potentialwww.pu811.com
wwW.PU811.Com 时间:2021-04-09 阅读:()
www.
pwc.
comCOSOChangesandtheimpactonICFRApresentationtothePugetSoundChapteroftheIIAJanuary14,2014PwCAgendaIntroductionsCurrentTrendsImpactingSOXCOSO–What'sChangingWhat'sNotDeeperDriveonSelectedPrinciplesTransitioningICFRtothe2013FrameworkPCAOBActionsImpactingSOXManageCosts,DeliverValuefromSOXQuestions2January14,2014PwCCurrenttrendsimpactingSOX3January14,2014COSOUpdateDrivingFY'14SOXChangesPCAOBActionsManageCosts,DeliverValuePwCCOSO'sInternalControl-IntegratedFramework(2013)4January14,2014PwCWhyupdate1992frameworkDostakeholdersunderstandrequirementsofeffectiveinternalcontrol5January14,2014ChangesinthebusinessenvironmentChangesinsidethebusinessLackofclarityLackofunderstandingSource-COSO'ssurveyofusersandstakeholders,worldwide–JanuarytoSeptember20110%50%100%ControlActivitiesMonitoringControlEnvironmentInformation&…RiskAssessmentDifficulttointerpretSomewhatdifficulttointerpretModeratelyeasytointerpretGenerallyeasytointerpretEasytointerpretOnly50%thoughtitwasgenerallyeasytointerpretPwC2013Frameworkpreservescorestrengthsembeddedin1992Framework6January14,2014UpdatedCOSOCubeWhatisNotfundamentallychanging.
.
.
CoredefinitionofinternalcontrolThreecategoriesofobjectivesandfivecomponentsofinternalcontrolEachofthefivecomponentsofinternalcontrolarerequiredforeffectiveinternalcontrolImportantroleofjudgmentindesigning,implementingandconductinginternalcontrol,andinassessingitseffectivenessEntityStructureComponentsRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesprinciplesandpointsoffocus7January14,20142013COSOCube17PrinciplesPointsoffocusControls5ComponentsPointsoffocusdescribeimportantcharacteristicsofprinciplesPrinciplesarticulatefundamentalconceptsofcomponentsComponentsandPrinciplesarerequirementsforaneffectivesystemofinternalcontrolPointsofFocusandControlsaresubjecttomanagementjudgmentLegendRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesseventeenprinciplesforeffectiveinternalcontrol8January14,2014ControlEnvironment1.
Demonstratescommitmenttointegrityandethicalvalues2.
Exercisesoversightresponsibility3.
Establishesstructure,authorityandresponsibility4.
Demonstratescommitmenttocompetence5.
EnforcesaccountabilityRiskAssessment6.
Specifiessuitableobjectives7.
Identifiesandanalyzesrisk8.
Assessesfraudrisk9.
IdentifiesandanalyzessignificantchangeControlActivities10.
Selectsanddevelopscontrolactivities11.
Selectsanddevelopsgeneralcontrolsovertechnology12.
DeploysthroughpoliciesandproceduresInformation&Communication13.
Usesrelevantinformation14.
Communicatesinternally15.
CommunicatesexternallyMonitoringActivities16.
Conductsongoingand/orseparateevaluations17.
EvaluatesandcommunicatesdeficienciesPwC2013FrameworkclarifiesrequirementsforaneffectivesystemofinternalcontrolComponentsarepresentandfunctioningifeachrelevantprinciplesisdeterminedtobepresentandfunctioning(e.
g.
,nomaterialweaknessexists)Relevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemComponentsoperatetogetherwhen:ComponentsarepresentandfunctioningInternalcontroldeficienciesaggregatedacrosscomponentsdonotresultinthedeterminationthatoneormorematerialweaknessexist9January14,2014Aneffectivesystemofinternalcontrolrequires:EachofthefivecomponentsofinternalcontrolandrelevantprinciplesispresentandfunctioningThefivecomponentsareoperatingtogetherinanintegratedmannerPwCCOSOprinciples–Adeeperdive10January14,2014PwC2013FrameworkandICFR–PrinciplesRelevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemWhatcompaniesshoulddo:Documenthowthedesignofexistingcontrolsmapagainstthe17principles.
