potentialwww.pu811.com
wwW.PU811.Com 时间:2021-04-09 阅读:()
www.
pwc.
comCOSOChangesandtheimpactonICFRApresentationtothePugetSoundChapteroftheIIAJanuary14,2014PwCAgendaIntroductionsCurrentTrendsImpactingSOXCOSO–What'sChangingWhat'sNotDeeperDriveonSelectedPrinciplesTransitioningICFRtothe2013FrameworkPCAOBActionsImpactingSOXManageCosts,DeliverValuefromSOXQuestions2January14,2014PwCCurrenttrendsimpactingSOX3January14,2014COSOUpdateDrivingFY'14SOXChangesPCAOBActionsManageCosts,DeliverValuePwCCOSO'sInternalControl-IntegratedFramework(2013)4January14,2014PwCWhyupdate1992frameworkDostakeholdersunderstandrequirementsofeffectiveinternalcontrol5January14,2014ChangesinthebusinessenvironmentChangesinsidethebusinessLackofclarityLackofunderstandingSource-COSO'ssurveyofusersandstakeholders,worldwide–JanuarytoSeptember20110%50%100%ControlActivitiesMonitoringControlEnvironmentInformation&…RiskAssessmentDifficulttointerpretSomewhatdifficulttointerpretModeratelyeasytointerpretGenerallyeasytointerpretEasytointerpretOnly50%thoughtitwasgenerallyeasytointerpretPwC2013Frameworkpreservescorestrengthsembeddedin1992Framework6January14,2014UpdatedCOSOCubeWhatisNotfundamentallychanging.
.
.
CoredefinitionofinternalcontrolThreecategoriesofobjectivesandfivecomponentsofinternalcontrolEachofthefivecomponentsofinternalcontrolarerequiredforeffectiveinternalcontrolImportantroleofjudgmentindesigning,implementingandconductinginternalcontrol,andinassessingitseffectivenessEntityStructureComponentsRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesprinciplesandpointsoffocus7January14,20142013COSOCube17PrinciplesPointsoffocusControls5ComponentsPointsoffocusdescribeimportantcharacteristicsofprinciplesPrinciplesarticulatefundamentalconceptsofcomponentsComponentsandPrinciplesarerequirementsforaneffectivesystemofinternalcontrolPointsofFocusandControlsaresubjecttomanagementjudgmentLegendRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesseventeenprinciplesforeffectiveinternalcontrol8January14,2014ControlEnvironment1.
Demonstratescommitmenttointegrityandethicalvalues2.
Exercisesoversightresponsibility3.
Establishesstructure,authorityandresponsibility4.
Demonstratescommitmenttocompetence5.
EnforcesaccountabilityRiskAssessment6.
Specifiessuitableobjectives7.
Identifiesandanalyzesrisk8.
Assessesfraudrisk9.
IdentifiesandanalyzessignificantchangeControlActivities10.
Selectsanddevelopscontrolactivities11.
Selectsanddevelopsgeneralcontrolsovertechnology12.
DeploysthroughpoliciesandproceduresInformation&Communication13.
Usesrelevantinformation14.
Communicatesinternally15.
CommunicatesexternallyMonitoringActivities16.
Conductsongoingand/orseparateevaluations17.
EvaluatesandcommunicatesdeficienciesPwC2013FrameworkclarifiesrequirementsforaneffectivesystemofinternalcontrolComponentsarepresentandfunctioningifeachrelevantprinciplesisdeterminedtobepresentandfunctioning(e.
g.
,nomaterialweaknessexists)Relevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemComponentsoperatetogetherwhen:ComponentsarepresentandfunctioningInternalcontroldeficienciesaggregatedacrosscomponentsdonotresultinthedeterminationthatoneormorematerialweaknessexist9January14,2014Aneffectivesystemofinternalcontrolrequires:EachofthefivecomponentsofinternalcontrolandrelevantprinciplesispresentandfunctioningThefivecomponentsareoperatingtogetherinanintegratedmannerPwCCOSOprinciples–Adeeperdive10January14,2014PwC2013FrameworkandICFR–PrinciplesRelevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemWhatcompaniesshoulddo:Documenthowthedesignofexistingcontrolsmapagainstthe17principles.
