potentialwww.pu811.com
wwW.PU811.Com 时间:2021-04-09 阅读:()
www.
pwc.
comCOSOChangesandtheimpactonICFRApresentationtothePugetSoundChapteroftheIIAJanuary14,2014PwCAgendaIntroductionsCurrentTrendsImpactingSOXCOSO–What'sChangingWhat'sNotDeeperDriveonSelectedPrinciplesTransitioningICFRtothe2013FrameworkPCAOBActionsImpactingSOXManageCosts,DeliverValuefromSOXQuestions2January14,2014PwCCurrenttrendsimpactingSOX3January14,2014COSOUpdateDrivingFY'14SOXChangesPCAOBActionsManageCosts,DeliverValuePwCCOSO'sInternalControl-IntegratedFramework(2013)4January14,2014PwCWhyupdate1992frameworkDostakeholdersunderstandrequirementsofeffectiveinternalcontrol5January14,2014ChangesinthebusinessenvironmentChangesinsidethebusinessLackofclarityLackofunderstandingSource-COSO'ssurveyofusersandstakeholders,worldwide–JanuarytoSeptember20110%50%100%ControlActivitiesMonitoringControlEnvironmentInformation&…RiskAssessmentDifficulttointerpretSomewhatdifficulttointerpretModeratelyeasytointerpretGenerallyeasytointerpretEasytointerpretOnly50%thoughtitwasgenerallyeasytointerpretPwC2013Frameworkpreservescorestrengthsembeddedin1992Framework6January14,2014UpdatedCOSOCubeWhatisNotfundamentallychanging.
.
.
CoredefinitionofinternalcontrolThreecategoriesofobjectivesandfivecomponentsofinternalcontrolEachofthefivecomponentsofinternalcontrolarerequiredforeffectiveinternalcontrolImportantroleofjudgmentindesigning,implementingandconductinginternalcontrol,andinassessingitseffectivenessEntityStructureComponentsRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesprinciplesandpointsoffocus7January14,20142013COSOCube17PrinciplesPointsoffocusControls5ComponentsPointsoffocusdescribeimportantcharacteristicsofprinciplesPrinciplesarticulatefundamentalconceptsofcomponentsComponentsandPrinciplesarerequirementsforaneffectivesystemofinternalcontrolPointsofFocusandControlsaresubjecttomanagementjudgmentLegendRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesseventeenprinciplesforeffectiveinternalcontrol8January14,2014ControlEnvironment1.
Demonstratescommitmenttointegrityandethicalvalues2.
Exercisesoversightresponsibility3.
Establishesstructure,authorityandresponsibility4.
Demonstratescommitmenttocompetence5.
EnforcesaccountabilityRiskAssessment6.
Specifiessuitableobjectives7.
Identifiesandanalyzesrisk8.
Assessesfraudrisk9.
IdentifiesandanalyzessignificantchangeControlActivities10.
Selectsanddevelopscontrolactivities11.
Selectsanddevelopsgeneralcontrolsovertechnology12.
DeploysthroughpoliciesandproceduresInformation&Communication13.
Usesrelevantinformation14.
Communicatesinternally15.
CommunicatesexternallyMonitoringActivities16.
Conductsongoingand/orseparateevaluations17.
EvaluatesandcommunicatesdeficienciesPwC2013FrameworkclarifiesrequirementsforaneffectivesystemofinternalcontrolComponentsarepresentandfunctioningifeachrelevantprinciplesisdeterminedtobepresentandfunctioning(e.
g.
,nomaterialweaknessexists)Relevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemComponentsoperatetogetherwhen:ComponentsarepresentandfunctioningInternalcontroldeficienciesaggregatedacrosscomponentsdonotresultinthedeterminationthatoneormorematerialweaknessexist9January14,2014Aneffectivesystemofinternalcontrolrequires:EachofthefivecomponentsofinternalcontrolandrelevantprinciplesispresentandfunctioningThefivecomponentsareoperatingtogetherinanintegratedmannerPwCCOSOprinciples–Adeeperdive10January14,2014PwC2013FrameworkandICFR–PrinciplesRelevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemWhatcompaniesshoulddo:Documenthowthedesignofexistingcontrolsmapagainstthe17principles.