Remedypotentialdesigngapswhenexistingcontrolsarenotfullyadequate.
Testtheoperatingeffectivenessofanynewcontrolscomingintoscope11January14,2014PwC2013Frameworkdescribespointsoffocusforeachprinciple,e.
g.
12January14,2014Principle1DemonstratesCommitmenttoIntegrity…Principle2ExercisesOversightResponsibilityPrinciple3EstablishesStructuresAuthority,…ComponentControlEnvironmentSetsthetoneatthetopEstablishesstandardsofconductEvaluatesadherencetostandardsofconductAddressesdeviationsinatimelymannerEstablishesoversightresponsibilityAppliesrelevantexpertiseOperateindependentlyProvidesoversightforthesystemofinternalcontrolConsidersallstructuresoftheentityEstablishesreportinglinesDefines,assignsandlimitsauthoritiesandresponsibilitiesPrinciple4DemonstratesCommitmenttoCompetenceEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciplesPointsofFocusPwCPrinciplesandPointsofFocus,adeeperlook13January14,2014ComponentControlEnvironmentEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciple4DemonstratesCommitmenttoCompetenceTheorganizationdemonstratesacommitmenttoattract,develop,andretaincompetentindividualsinalignmentwithobjectives.
IndividualperformanceplansdefineexpectationsregardingICAllaccountingstaffattendannualupdatetrainingofnewaccountingpronouncementsControlExamplesPrinciplesPointsofFocusAnorganizationwithcomplexrevenueaccountingfailstomaintainadequatelytrainedCPAstooverseerevenueaccounting.
DeficiencyExamplesPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…14January14,2014Principle6SpecifiessuitableobjectivesPrinciple7IdentifiesandanalysesriskPrinciple8AssessesfraudriskComponentRiskAssessmentComplieswithapplicableaccountingstandardsConsidersmaterialityReflectsentityactivitiesIncludesentity,division,operatingunit,andfunctionsAnalyzesinternal/externalfactorsInvolvesappropriatelevelofmanagementEstimatessignificanceofrisksidentifiedDetermineshowtorespondtorisksConsidersvarioustypesoffraudAssessesincentiveandpressuresAssessesopportunitiesAssessesattitudesandrationalizationsPrinciple9IdentifiesandanalyzessignificantchangeAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipPrinciplesPointsofFocusPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…15January14,2014ComponentRiskAssessmentPointsofFocusPrinciple9:IdentifiesandAnalysesSignificantChangeTheorganizationidentifiesandassesseschangesthatcouldsignificantlyimpactthesystemofinternalcontrol.
PrinciplesAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipRiskassessmentsarerequiredforanysignificantchange,suchas:-InternationalExposure-SignificantAcquisitonCreateaninternalcontrolplanforanyexecutivetransitionControlExamplesThecompanyfailedtoupdatetheriskassessmentforchangesarisingfromtheChinaacquisition.
DeficiencyExamplesPwCTransitioningICFRto2013framework16January14,2014PwCTransitioningICFRto2013FrameworkCOSOdecidedtosupersedethe1992Frameworkattheendofthetransitionperiod(i.
e.
,December15,2014)"SECstaffplanstomonitorthetransitionforissuersusingthe1992frameworktoevaluatewhetherandifanystafforCommissionactionsbecomenecessaryorappropriateinthefuture.
However,atthistime,I'llsimplyreferusersoftheCOSOframeworktothestatementsCOSOhasmadeabouttheirnewframeworkandtheirthoughtsabouttransition.
"(PaulBeswick,S.
E.
C.
ChiefAccountant)TheSECstaffindicatedmorerecentlythatthelongerissuerscontinuetousethe1992framework,themorelikelytheyaretoreceivequestionsfromthestaffaboutwhethertheissuer'suseofthe1992frameworksatisfiestheSEC'srequirementtouseasuitable,recognizedframework,particularlyafterDecember15,2014whenCOSOwillconsiderthe1992frameworktohavebeensupersededbythe2013framework.
(CenterforAuditQuality'sSECRegulationsCommittee)17January14,2014PwCA404transitionplan(example)18January14,2014Four-phasesKeyActionsPhase1:EducateandCommunicateReview2013FrameworkandillustrativetoolsConducttrainingappropriateforboard/committeemembers,seniormanagement,managers,etc.
