
Securities and Exchange Commission filed fraud
charges against the telecom company.
4
Sarbanes-Oxley - The Response
  • Purpose to protect investors by improving the
    accuracy and reliability of corporate disclosures
    made pursuant to the securities laws
  • Corporate Responsibility
  • Enhanced Disclosures
  • Penalty Enhancements
  • Corporate and Criminal Fraud
  • Conflicts of Interest
  • Federal Regulation of Auditing Firms

5
Sarbanes-Oxley - The Response
  • CONGRESS
  • Sarbanes-Oxley Act
  • SEC
  • Acts of '33 34

NYSE Board Rules
Amex Board Rules
NASDAQ Board Rules
Companies must implement compliance solutions
which address the interplay of the Sarbanes-Oxley
Act with both SEC Regulations and rules from the
individual exchanges.
6
Sarbanes-Oxley - The Impact
  • Legal liability Civil and Criminal
  • Increased Costs
  • External Audit 404 Attestation
  • DO Coverage
  • Whistleblower Program
  • Future Strategies
  • Acquisitions / Suitors
  • Changes to Control Infrastructure
  • Lendors / Investors
  • Director and C-level Retention and Attraction
  • Lendor / Investor / Employee Trust

7
Sarbanes-Oxley Act (Cliff notes)
8
Involves the Management Spectrum
CEO/ CFO
Legal/ Risk Mgmt.
Audit Committee Board
IT
Internal Audit
Dept. Mgmt.
Process Owners
9
Sarbanes-Oxley Compliance
  • Documentation
  • Code of Ethics
  • Conflict of Interest Disclosures
  • Ethics Issue Monitoring, Investigation and
    Resolution
  • Disclosure Analysis and Reporting Control Process
    and Accountabilities
  • Financial Reporting Control Process and
    Accountabilities
  • Internal Control Policies, Procedures and
    Practices
  • Assessments and Supporting Certifications
  • CEO / CFO Certifications
  • Audit Committee Reports and Disclosures to
    Auditors

10
Where Do You Start?
  • Take a comprehensive approach
  • Hits all areas of the company -- Board Room to
    Mail Room
  • No logical lead within most Corporate Structures
  • Proactively address compliance
  • Tailor action plans to your company
  • Develop pragmatic solutions that you can live
    with
  • Recognize that compliance is a dynamic and fluid
    process
  • Most financial controls include imbedded IT
    controls

11
Approach Project Roles
Information CommunicationsPROJECT ORGANIZATION
Executive Ownership
AuditCommittee
AdvisoryExternalAuditor
Steering -Guide, Recommend
ProvideExpertise Resources(Industry,
IT,Functional)
Internal Audit / Quality Assurance
ManageProject
Support Processes at Corporate and Business
Units
12
Possible Stages of Internal Controls
Internal Control Maturity Model
1
2
3
4
5
13
Documentation Framework
Information Communication
Financial Stmts.
Control Assessment Improvement
14
Dont Forget Information Security
  • Where are most companies falling short?
  • Where could you be out of compliance?

15
Standards in Information Security
So what are the minimum requirements for
compliance?
  • Fully developed Security Policies Procedures
  • Business Continuity / Disaster Recovery Plan 
  • Annual (Bi-annual) Vulnerability Assessment
  • Annual (Bi-annual) Penetration Testing
  • Auditing policy implementation and control
  • BCP / DR plan testing

16
Integrating IT into the Documentation
  • Identify use of supporting technology
  • Reliance on IT for Process Controls
  • Data integrity controls,
  • Security controls, and
  • Data management controls
  • Reliance on IT for Reporting
  • Exception processing to identify suspense
    activity and the process to correct
  • Sources of data reporting (systems, databases,
    tables)

17
Long-Term Storage of Reusable Data
  • Vendor master files
  • Customer database
  • Payroll withholding tables
  • Files with customer credit card numbers
  • License agreement files
  • Parameter tables
  • Invoice table

18
Embedded IT Controls
  • Edit and Validating Routines/Controls
  • Edit checks on the date field of the transactions
  • Edit checks for incomplete, missing, or invalid
    data
  • Validation that customer number exists within the
    master file
  • Sequence number validation (detect duplicate or
    out-of-sequence data)
  • Online authorizations
  • System flags to indicate status (paid, ready for
    process, etc.)
  • Dollar tolerances for 3-way match
  • Access controls restricted appropriately
  • Limit ability to perform certain functions
    (overrides, adjustments, etc.)
  • Segregation of duties
  • Audit trails/logs

19
Interfaces - Control Techniques
  • File transfer integrity handshake, control
    totals, record counts, confirmation message
  • Time-stamped, user-stamped and marked with source
    system transaction
  • Reconciliation between systems (automated
    balancing or manual)
  • Error detection and processing (error files,
    exception reports)
  • Recovery procedures

20
Action Items for Compliance
  • Help management understand there are generally
    accepted standards in security
  • Understand the business risks
  • Loss of data integrity and confidentiality
  • Loss of productivity
  • Loss of consumer confidence
  • Exposure to regulatory fines and litigation
  • Assess the current state of your security
    policies versus these standards
  • Assess the actual state of your implementation
  • Assess the control procedures surrounding
    security
  • Assess employee awareness of security
  • Periodically review and test policies, procedures
    and the controls around them

21
  • 2003 - The Year of Change
  • Back to the Basics of Control
About PowerShow.com