Remedypotentialdesigngapswhenexistingcontrolsarenotfullyadequate.
Testtheoperatingeffectivenessofanynewcontrolscomingintoscope11January14,2014PwC2013Frameworkdescribespointsoffocusforeachprinciple,e.
g.
12January14,2014Principle1DemonstratesCommitmenttoIntegrity…Principle2ExercisesOversightResponsibilityPrinciple3EstablishesStructuresAuthority,…ComponentControlEnvironmentSetsthetoneatthetopEstablishesstandardsofconductEvaluatesadherencetostandardsofconductAddressesdeviationsinatimelymannerEstablishesoversightresponsibilityAppliesrelevantexpertiseOperateindependentlyProvidesoversightforthesystemofinternalcontrolConsidersallstructuresoftheentityEstablishesreportinglinesDefines,assignsandlimitsauthoritiesandresponsibilitiesPrinciple4DemonstratesCommitmenttoCompetenceEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciplesPointsofFocusPwCPrinciplesandPointsofFocus,adeeperlook13January14,2014ComponentControlEnvironmentEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciple4DemonstratesCommitmenttoCompetenceTheorganizationdemonstratesacommitmenttoattract,develop,andretaincompetentindividualsinalignmentwithobjectives.
IndividualperformanceplansdefineexpectationsregardingICAllaccountingstaffattendannualupdatetrainingofnewaccountingpronouncementsControlExamplesPrinciplesPointsofFocusAnorganizationwithcomplexrevenueaccountingfailstomaintainadequatelytrainedCPAstooverseerevenueaccounting.
DeficiencyExamplesPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…14January14,2014Principle6SpecifiessuitableobjectivesPrinciple7IdentifiesandanalysesriskPrinciple8AssessesfraudriskComponentRiskAssessmentComplieswithapplicableaccountingstandardsConsidersmaterialityReflectsentityactivitiesIncludesentity,division,operatingunit,andfunctionsAnalyzesinternal/externalfactorsInvolvesappropriatelevelofmanagementEstimatessignificanceofrisksidentifiedDetermineshowtorespondtorisksConsidersvarioustypesoffraudAssessesincentiveandpressuresAssessesopportunitiesAssessesattitudesandrationalizationsPrinciple9IdentifiesandanalyzessignificantchangeAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipPrinciplesPointsofFocusPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…15January14,2014ComponentRiskAssessmentPointsofFocusPrinciple9:IdentifiesandAnalysesSignificantChangeTheorganizationidentifiesandassesseschangesthatcouldsignificantlyimpactthesystemofinternalcontrol.
PrinciplesAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipRiskassessmentsarerequiredforanysignificantchange,suchas:-InternationalExposure-SignificantAcquisitonCreateaninternalcontrolplanforanyexecutivetransitionControlExamplesThecompanyfailedtoupdatetheriskassessmentforchangesarisingfromtheChinaacquisition.
DeficiencyExamplesPwCTransitioningICFRto2013framework16January14,2014PwCTransitioningICFRto2013FrameworkCOSOdecidedtosupersedethe1992Frameworkattheendofthetransitionperiod(i.
e.
,December15,2014)"SECstaffplanstomonitorthetransitionforissuersusingthe1992frameworktoevaluatewhetherandifanystafforCommissionactionsbecomenecessaryorappropriateinthefuture.
However,atthistime,I'llsimplyreferusersoftheCOSOframeworktothestatementsCOSOhasmadeabouttheirnewframeworkandtheirthoughtsabouttransition.
"(PaulBeswick,S.
E.
C.
ChiefAccountant)TheSECstaffindicatedmorerecentlythatthelongerissuerscontinuetousethe1992framework,themorelikelytheyaretoreceivequestionsfromthestaffaboutwhethertheissuer'suseofthe1992frameworksatisfiestheSEC'srequirementtouseasuitable,recognizedframework,particularlyafterDecember15,2014whenCOSOwillconsiderthe1992frameworktohavebeensupersededbythe2013framework.
(CenterforAuditQuality'sSECRegulationsCommittee)17January14,2014PwCA404transitionplan(example)18January14,2014Four-phasesKeyActionsPhase1:EducateandCommunicateReview2013FrameworkandillustrativetoolsConducttrainingappropriateforboard/committeemembers,seniormanagement,managers,etc.