Remedypotentialdesigngapswhenexistingcontrolsarenotfullyadequate.
Testtheoperatingeffectivenessofanynewcontrolscomingintoscope11January14,2014PwC2013Frameworkdescribespointsoffocusforeachprinciple,e.
g.
12January14,2014Principle1DemonstratesCommitmenttoIntegrity…Principle2ExercisesOversightResponsibilityPrinciple3EstablishesStructuresAuthority,…ComponentControlEnvironmentSetsthetoneatthetopEstablishesstandardsofconductEvaluatesadherencetostandardsofconductAddressesdeviationsinatimelymannerEstablishesoversightresponsibilityAppliesrelevantexpertiseOperateindependentlyProvidesoversightforthesystemofinternalcontrolConsidersallstructuresoftheentityEstablishesreportinglinesDefines,assignsandlimitsauthoritiesandresponsibilitiesPrinciple4DemonstratesCommitmenttoCompetenceEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciplesPointsofFocusPwCPrinciplesandPointsofFocus,adeeperlook13January14,2014ComponentControlEnvironmentEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciple4DemonstratesCommitmenttoCompetenceTheorganizationdemonstratesacommitmenttoattract,develop,andretaincompetentindividualsinalignmentwithobjectives.
IndividualperformanceplansdefineexpectationsregardingICAllaccountingstaffattendannualupdatetrainingofnewaccountingpronouncementsControlExamplesPrinciplesPointsofFocusAnorganizationwithcomplexrevenueaccountingfailstomaintainadequatelytrainedCPAstooverseerevenueaccounting.
DeficiencyExamplesPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…14January14,2014Principle6SpecifiessuitableobjectivesPrinciple7IdentifiesandanalysesriskPrinciple8AssessesfraudriskComponentRiskAssessmentComplieswithapplicableaccountingstandardsConsidersmaterialityReflectsentityactivitiesIncludesentity,division,operatingunit,andfunctionsAnalyzesinternal/externalfactorsInvolvesappropriatelevelofmanagementEstimatessignificanceofrisksidentifiedDetermineshowtorespondtorisksConsidersvarioustypesoffraudAssessesincentiveandpressuresAssessesopportunitiesAssessesattitudesandrationalizationsPrinciple9IdentifiesandanalyzessignificantchangeAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipPrinciplesPointsofFocusPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…15January14,2014ComponentRiskAssessmentPointsofFocusPrinciple9:IdentifiesandAnalysesSignificantChangeTheorganizationidentifiesandassesseschangesthatcouldsignificantlyimpactthesystemofinternalcontrol.
PrinciplesAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipRiskassessmentsarerequiredforanysignificantchange,suchas:-InternationalExposure-SignificantAcquisitonCreateaninternalcontrolplanforanyexecutivetransitionControlExamplesThecompanyfailedtoupdatetheriskassessmentforchangesarisingfromtheChinaacquisition.
DeficiencyExamplesPwCTransitioningICFRto2013framework16January14,2014PwCTransitioningICFRto2013FrameworkCOSOdecidedtosupersedethe1992Frameworkattheendofthetransitionperiod(i.
e.
,December15,2014)"SECstaffplanstomonitorthetransitionforissuersusingthe1992frameworktoevaluatewhetherandifanystafforCommissionactionsbecomenecessaryorappropriateinthefuture.
However,atthistime,I'llsimplyreferusersoftheCOSOframeworktothestatementsCOSOhasmadeabouttheirnewframeworkandtheirthoughtsabouttransition.
"(PaulBeswick,S.
E.
C.
ChiefAccountant)TheSECstaffindicatedmorerecentlythatthelongerissuerscontinuetousethe1992framework,themorelikelytheyaretoreceivequestionsfromthestaffaboutwhethertheissuer'suseofthe1992frameworksatisfiestheSEC'srequirementtouseasuitable,recognizedframework,particularlyafterDecember15,2014whenCOSOwillconsiderthe1992frameworktohavebeensupersededbythe2013framework.