Developunderstandingofwhereprinciplesarerelevantattheentity(i.
e.
,corporate)andsubunits(divisions,subsidiaries,operatingunitsandfunctionallevels)Phase2:ConductPreliminaryAssessmentMap17principles(consideringpointsoffocus)toentitylevelcontrols(ELCs)ConsiderwhetherdifferencesincontrolsexistatsubunitsIdentifyanysignificant"gaps"indesignorSOXdocumentationofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"present")Phase3:CompleteAssessment&DevelopActionPlanPerformcomprehensiveassessmentandassesstheoperatingeffectivenessofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"functioning")AssessseverityofanyinternalcontroldeficienciesIdentifychangesincontrolsorSOXdocumentationnecessarytoremediatedeficienciesPhase4:ExecuteActionPlanRemediateinternalcontroldeficienciesofSOXdocumentation,asneededPwCPotentialimpactonICFRReactionsandresponseswilldifferdependingoncircumstancesIf1992FrameworkhasbeenthoroughlyappliedtocurrentICFR,thetransitionshouldnotresultinsignificantchangesorincrementaleffortPreliminaryassessment(i.
e.
,mappingprinciples,consideringpointsoffocus,tocontrols)mayreveal"gaps"indesignordocumentationofsomecontrols-Design—Controlsarenotdesignedtodemonstrateaprincipleispresent-Documentation—Controlsassociatedwiththeprincipleexist,buttheyarenotincludedintheSOXinternalcontroldocumentation19January14,2014PwCPotentialimpactonICFRFocusondesignofindirectentitylevelcontrols(ELCs)thataffectthe14principlesassociatedwiththe"softer"componentsofinternalcontrol.
IndirectELCshaveanimportant,butindirect,effectonthelikelihoodthatamisstatementwillbedetectedorpreventedonatimelybasis.
NoimpactexpectedondesignofdirectELCsandtransactionlevelcontrols(e.
g.
,threewaymatch,cashreconciliation)relatingtoControlActivities20January14,2014PwCPotentialimpactonICFRELCsoperatethroughouttheentireorganizationandoftenhaveapervasiveimpactoncontrols.
Forexample,thedesignofanindirectELCfocusedonassessingfinancialreportingriskscanbeconductedatthecorporateleveltoassessrisksrelatingtoallcomponentsoftheentity(i.
e.
,subunitlocations)oratindividualcomponentsDeterminingwhetheraprincipleispresentisamatterofmanagementjudgment.
AssessingthedesignofELCsinclude:-Component(s)oftheentitycoveredbythecontrolbeingevaluated-Objectiveofthecontrol-Whoperformsthecontrolwithnecessaryauthorityandcompetence-Frequencyofthecontrol'soperation-Specificproceduresthatareperformedtomeetthestatedobjective,includinganyinformationusedintheoperationofthecontrol21January14,2014PwCPotentialimpactonICFRBytakingafreshlookatthedesignofindirectELCs,managementmayidentifyopportunitiestore-designcontrolstoenhanceeffectivenessorefficiency22January14,2014PwCPotentialimpactonICFREvaluationofthethreeprinciplesrelatedtotheControlActivitiescomponentshouldbefocusedontheprocessforselecting,developinganddeployingcontrolactivitiesratherthanthedetailedcontrolactivitiesthemselves.
-Therefore,transitioningtothe2013Frameworkwillnotresultinanychangestoacompany'sriskandcontrolmatricesrelatingtotransactioncontrols(e.
g.
,threewaymatch,cashreconciliations,etc.
).
Themappingofprinciplestocontrolswillultimatelysupportthecompany'sdesignofthe"soft"componentsofinternalcontroloverfinancialreportinginaccordancewiththe2013Framework23January14,2014PwCPCAOBactionsimpactingSOX24January14,2014PwCPCAOBactionsimpactingSOXIncreasedfocusbyPCOABoninternalcontrolaspectsoftheIntegratedauditleadingtoincreasedPCAOBauditfindingsrelatedtointernalcontrol.
DocumentedininspectionreportsandtheActionAlert,datedOctober24th,2013.