Developunderstandingofwhereprinciplesarerelevantattheentity(i.
e.
,corporate)andsubunits(divisions,subsidiaries,operatingunitsandfunctionallevels)Phase2:ConductPreliminaryAssessmentMap17principles(consideringpointsoffocus)toentitylevelcontrols(ELCs)ConsiderwhetherdifferencesincontrolsexistatsubunitsIdentifyanysignificant"gaps"indesignorSOXdocumentationofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"present")Phase3:CompleteAssessment&DevelopActionPlanPerformcomprehensiveassessmentandassesstheoperatingeffectivenessofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"functioning")AssessseverityofanyinternalcontroldeficienciesIdentifychangesincontrolsorSOXdocumentationnecessarytoremediatedeficienciesPhase4:ExecuteActionPlanRemediateinternalcontroldeficienciesofSOXdocumentation,asneededPwCPotentialimpactonICFRReactionsandresponseswilldifferdependingoncircumstancesIf1992FrameworkhasbeenthoroughlyappliedtocurrentICFR,thetransitionshouldnotresultinsignificantchangesorincrementaleffortPreliminaryassessment(i.
e.
,mappingprinciples,consideringpointsoffocus,tocontrols)mayreveal"gaps"indesignordocumentationofsomecontrols-Design—Controlsarenotdesignedtodemonstrateaprincipleispresent-Documentation—Controlsassociatedwiththeprincipleexist,buttheyarenotincludedintheSOXinternalcontroldocumentation19January14,2014PwCPotentialimpactonICFRFocusondesignofindirectentitylevelcontrols(ELCs)thataffectthe14principlesassociatedwiththe"softer"componentsofinternalcontrol.
IndirectELCshaveanimportant,butindirect,effectonthelikelihoodthatamisstatementwillbedetectedorpreventedonatimelybasis.
NoimpactexpectedondesignofdirectELCsandtransactionlevelcontrols(e.
g.
,threewaymatch,cashreconciliation)relatingtoControlActivities20January14,2014PwCPotentialimpactonICFRELCsoperatethroughouttheentireorganizationandoftenhaveapervasiveimpactoncontrols.
Forexample,thedesignofanindirectELCfocusedonassessingfinancialreportingriskscanbeconductedatthecorporateleveltoassessrisksrelatingtoallcomponentsoftheentity(i.
e.
,subunitlocations)oratindividualcomponentsDeterminingwhetheraprincipleispresentisamatterofmanagementjudgment.
AssessingthedesignofELCsinclude:-Component(s)oftheentitycoveredbythecontrolbeingevaluated-Objectiveofthecontrol-Whoperformsthecontrolwithnecessaryauthorityandcompetence-Frequencyofthecontrol'soperation-Specificproceduresthatareperformedtomeetthestatedobjective,includinganyinformationusedintheoperationofthecontrol21January14,2014PwCPotentialimpactonICFRBytakingafreshlookatthedesignofindirectELCs,managementmayidentifyopportunitiestore-designcontrolstoenhanceeffectivenessorefficiency22January14,2014PwCPotentialimpactonICFREvaluationofthethreeprinciplesrelatedtotheControlActivitiescomponentshouldbefocusedontheprocessforselecting,developinganddeployingcontrolactivitiesratherthanthedetailedcontrolactivitiesthemselves.
-Therefore,transitioningtothe2013Frameworkwillnotresultinanychangestoacompany'sriskandcontrolmatricesrelatingtotransactioncontrols(e.
g.
,threewaymatch,cashreconciliations,etc.
).
Themappingofprinciplestocontrolswillultimatelysupportthecompany'sdesignofthe"soft"componentsofinternalcontroloverfinancialreportinginaccordancewiththe2013Framework23January14,2014PwCPCAOBactionsimpactingSOX24January14,2014PwCPCAOBactionsimpactingSOXIncreasedfocusbyPCOABoninternalcontrolaspectsoftheIntegratedauditleadingtoincreasedPCAOBauditfindingsrelatedtointernalcontrol.
DocumentedininspectionreportsandtheActionAlert,datedOctober24th,2013.