(CenterforAuditQuality'sSECRegulationsCommittee)17January14,2014PwCA404transitionplan(example)18January14,2014Four-phasesKeyActionsPhase1:EducateandCommunicateReview2013FrameworkandillustrativetoolsConducttrainingappropriateforboard/committeemembers,seniormanagement,managers,etc.
Developunderstandingofwhereprinciplesarerelevantattheentity(i.
e.
,corporate)andsubunits(divisions,subsidiaries,operatingunitsandfunctionallevels)Phase2:ConductPreliminaryAssessmentMap17principles(consideringpointsoffocus)toentitylevelcontrols(ELCs)ConsiderwhetherdifferencesincontrolsexistatsubunitsIdentifyanysignificant"gaps"indesignorSOXdocumentationofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"present")Phase3:CompleteAssessment&DevelopActionPlanPerformcomprehensiveassessmentandassesstheoperatingeffectivenessofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"functioning")AssessseverityofanyinternalcontroldeficienciesIdentifychangesincontrolsorSOXdocumentationnecessarytoremediatedeficienciesPhase4:ExecuteActionPlanRemediateinternalcontroldeficienciesofSOXdocumentation,asneededPwCPotentialimpactonICFRReactionsandresponseswilldifferdependingoncircumstancesIf1992FrameworkhasbeenthoroughlyappliedtocurrentICFR,thetransitionshouldnotresultinsignificantchangesorincrementaleffortPreliminaryassessment(i.
e.
,mappingprinciples,consideringpointsoffocus,tocontrols)mayreveal"gaps"indesignordocumentationofsomecontrols-Design—Controlsarenotdesignedtodemonstrateaprincipleispresent-Documentation—Controlsassociatedwiththeprincipleexist,buttheyarenotincludedintheSOXinternalcontroldocumentation19January14,2014PwCPotentialimpactonICFRFocusondesignofindirectentitylevelcontrols(ELCs)thataffectthe14principlesassociatedwiththe"softer"componentsofinternalcontrol.
IndirectELCshaveanimportant,butindirect,effectonthelikelihoodthatamisstatementwillbedetectedorpreventedonatimelybasis.
NoimpactexpectedondesignofdirectELCsandtransactionlevelcontrols(e.
g.
,threewaymatch,cashreconciliation)relatingtoControlActivities20January14,2014PwCPotentialimpactonICFRELCsoperatethroughouttheentireorganizationandoftenhaveapervasiveimpactoncontrols.
Forexample,thedesignofanindirectELCfocusedonassessingfinancialreportingriskscanbeconductedatthecorporateleveltoassessrisksrelatingtoallcomponentsoftheentity(i.
e.
,subunitlocations)oratindividualcomponentsDeterminingwhetheraprincipleispresentisamatterofmanagementjudgment.
AssessingthedesignofELCsinclude:-Component(s)oftheentitycoveredbythecontrolbeingevaluated-Objectiveofthecontrol-Whoperformsthecontrolwithnecessaryauthorityandcompetence-Frequencyofthecontrol'soperation-Specificproceduresthatareperformedtomeetthestatedobjective,includinganyinformationusedintheoperationofthecontrol21January14,2014PwCPotentialimpactonICFRBytakingafreshlookatthedesignofindirectELCs,managementmayidentifyopportunitiestore-designcontrolstoenhanceeffectivenessorefficiency22January14,2014PwCPotentialimpactonICFREvaluationofthethreeprinciplesrelatedtotheControlActivitiescomponentshouldbefocusedontheprocessforselecting,developinganddeployingcontrolactivitiesratherthanthedetailedcontrolactivitiesthemselves.
-Therefore,transitioningtothe2013Frameworkwillnotresultinanychangestoacompany'sriskandcontrolmatricesrelatingtotransactioncontrols(e.
g.
,threewaymatch,cashreconciliations,etc.
).