DrivingchangesinexternalauditapproachtoICFR,increasedlevelsofdocumentation,changestocontroldesignandrequestsforadditionalevidence.
TheimpactonSOXteamsinsomesituationscanbesignificant.
25January14,2014PwCPCAOBareasofobservationSomeObservationsArecontrolsproperlydesignedandalignedtorisksTestingofmanagementreviewcontrolsEvidenceoversystemgenerateddataandreportsUseofworkofothersControlsover:-JournalEntries-Estimates,-Uniquetransactions,-Incometaxes26ImpacttoSOXTeamsIncreasedocumentationofend-to-endprocess,qualificationofcontrolperformers,andSODIncreaserigorofmanagementreviewcontrolsanddocumentationofpropercontrolexecution.
Enhancecontrolsoverspreadsheetsandotherend-userapplications.
Assistancewithtestingofkeyreports.
Criticalassessmentofcompetenceandobjectivity.
Lessrelianceonmanagementtesting.
Re-designofmanualandautomatedcontrolsoversensitiveareas.
January14,2014PwCHolisticApproachtoManageCosts,DeliverValue27ProcessLeanprocessframeworkappliedtocontrols,relateddocumentationandprojectmanagementprocessestoalignwithriskandstreamlineunnecessaryactivitiesIdentifyingcapabilitiestouseariskbasedtestingapproachtofocuseffortsonareaswithhighestriskoferrorandmisstatement.
StrategyEnsuresstakeholderalignmentaroundSOXprogramobjectivesandchangegoalsStructureCapturessynergiesbetweenSOXprogramsandexternalauditstodrivehighlevelsofexternalauditreliance.
PeopleUnderstandthetrainingandcontrolsknowledgeofthoseemployeesperformingkeycontrolsDeterminethemostcost-effectiveresourcesperformingworkwithlimitedvalue.
UnderstandtheexperienceandbackgroundofprogrammanagementrunningtheSOXprogram.
TechnologyEvaluateGRCplatforms,todeterminethattheyenableefficientworkflowsuchashand-offs,approvalsandmanagementreportingAutomatedcontrolsandcontinuousmonitoringareusedwherepossible,suchassegregationofduties,interfacebalancing,reconciliationsandtransactionmonitoring.
RequirementsMonitoringProgramManagementStrategyStakeholderAlignmentStructureSynergisticPeopleTrainedCostEffectiveExperiencedProcessLeanRiskBasedStreamlinedTechnologyAutomatedContinuousWorkflowQualityCompetent&ObjectiveJanuary14,2014PwCQuestions28January14,2014Thankyou.
.
.
2014PricewaterhouseCoopersLLP.
Allrightsreserved.
PwCreferstotheUnitedStatesmemberfirm,andmaysometimesrefertothePwCnetwork.
Eachmemberfirmisaseparatelegalentity.
Pleaseseewww.
pwc.
com/structureforfurtherdetails.
pwc.
comCOSOChangesandtheimpactonICFRApresentationtothePugetSoundChapteroftheIIAJanuary14,2014PwCAgendaIntroductionsCurrentTrendsImpactingSOXCOSO–What'sChangingWhat'sNotDeeperDriveonSelectedPrinciplesTransitioningICFRtothe2013FrameworkPCAOBActionsImpactingSOXManageCosts,DeliverValuefromSOXQuestions2January14,2014PwCCurrenttrendsimpactingSOX3January14,2014COSOUpdateDrivingFY'14SOXChangesPCAOBActionsManageCosts,DeliverValuePwCCOSO'sInternalControl-IntegratedFramework(2013)4January14,2014PwCWhyupdate1992frameworkDostakeholdersunderstandrequirementsofeffectiveinternalcontrol5January14,2014ChangesinthebusinessenvironmentChangesinsidethebusinessLackofclarityLackofunderstandingSource-COSO'ssurveyofusersandstakeholders,worldwide–JanuarytoSeptember20110%50%100%ControlActivitiesMonitoringControlEnvironmentInformation&…RiskAssessmentDifficulttointerpretSomewhatdifficulttointerpretModeratelyeasytointerpretGenerallyeasytointerpretEasytointerpretOnly50%thoughtitwasgenerallyeasytointerpretPwC2013Frameworkpreservescorestrengthsembeddedin1992Framework6January14,2014UpdatedCOSOCubeWhatisNotfundamentallychanging.