DrivingchangesinexternalauditapproachtoICFR,increasedlevelsofdocumentation,changestocontroldesignandrequestsforadditionalevidence.
TheimpactonSOXteamsinsomesituationscanbesignificant.
25January14,2014PwCPCAOBareasofobservationSomeObservationsArecontrolsproperlydesignedandalignedtorisksTestingofmanagementreviewcontrolsEvidenceoversystemgenerateddataandreportsUseofworkofothersControlsover:-JournalEntries-Estimates,-Uniquetransactions,-Incometaxes26ImpacttoSOXTeamsIncreasedocumentationofend-to-endprocess,qualificationofcontrolperformers,andSODIncreaserigorofmanagementreviewcontrolsanddocumentationofpropercontrolexecution.
Enhancecontrolsoverspreadsheetsandotherend-userapplications.
Assistancewithtestingofkeyreports.
Criticalassessmentofcompetenceandobjectivity.
Lessrelianceonmanagementtesting.
Re-designofmanualandautomatedcontrolsoversensitiveareas.
January14,2014PwCHolisticApproachtoManageCosts,DeliverValue27ProcessLeanprocessframeworkappliedtocontrols,relateddocumentationandprojectmanagementprocessestoalignwithriskandstreamlineunnecessaryactivitiesIdentifyingcapabilitiestouseariskbasedtestingapproachtofocuseffortsonareaswithhighestriskoferrorandmisstatement.
StrategyEnsuresstakeholderalignmentaroundSOXprogramobjectivesandchangegoalsStructureCapturessynergiesbetweenSOXprogramsandexternalauditstodrivehighlevelsofexternalauditreliance.
PeopleUnderstandthetrainingandcontrolsknowledgeofthoseemployeesperformingkeycontrolsDeterminethemostcost-effectiveresourcesperformingworkwithlimitedvalue.
UnderstandtheexperienceandbackgroundofprogrammanagementrunningtheSOXprogram.
TechnologyEvaluateGRCplatforms,todeterminethattheyenableefficientworkflowsuchashand-offs,approvalsandmanagementreportingAutomatedcontrolsandcontinuousmonitoringareusedwherepossible,suchassegregationofduties,interfacebalancing,reconciliationsandtransactionmonitoring.
RequirementsMonitoringProgramManagementStrategyStakeholderAlignmentStructureSynergisticPeopleTrainedCostEffectiveExperiencedProcessLeanRiskBasedStreamlinedTechnologyAutomatedContinuousWorkflowQualityCompetent&ObjectiveJanuary14,2014PwCQuestions28January14,2014Thankyou.
.
.
2014PricewaterhouseCoopersLLP.
Allrightsreserved.
PwCreferstotheUnitedStatesmemberfirm,andmaysometimesrefertothePwCnetwork.
Eachmemberfirmisaseparatelegalentity.
Pleaseseewww.
pwc.
com/structureforfurtherdetails.
pwc.
comCOSOChangesandtheimpactonICFRApresentationtothePugetSoundChapteroftheIIAJanuary14,2014PwCAgendaIntroductionsCurrentTrendsImpactingSOXCOSO–What'sChangingWhat'sNotDeeperDriveonSelectedPrinciplesTransitioningICFRtothe2013FrameworkPCAOBActionsImpactingSOXManageCosts,DeliverValuefromSOXQuestions2January14,2014PwCCurrenttrendsimpactingSOX3January14,2014COSOUpdateDrivingFY'14SOXChangesPCAOBActionsManageCosts,DeliverValuePwCCOSO'sInternalControl-IntegratedFramework(2013)4January14,2014PwCWhyupdate1992frameworkDostakeholdersunderstandrequirementsofeffectiveinternalcontrol5January14,2014ChangesinthebusinessenvironmentChangesinsidethebusinessLackofclarityLackofunderstandingSource-COSO'ssurveyofusersandstakeholders,worldwide–JanuarytoSeptember20110%50%100%ControlActivitiesMonitoringControlEnvironmentInformation&…RiskAssessmentDifficulttointerpretSomewhatdifficulttointerpretModeratelyeasytointerpretGenerallyeasytointerpretEasytointerpretOnly50%thoughtitwasgenerallyeasytointerpretPwC2013Frameworkpreservescorestrengthsembeddedin1992Framework6January14,2014UpdatedCOSOCubeWhatisNotfundamentallychanging.