Themappingofprinciplestocontrolswillultimatelysupportthecompany'sdesignofthe"soft"componentsofinternalcontroloverfinancialreportinginaccordancewiththe2013Framework23January14,2014PwCPCAOBactionsimpactingSOX24January14,2014PwCPCAOBactionsimpactingSOXIncreasedfocusbyPCOABoninternalcontrolaspectsoftheIntegratedauditleadingtoincreasedPCAOBauditfindingsrelatedtointernalcontrol.
DocumentedininspectionreportsandtheActionAlert,datedOctober24th,2013.
DrivingchangesinexternalauditapproachtoICFR,increasedlevelsofdocumentation,changestocontroldesignandrequestsforadditionalevidence.
TheimpactonSOXteamsinsomesituationscanbesignificant.
25January14,2014PwCPCAOBareasofobservationSomeObservationsArecontrolsproperlydesignedandalignedtorisksTestingofmanagementreviewcontrolsEvidenceoversystemgenerateddataandreportsUseofworkofothersControlsover:-JournalEntries-Estimates,-Uniquetransactions,-Incometaxes26ImpacttoSOXTeamsIncreasedocumentationofend-to-endprocess,qualificationofcontrolperformers,andSODIncreaserigorofmanagementreviewcontrolsanddocumentationofpropercontrolexecution.
Enhancecontrolsoverspreadsheetsandotherend-userapplications.
Assistancewithtestingofkeyreports.
Criticalassessmentofcompetenceandobjectivity.
Lessrelianceonmanagementtesting.
Re-designofmanualandautomatedcontrolsoversensitiveareas.
January14,2014PwCHolisticApproachtoManageCosts,DeliverValue27ProcessLeanprocessframeworkappliedtocontrols,relateddocumentationandprojectmanagementprocessestoalignwithriskandstreamlineunnecessaryactivitiesIdentifyingcapabilitiestouseariskbasedtestingapproachtofocuseffortsonareaswithhighestriskoferrorandmisstatement.
StrategyEnsuresstakeholderalignmentaroundSOXprogramobjectivesandchangegoalsStructureCapturessynergiesbetweenSOXprogramsandexternalauditstodrivehighlevelsofexternalauditreliance.
PeopleUnderstandthetrainingandcontrolsknowledgeofthoseemployeesperformingkeycontrolsDeterminethemostcost-effectiveresourcesperformingworkwithlimitedvalue.
UnderstandtheexperienceandbackgroundofprogrammanagementrunningtheSOXprogram.
TechnologyEvaluateGRCplatforms,todeterminethattheyenableefficientworkflowsuchashand-offs,approvalsandmanagementreportingAutomatedcontrolsandcontinuousmonitoringareusedwherepossible,suchassegregationofduties,interfacebalancing,reconciliationsandtransactionmonitoring.
RequirementsMonitoringProgramManagementStrategyStakeholderAlignmentStructureSynergisticPeopleTrainedCostEffectiveExperiencedProcessLeanRiskBasedStreamlinedTechnologyAutomatedContinuousWorkflowQualityCompetent&ObjectiveJanuary14,2014PwCQuestions28January14,2014Thankyou.
.
.
2014PricewaterhouseCoopersLLP.
Allrightsreserved.
PwCreferstotheUnitedStatesmemberfirm,andmaysometimesrefertothePwCnetwork.
Eachmemberfirmisaseparatelegalentity.
Pleaseseewww.
pwc.
com/structureforfurtherdetails.
pwc.