.
.
CoredefinitionofinternalcontrolThreecategoriesofobjectivesandfivecomponentsofinternalcontrolEachofthefivecomponentsofinternalcontrolarerequiredforeffectiveinternalcontrolImportantroleofjudgmentindesigning,implementingandconductinginternalcontrol,andinassessingitseffectivenessEntityStructureComponentsRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesprinciplesandpointsoffocus7January14,20142013COSOCube17PrinciplesPointsoffocusControls5ComponentsPointsoffocusdescribeimportantcharacteristicsofprinciplesPrinciplesarticulatefundamentalconceptsofcomponentsComponentsandPrinciplesarerequirementsforaneffectivesystemofinternalcontrolPointsofFocusandControlsaresubjecttomanagementjudgmentLegendRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesseventeenprinciplesforeffectiveinternalcontrol8January14,2014ControlEnvironment1.
Demonstratescommitmenttointegrityandethicalvalues2.
Exercisesoversightresponsibility3.
Establishesstructure,authorityandresponsibility4.
Demonstratescommitmenttocompetence5.
EnforcesaccountabilityRiskAssessment6.
Specifiessuitableobjectives7.
Identifiesandanalyzesrisk8.
Assessesfraudrisk9.
IdentifiesandanalyzessignificantchangeControlActivities10.
Selectsanddevelopscontrolactivities11.
Selectsanddevelopsgeneralcontrolsovertechnology12.
DeploysthroughpoliciesandproceduresInformation&Communication13.
Usesrelevantinformation14.
Communicatesinternally15.
CommunicatesexternallyMonitoringActivities16.
Conductsongoingand/orseparateevaluations17.
EvaluatesandcommunicatesdeficienciesPwC2013FrameworkclarifiesrequirementsforaneffectivesystemofinternalcontrolComponentsarepresentandfunctioningifeachrelevantprinciplesisdeterminedtobepresentandfunctioning(e.
g.
,nomaterialweaknessexists)Relevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemComponentsoperatetogetherwhen:ComponentsarepresentandfunctioningInternalcontroldeficienciesaggregatedacrosscomponentsdonotresultinthedeterminationthatoneormorematerialweaknessexist9January14,2014Aneffectivesystemofinternalcontrolrequires:EachofthefivecomponentsofinternalcontrolandrelevantprinciplesispresentandfunctioningThefivecomponentsareoperatingtogetherinanintegratedmannerPwCCOSOprinciples–Adeeperdive10January14,2014PwC2013FrameworkandICFR–PrinciplesRelevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemWhatcompaniesshoulddo:Documenthowthedesignofexistingcontrolsmapagainstthe17principles.
Remedypotentialdesigngapswhenexistingcontrolsarenotfullyadequate.
Testtheoperatingeffectivenessofanynewcontrolscomingintoscope11January14,2014PwC2013Frameworkdescribespointsoffocusforeachprinciple,e.
g.
12January14,2014Principle1DemonstratesCommitmenttoIntegrity…Principle2ExercisesOversightResponsibilityPrinciple3EstablishesStructuresAuthority,…ComponentControlEnvironmentSetsthetoneatthetopEstablishesstandardsofconductEvaluatesadherencetostandardsofconductAddressesdeviationsinatimelymannerEstablishesoversightresponsibilityAppliesrelevantexpertiseOperateindependentlyProvidesoversightforthesystemofinternalcontrolConsidersallstructuresoftheentityEstablishesreportinglinesDefines,assignsandlimitsauthoritiesandresponsibilitiesPrinciple4DemonstratesCommitmenttoCompetenceEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciplesPointsofFocusPwCPrinciplesandPointsofFocus,adeeperlook13January14,2014ComponentControlEnvironmentEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciple4DemonstratesCommitmenttoCompetenceTheorganizationdemonstratesacommitmenttoattract,develop,andretaincompetentindividualsinalignmentwithobjectives.
IndividualperformanceplansdefineexpectationsregardingICAllaccountingstaffattendannualupdatetrainingofnewaccountingpronouncementsControlExamplesPrinciplesPointsofFocusAnorganizationwithcomplexrevenueaccountingfailstomaintainadequatelytrainedCPAstooverseerevenueaccounting.
DeficiencyExamplesPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…14January14,2014Principle6SpecifiessuitableobjectivesPrinciple7IdentifiesandanalysesriskPrinciple8AssessesfraudriskComponentRiskAssessmentComplieswithapplicableaccountingstandardsConsidersmaterialityReflectsentityactivitiesIncludesentity,division,operatingunit,andfunctionsAnalyzesinternal/externalfactorsInvolvesappropriatelevelofmanagementEstimatessignificanceofrisksidentifiedDetermineshowtorespondtorisksConsidersvarioustypesoffraudAssessesincentiveandpressuresAssessesopportunitiesAssessesattitudesandrationalizationsPrinciple9IdentifiesandanalyzessignificantchangeAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipPrinciplesPointsofFocusPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…15January14,2014ComponentRiskAssessmentPointsofFocusPrinciple9:IdentifiesandAnalysesSignificantChangeTheorganizationidentifiesandassesseschangesthatcouldsignificantlyimpactthesystemofinternalcontrol.
PrinciplesAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipRiskassessmentsarerequiredforanysignificantchange,suchas:-InternationalExposure-SignificantAcquisitonCreateaninternalcontrolplanforanyexecutivetransitionControlExamplesThecompanyfailedtoupdatetheriskassessmentforchangesarisingfromtheChinaacquisition.
DeficiencyExamplesPwCTransitioningICFRto2013framework16January14,2014PwCTransitioningICFRto2013FrameworkCOSOdecidedtosupersedethe1992Frameworkattheendofthetransitionperiod(i.
e.
,December15,2014)"SECstaffplanstomonitorthetransitionforissuersusingthe1992frameworktoevaluatewhetherandifanystafforCommissionactionsbecomenecessaryorappropriateinthefuture.
However,atthistime,I'llsimplyreferusersoftheCOSOframeworktothestatementsCOSOhasmadeabouttheirnewframeworkandtheirthoughtsabouttransition.
"(PaulBeswick,S.
E.
C.
ChiefAccountant)TheSECstaffindicatedmorerecentlythatthelongerissuerscontinuetousethe1992framework,themorelikelytheyaretoreceivequestionsfromthestaffaboutwhethertheissuer'suseofthe1992frameworksatisfiestheSEC'srequirementtouseasuitable,recognizedframework,particularlyafterDecember15,2014whenCOSOwillconsiderthe1992frameworktohavebeensupersededbythe2013framework.
(CenterforAuditQuality'sSECRegulationsCommittee)17January14,2014PwCA404transitionplan(example)18January14,2014Four-phasesKeyActionsPhase1:EducateandCommunicateReview2013FrameworkandillustrativetoolsConducttrainingappropriateforboard/committeemembers,seniormanagement,managers,etc.
Developunderstandingofwhereprinciplesarerelevantattheentity(i.
e.
,corporate)andsubunits(divisions,subsidiaries,operatingunitsandfunctionallevels)Phase2:ConductPreliminaryAssessmentMap17principles(consideringpointsoffocus)toentitylevelcontrols(ELCs)ConsiderwhetherdifferencesincontrolsexistatsubunitsIdentifyanysignificant"gaps"indesignorSOXdocumentationofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"present")Phase3:CompleteAssessment&DevelopActionPlanPerformcomprehensiveassessmentandassesstheoperatingeffectivenessofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"functioning")AssessseverityofanyinternalcontroldeficienciesIdentifychangesincontrolsorSOXdocumentationnecessarytoremediatedeficienciesPhase4:ExecuteActionPlanRemediateinternalcontroldeficienciesofSOXdocumentation,asneededPwCPotentialimpactonICFRReactionsandresponseswilldifferdependingoncircumstancesIf1992FrameworkhasbeenthoroughlyappliedtocurrentICFR,thetransitionshouldnotresultinsignificantchangesorincrementaleffortPreliminaryassessment(i.
e.