.
.
CoredefinitionofinternalcontrolThreecategoriesofobjectivesandfivecomponentsofinternalcontrolEachofthefivecomponentsofinternalcontrolarerequiredforeffectiveinternalcontrolImportantroleofjudgmentindesigning,implementingandconductinginternalcontrol,andinassessingitseffectivenessEntityStructureComponentsRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesprinciplesandpointsoffocus7January14,20142013COSOCube17PrinciplesPointsoffocusControls5ComponentsPointsoffocusdescribeimportantcharacteristicsofprinciplesPrinciplesarticulatefundamentalconceptsofcomponentsComponentsandPrinciplesarerequirementsforaneffectivesystemofinternalcontrolPointsofFocusandControlsaresubjecttomanagementjudgmentLegendRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesseventeenprinciplesforeffectiveinternalcontrol8January14,2014ControlEnvironment1.
Demonstratescommitmenttointegrityandethicalvalues2.
Exercisesoversightresponsibility3.
Establishesstructure,authorityandresponsibility4.
Demonstratescommitmenttocompetence5.
EnforcesaccountabilityRiskAssessment6.
Specifiessuitableobjectives7.
Identifiesandanalyzesrisk8.
Assessesfraudrisk9.
IdentifiesandanalyzessignificantchangeControlActivities10.
Selectsanddevelopscontrolactivities11.
Selectsanddevelopsgeneralcontrolsovertechnology12.
DeploysthroughpoliciesandproceduresInformation&Communication13.
Usesrelevantinformation14.
Communicatesinternally15.
CommunicatesexternallyMonitoringActivities16.
Conductsongoingand/orseparateevaluations17.
EvaluatesandcommunicatesdeficienciesPwC2013FrameworkclarifiesrequirementsforaneffectivesystemofinternalcontrolComponentsarepresentandfunctioningifeachrelevantprinciplesisdeterminedtobepresentandfunctioning(e.
g.
,nomaterialweaknessexists)Relevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemComponentsoperatetogetherwhen:ComponentsarepresentandfunctioningInternalcontroldeficienciesaggregatedacrosscomponentsdonotresultinthedeterminationthatoneormorematerialweaknessexist9January14,2014Aneffectivesystemofinternalcontrolrequires:EachofthefivecomponentsofinternalcontrolandrelevantprinciplesispresentandfunctioningThefivecomponentsareoperatingtogetherinanintegratedmannerPwCCOSOprinciples–Adeeperdive10January14,2014PwC2013FrameworkandICFR–PrinciplesRelevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemWhatcompaniesshoulddo:Documenthowthedesignofexistingcontrolsmapagainstthe17principles.
Remedypotentialdesigngapswhenexistingcontrolsarenotfullyadequate.
Testtheoperatingeffectivenessofanynewcontrolscomingintoscope11January14,2014PwC2013Frameworkdescribespointsoffocusforeachprinciple,e.
g.
12January14,2014Principle1DemonstratesCommitmenttoIntegrity…Principle2ExercisesOversightResponsibilityPrinciple3EstablishesStructuresAuthority,…ComponentControlEnvironmentSetsthetoneatthetopEstablishesstandardsofconductEvaluatesadherencetostandardsofconductAddressesdeviationsinatimelymannerEstablishesoversightresponsibilityAppliesrelevantexpertiseOperateindependentlyProvidesoversightforthesystemofinternalcontrolConsidersallstructuresoftheentityEstablishesreportinglinesDefines,assignsandlimitsauthoritiesandresponsibilitiesPrinciple4DemonstratesCommitmenttoCompetenceEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciplesPointsofFocusPwCPrinciplesandPointsofFocus,adeeperlook13January14,2014ComponentControlEnvironmentEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciple4DemonstratesCommitmenttoCompetenceTheorganizationdemonstratesacommitmenttoattract,develop,andretaincompetentindividualsinalignmentwithobjectives.
IndividualperformanceplansdefineexpectationsregardingICAllaccountingstaffattendannualupdatetrainingofnewaccountingpronouncementsControlExamplesPrinciplesPointsofFocusAnorganizationwithcomplexrevenueaccountingfailstomaintainadequatelytrainedCPAstooverseerevenueaccounting.
DeficiencyExamplesPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…14January14,2014Principle6SpecifiessuitableobjectivesPrinciple7IdentifiesandanalysesriskPrinciple8AssessesfraudriskComponentRiskAssessmentComplieswithapplicableaccountingstandardsConsidersmaterialityReflectsentityactivitiesIncludesentity,division,operatingunit,andfunctionsAnalyzesinternal/externalfactorsInvolvesappropriatelevelofmanagementEstimatessignificanceofrisksidentifiedDetermineshowtorespondtorisksConsidersvarioustypesoffraudAssessesincentiveandpressuresAssessesopportunitiesAssessesattitudesandrationalizationsPrinciple9IdentifiesandanalyzessignificantchangeAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipPrinciplesPointsofFocusPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…15January14,2014ComponentRiskAssessmentPointsofFocusPrinciple9:IdentifiesandAnalysesSignificantChangeTheorganizationidentifiesandassesseschangesthatcouldsignificantlyimpactthesystemofinternalcontrol.
PrinciplesAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipRiskassessmentsarerequiredforanysignificantchange,suchas:-InternationalExposure-SignificantAcquisitonCreateaninternalcontrolplanforanyexecutivetransitionControlExamplesThecompanyfailedtoupdatetheriskassessmentforchangesarisingfromtheChinaacquisition.
DeficiencyExamplesPwCTransitioningICFRto2013framework16January14,2014PwCTransitioningICFRto2013FrameworkCOSOdecidedtosupersedethe1992Frameworkattheendofthetransitionperiod(i.
e.
,December15,2014)"SECstaffplanstomonitorthetransitionforissuersusingthe1992frameworktoevaluatewhetherandifanystafforCommissionactionsbecomenecessaryorappropriateinthefuture.
However,atthistime,I'llsimplyreferusersoftheCOSOframeworktothestatementsCOSOhasmadeabouttheirnewframeworkandtheirthoughtsabouttransition.
"(PaulBeswick,S.
E.
C.
ChiefAccountant)TheSECstaffindicatedmorerecentlythatthelongerissuerscontinuetousethe1992framework,themorelikelytheyaretoreceivequestionsfromthestaffaboutwhethertheissuer'suseofthe1992frameworksatisfiestheSEC'srequirementtouseasuitable,recognizedframework,particularlyafterDecember15,2014whenCOSOwillconsiderthe1992frameworktohavebeensupersededbythe2013framework.
(CenterforAuditQuality'sSECRegulationsCommittee)17January14,2014PwCA404transitionplan(example)18January14,2014Four-phasesKeyActionsPhase1:EducateandCommunicateReview2013FrameworkandillustrativetoolsConducttrainingappropriateforboard/committeemembers,seniormanagement,managers,etc.
Developunderstandingofwhereprinciplesarerelevantattheentity(i.
e.
,corporate)andsubunits(divisions,subsidiaries,operatingunitsandfunctionallevels)Phase2:ConductPreliminaryAssessmentMap17principles(consideringpointsoffocus)toentitylevelcontrols(ELCs)ConsiderwhetherdifferencesincontrolsexistatsubunitsIdentifyanysignificant"gaps"indesignorSOXdocumentationofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"present")Phase3:CompleteAssessment&DevelopActionPlanPerformcomprehensiveassessmentandassesstheoperatingeffectivenessofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"functioning")AssessseverityofanyinternalcontroldeficienciesIdentifychangesincontrolsorSOXdocumentationnecessarytoremediatedeficienciesPhase4:ExecuteActionPlanRemediateinternalcontroldeficienciesofSOXdocumentation,asneededPwCPotentialimpactonICFRReactionsandresponseswilldifferdependingoncircumstancesIf1992FrameworkhasbeenthoroughlyappliedtocurrentICFR,thetransitionshouldnotresultinsignificantchangesorincrementaleffortPreliminaryassessment(i.
e.