,mappingprinciples,consideringpointsoffocus,tocontrols)mayreveal"gaps"indesignordocumentationofsomecontrols-Design—Controlsarenotdesignedtodemonstrateaprincipleispresent-Documentation—Controlsassociatedwiththeprincipleexist,buttheyarenotincludedintheSOXinternalcontroldocumentation19January14,2014PwCPotentialimpactonICFRFocusondesignofindirectentitylevelcontrols(ELCs)thataffectthe14principlesassociatedwiththe"softer"componentsofinternalcontrol.
IndirectELCshaveanimportant,butindirect,effectonthelikelihoodthatamisstatementwillbedetectedorpreventedonatimelybasis.
NoimpactexpectedondesignofdirectELCsandtransactionlevelcontrols(e.
g.
,threewaymatch,cashreconciliation)relatingtoControlActivities20January14,2014PwCPotentialimpactonICFRELCsoperatethroughouttheentireorganizationandoftenhaveapervasiveimpactoncontrols.
Forexample,thedesignofanindirectELCfocusedonassessingfinancialreportingriskscanbeconductedatthecorporateleveltoassessrisksrelatingtoallcomponentsoftheentity(i.
e.
,subunitlocations)oratindividualcomponentsDeterminingwhetheraprincipleispresentisamatterofmanagementjudgment.
AssessingthedesignofELCsinclude:-Component(s)oftheentitycoveredbythecontrolbeingevaluated-Objectiveofthecontrol-Whoperformsthecontrolwithnecessaryauthorityandcompetence-Frequencyofthecontrol'soperation-Specificproceduresthatareperformedtomeetthestatedobjective,includinganyinformationusedintheoperationofthecontrol21January14,2014PwCPotentialimpactonICFRBytakingafreshlookatthedesignofindirectELCs,managementmayidentifyopportunitiestore-designcontrolstoenhanceeffectivenessorefficiency22January14,2014PwCPotentialimpactonICFREvaluationofthethreeprinciplesrelatedtotheControlActivitiescomponentshouldbefocusedontheprocessforselecting,developinganddeployingcontrolactivitiesratherthanthedetailedcontrolactivitiesthemselves.
-Therefore,transitioningtothe2013Frameworkwillnotresultinanychangestoacompany'sriskandcontrolmatricesrelatingtotransactioncontrols(e.
g.
,threewaymatch,cashreconciliations,etc.
).
Themappingofprinciplestocontrolswillultimatelysupportthecompany'sdesignofthe"soft"componentsofinternalcontroloverfinancialreportinginaccordancewiththe2013Framework23January14,2014PwCPCAOBactionsimpactingSOX24January14,2014PwCPCAOBactionsimpactingSOXIncreasedfocusbyPCOABoninternalcontrolaspectsoftheIntegratedauditleadingtoincreasedPCAOBauditfindingsrelatedtointernalcontrol.
DocumentedininspectionreportsandtheActionAlert,datedOctober24th,2013.
DrivingchangesinexternalauditapproachtoICFR,increasedlevelsofdocumentation,changestocontroldesignandrequestsforadditionalevidence.
TheimpactonSOXteamsinsomesituationscanbesignificant.
25January14,2014PwCPCAOBareasofobservationSomeObservationsArecontrolsproperlydesignedandalignedtorisksTestingofmanagementreviewcontrolsEvidenceoversystemgenerateddataandreportsUseofworkofothersControlsover:-JournalEntries-Estimates,-Uniquetransactions,-Incometaxes26ImpacttoSOXTeamsIncreasedocumentationofend-to-endprocess,qualificationofcontrolperformers,andSODIncreaserigorofmanagementreviewcontrolsanddocumentationofpropercontrolexecution.
Enhancecontrolsoverspreadsheetsandotherend-userapplications.
Assistancewithtestingofkeyreports.
Criticalassessmentofcompetenceandobjectivity.
Lessrelianceonmanagementtesting.
Re-designofmanualandautomatedcontrolsoversensitiveareas.
January14,2014PwCHolisticApproachtoManageCosts,DeliverValue27ProcessLeanprocessframeworkappliedtocontrols,relateddocumentationandprojectmanagementprocessestoalignwithriskandstreamlineunnecessaryactivitiesIdentifyingcapabilitiestouseariskbasedtestingapproachtofocuseffortsonareaswithhighestriskoferrorandmisstatement.