,mappingprinciples,consideringpointsoffocus,tocontrols)mayreveal"gaps"indesignordocumentationofsomecontrols-Design—Controlsarenotdesignedtodemonstrateaprincipleispresent-Documentation—Controlsassociatedwiththeprincipleexist,buttheyarenotincludedintheSOXinternalcontroldocumentation19January14,2014PwCPotentialimpactonICFRFocusondesignofindirectentitylevelcontrols(ELCs)thataffectthe14principlesassociatedwiththe"softer"componentsofinternalcontrol.
IndirectELCshaveanimportant,butindirect,effectonthelikelihoodthatamisstatementwillbedetectedorpreventedonatimelybasis.
NoimpactexpectedondesignofdirectELCsandtransactionlevelcontrols(e.
g.
,threewaymatch,cashreconciliation)relatingtoControlActivities20January14,2014PwCPotentialimpactonICFRELCsoperatethroughouttheentireorganizationandoftenhaveapervasiveimpactoncontrols.
Forexample,thedesignofanindirectELCfocusedonassessingfinancialreportingriskscanbeconductedatthecorporateleveltoassessrisksrelatingtoallcomponentsoftheentity(i.
e.
,subunitlocations)oratindividualcomponentsDeterminingwhetheraprincipleispresentisamatterofmanagementjudgment.
AssessingthedesignofELCsinclude:-Component(s)oftheentitycoveredbythecontrolbeingevaluated-Objectiveofthecontrol-Whoperformsthecontrolwithnecessaryauthorityandcompetence-Frequencyofthecontrol'soperation-Specificproceduresthatareperformedtomeetthestatedobjective,includinganyinformationusedintheoperationofthecontrol21January14,2014PwCPotentialimpactonICFRBytakingafreshlookatthedesignofindirectELCs,managementmayidentifyopportunitiestore-designcontrolstoenhanceeffectivenessorefficiency22January14,2014PwCPotentialimpactonICFREvaluationofthethreeprinciplesrelatedtotheControlActivitiescomponentshouldbefocusedontheprocessforselecting,developinganddeployingcontrolactivitiesratherthanthedetailedcontrolactivitiesthemselves.
-Therefore,transitioningtothe2013Frameworkwillnotresultinanychangestoacompany'sriskandcontrolmatricesrelatingtotransactioncontrols(e.
g.
,threewaymatch,cashreconciliations,etc.
).
Themappingofprinciplestocontrolswillultimatelysupportthecompany'sdesignofthe"soft"componentsofinternalcontroloverfinancialreportinginaccordancewiththe2013Framework23January14,2014PwCPCAOBactionsimpactingSOX24January14,2014PwCPCAOBactionsimpactingSOXIncreasedfocusbyPCOABoninternalcontrolaspectsoftheIntegratedauditleadingtoincreasedPCAOBauditfindingsrelatedtointernalcontrol.
DocumentedininspectionreportsandtheActionAlert,datedOctober24th,2013.
DrivingchangesinexternalauditapproachtoICFR,increasedlevelsofdocumentation,changestocontroldesignandrequestsforadditionalevidence.
TheimpactonSOXteamsinsomesituationscanbesignificant.
25January14,2014PwCPCAOBareasofobservationSomeObservationsArecontrolsproperlydesignedandalignedtorisksTestingofmanagementreviewcontrolsEvidenceoversystemgenerateddataandreportsUseofworkofothersControlsover:-JournalEntries-Estimates,-Uniquetransactions,-Incometaxes26ImpacttoSOXTeamsIncreasedocumentationofend-to-endprocess,qualificationofcontrolperformers,andSODIncreaserigorofmanagementreviewcontrolsanddocumentationofpropercontrolexecution.
Enhancecontrolsoverspreadsheetsandotherend-userapplications.
Assistancewithtestingofkeyreports.
Criticalassessmentofcompetenceandobjectivity.
Lessrelianceonmanagementtesting.
Re-designofmanualandautomatedcontrolsoversensitiveareas.
January14,2014PwCHolisticApproachtoManageCosts,DeliverValue27ProcessLeanprocessframeworkappliedtocontrols,relateddocumentationandprojectmanagementprocessestoalignwithriskandstreamlineunnecessaryactivitiesIdentifyingcapabilitiestouseariskbasedtestingapproachtofocuseffortsonareaswithhighestriskoferrorandmisstatement.
StrategyEnsuresstakeholderalignmentaroundSOXprogramobjectivesandchangegoalsStructureCapturessynergiesbetweenSOXprogramsandexternalauditstodrivehighlevelsofexternalauditreliance.
PeopleUnderstandthetrainingandcontrolsknowledgeofthoseemployeesperformingkeycontrolsDeterminethemostcost-effectiveresourcesperformingworkwithlimitedvalue.
UnderstandtheexperienceandbackgroundofprogrammanagementrunningtheSOXprogram.
TechnologyEvaluateGRCplatforms,todeterminethattheyenableefficientworkflowsuchashand-offs,approvalsandmanagementreportingAutomatedcontrolsandcontinuousmonitoringareusedwherepossible,suchassegregationofduties,interfacebalancing,reconciliationsandtransactionmonitoring.
RequirementsMonitoringProgramManagementStrategyStakeholderAlignmentStructureSynergisticPeopleTrainedCostEffectiveExperiencedProcessLeanRiskBasedStreamlinedTechnologyAutomatedContinuousWorkflowQualityCompetent&ObjectiveJanuary14,2014PwCQuestions28January14,2014Thankyou.
.
.
2014PricewaterhouseCoopersLLP.
Allrightsreserved.
PwCreferstotheUnitedStatesmemberfirm,andmaysometimesrefertothePwCnetwork.
Eachmemberfirmisaseparatelegalentity.
Pleaseseewww.
pwc.
com/structureforfurtherdetails.
- potentialwww.pu811.com相关文档
- 天河www.pu811.com
- CIN1www.pu811.com
- suggestedwww.pu811.com
- torywww.pu811.com
- S2353www.pu811.com
- Analysiswww.pu811.com
wordpress外贸集团企业主题 wordpress高级推广外贸主题
wordpress外贸集团企业主题,wordpress通用跨屏外贸企业响应式布局设计,内置更完善的外贸企业网站优化推广功能,完善的企业产品营销展示 + 高效后台自定义设置。wordpress高级推广外贸主题,采用标准的HTML5+CSS3语言开发,兼容当下的各种主流浏览器,根据用户行为以及设备环境(系统平台、屏幕尺寸、屏幕定向等)进行自适应显示; 完美实现一套主题程序支持全部终端设备,保证网站在各...
Virmach($5.23/年)年付VPS闪购
每每进入第四季度,我们就可以看到各大云服务商的促销力度是一年中最大的。一来是年底的促销节日活动比较多,二来是商家希望最后一个季度冲刺业绩。这不还没有到第四季度,我们看到有些商家已经蠢蠢欲动的开始筹备活动。比如素有低价VPS收割机之称的Virmach商家居然还没有到黑色星期五就有发布黑五促销活动。Virmach 商家有十多个数据中心,价格是便宜的,但是机器稳定性和速度肯定我们也是有数的,要不这么低的...
SunthyCloud阿里云国际版分销商注册教程,即可PayPal信用卡分销商服务器
阿里云国际版注册认证教程-免绑卡-免实名买服务器安全、便宜、可靠、良心,支持人民币充值,提供代理折扣简介SunthyCloud成立于2015年,是阿里云国际版正规战略级渠道商,也是阿里云国际版最大的分销商,专业为全球企业客户提供阿里云国际版开户注册、认证、充值等服务,通过SunthyCloud开通阿里云国际版只需要一个邮箱,不需要PayPal信用卡就可以帮你开通、充值、新购、续费阿里云国际版,服务...
wwW.PU811.Com为你推荐
-
www.20ren.com求此欧美艳星名字http://www.sqsmm.com/index.php?album-read-id-1286.html百花百游百花蛇草的作用www.yahoo.com.hk香港的常用网站www.522av.com现在怎样在手机上看AVqq530.com求教:如何下载http://www.qq530.com/ 上的音乐斗城网女追男有多易?喜欢你,可我不知道你喜不喜欢我!!平安夜希望有他陪我过haole012.com说在:012qq.com这个网站能免费挂QQ,是真的吗?www.99vv1.comwww.in9.com是什么网站啊?hao.rising.cn如何解除瑞星主页锁定(hao.rising.cn). 不想用瑞星安全助手关键词分析如何进行关键词指数分析