StrategyEnsuresstakeholderalignmentaroundSOXprogramobjectivesandchangegoalsStructureCapturessynergiesbetweenSOXprogramsandexternalauditstodrivehighlevelsofexternalauditreliance.
PeopleUnderstandthetrainingandcontrolsknowledgeofthoseemployeesperformingkeycontrolsDeterminethemostcost-effectiveresourcesperformingworkwithlimitedvalue.
UnderstandtheexperienceandbackgroundofprogrammanagementrunningtheSOXprogram.
TechnologyEvaluateGRCplatforms,todeterminethattheyenableefficientworkflowsuchashand-offs,approvalsandmanagementreportingAutomatedcontrolsandcontinuousmonitoringareusedwherepossible,suchassegregationofduties,interfacebalancing,reconciliationsandtransactionmonitoring.
RequirementsMonitoringProgramManagementStrategyStakeholderAlignmentStructureSynergisticPeopleTrainedCostEffectiveExperiencedProcessLeanRiskBasedStreamlinedTechnologyAutomatedContinuousWorkflowQualityCompetent&ObjectiveJanuary14,2014PwCQuestions28January14,2014Thankyou.
.
.
2014PricewaterhouseCoopersLLP.
Allrightsreserved.
PwCreferstotheUnitedStatesmemberfirm,andmaysometimesrefertothePwCnetwork.
Eachmemberfirmisaseparatelegalentity.
Pleaseseewww.
pwc.
com/structureforfurtherdetails.
- potentialwww.pu811.com相关文档
- 天河www.pu811.com
- CIN1www.pu811.com
- suggestedwww.pu811.com
- torywww.pu811.com
- S2353www.pu811.com
- Analysiswww.pu811.com
Hostiger发布哥伦布日提供VPS主机首月七折优惠 月费2.79美元
Hostiger商家我们可能以前也是有见过的,以前他们的域名是Hostigger,后来进行微调后包装成现在的。而且推出Columbus Day哥伦布日优惠活动,提供全场的VPS主机首月7折月付2.79美元起的优惠。这里我们普及一下基础知识,Columbus Day ,即为每年10月12日,是一些美洲国家的节日,纪念克里斯托弗·哥伦布在北美登陆,为美国的联邦假日。Hostiger 商家是一个成立于2...
SugarHosts糖果主机圣诞节促销 美国/香港虚拟主机低至6折
SugarHosts 糖果主机商我们算是比较熟悉的,早年学会建站的时候开始就用的糖果虚拟主机,目前他们家还算是为数不多提供虚拟主机的商家,有提供香港、美国、德国等虚拟主机机房。香港机房CN2速度比较快,美国机房有提供优化线路和普通线路适合外贸业务。德国欧洲机房适合欧洲业务的虚拟主机。糖果主机商一般是不会发布黑五活动的,他们在圣圣诞节促销活动是有的,我们看到糖果主机商发布的圣诞节促销虚拟主机低至6折...
华为云年中聚惠618活动,新用户专区,云服务器低至88元/年,3年仅580.98元,热销抢购中,最后2天!
华为云怎么样?华为云用在线的方式将华为30多年在ICT基础设施领域的技术积累和产品解决方案开放给客户,致力于提供稳定可靠、安全可信、可持续创新的云服务,做智能世界的“黑土地”,推进实现“用得起、用得好、用得放心”的普惠AI。华为云作为底座,为华为全栈全场景AI战略提供强大的算力平台和更易用的开发平台。本次年终聚惠618活动相当给力,1核2G内存1m云耀云服务器仅88元/年起,送主机安全基础版套餐,...
wwW.PU811.Com为你推荐
-
怎么查询商标想要知道一个商标是否被注册,在哪里查到的比较权威?同一服务器网站服务器建设:一个服务器有多个网站该如何设置?www.gegeshe.com有什么好听的流行歌曲杨丽晓博客杨丽晓是怎么 出道的m88.comwww.m88.com现在的官方网址是哪个啊 ?www.m88.com怎么样?www.ca800.com西门子plc仿真软件有什么功能www.gogo.comNEO春之色直径?hao.rising.cn我的Google Chrome主页被http://hao.rising.cn//?b=64锁定了,谁有办法?朴容熙这个网诺红人叫什么29ff.comhttp://fcm.com在哪里输入这个网址啊