comCOSOChangesandtheimpactonICFRApresentationtothePugetSoundChapteroftheIIAJanuary14,2014PwCAgendaIntroductionsCurrentTrendsImpactingSOXCOSO–What'sChangingWhat'sNotDeeperDriveonSelectedPrinciplesTransitioningICFRtothe2013FrameworkPCAOBActionsImpactingSOXManageCosts,DeliverValuefromSOXQuestions2January14,2014PwCCurrenttrendsimpactingSOX3January14,2014COSOUpdateDrivingFY'14SOXChangesPCAOBActionsManageCosts,DeliverValuePwCCOSO'sInternalControl-IntegratedFramework(2013)4January14,2014PwCWhyupdate1992frameworkDostakeholdersunderstandrequirementsofeffectiveinternalcontrol5January14,2014ChangesinthebusinessenvironmentChangesinsidethebusinessLackofclarityLackofunderstandingSource-COSO'ssurveyofusersandstakeholders,worldwide–JanuarytoSeptember20110%50%100%ControlActivitiesMonitoringControlEnvironmentInformation&…RiskAssessmentDifficulttointerpretSomewhatdifficulttointerpretModeratelyeasytointerpretGenerallyeasytointerpretEasytointerpretOnly50%thoughtitwasgenerallyeasytointerpretPwC2013Frameworkpreservescorestrengthsembeddedin1992Framework6January14,2014UpdatedCOSOCubeWhatisNotfundamentallychanging.
.
.
CoredefinitionofinternalcontrolThreecategoriesofobjectivesandfivecomponentsofinternalcontrolEachofthefivecomponentsofinternalcontrolarerequiredforeffectiveinternalcontrolImportantroleofjudgmentindesigning,implementingandconductinginternalcontrol,andinassessingitseffectivenessEntityStructureComponentsRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesprinciplesandpointsoffocus7January14,20142013COSOCube17PrinciplesPointsoffocusControls5ComponentsPointsoffocusdescribeimportantcharacteristicsofprinciplesPrinciplesarticulatefundamentalconceptsofcomponentsComponentsandPrinciplesarerequirementsforaneffectivesystemofinternalcontrolPointsofFocusandControlsaresubjecttomanagementjudgmentLegendRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesseventeenprinciplesforeffectiveinternalcontrol8January14,2014ControlEnvironment1.
Demonstratescommitmenttointegrityandethicalvalues2.
Exercisesoversightresponsibility3.
Establishesstructure,authorityandresponsibility4.
Demonstratescommitmenttocompetence5.
EnforcesaccountabilityRiskAssessment6.
Specifiessuitableobjectives7.
Identifiesandanalyzesrisk8.
Assessesfraudrisk9.
IdentifiesandanalyzessignificantchangeControlActivities10.
Selectsanddevelopscontrolactivities11.
Selectsanddevelopsgeneralcontrolsovertechnology12.
DeploysthroughpoliciesandproceduresInformation&Communication13.
Usesrelevantinformation14.
Communicatesinternally15.
CommunicatesexternallyMonitoringActivities16.
Conductsongoingand/orseparateevaluations17.
EvaluatesandcommunicatesdeficienciesPwC2013FrameworkclarifiesrequirementsforaneffectivesystemofinternalcontrolComponentsarepresentandfunctioningifeachrelevantprinciplesisdeterminedtobepresentandfunctioning(e.
g.
,nomaterialweaknessexists)Relevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemComponentsoperatetogetherwhen:ComponentsarepresentandfunctioningInternalcontroldeficienciesaggregatedacrosscomponentsdonotresultinthedeterminationthatoneormorematerialweaknessexist9January14,2014Aneffectivesystemofinternalcontrolrequires:EachofthefivecomponentsofinternalcontrolandrelevantprinciplesispresentandfunctioningThefivecomponentsareoperatingtogetherinanintegratedmannerPwCCOSOprinciples–Adeeperdive10January14,2014PwC2013FrameworkandICFR–PrinciplesRelevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemWhatcompaniesshoulddo:Documenthowthedesignofexistingcontrolsmapagainstthe17principles.
Remedypotentialdesigngapswhenexistingcontrolsarenotfullyadequate.
Testtheoperatingeffectivenessofanynewcontrolscomingintoscope11January14,2014PwC2013Frameworkdescribespointsoffocusforeachprinciple,e.
g.
12January14,2014Principle1DemonstratesCommitmenttoIntegrity…Principle2ExercisesOversightResponsibilityPrinciple3EstablishesStructuresAuthority,…ComponentControlEnvironmentSetsthetoneatthetopEstablishesstandardsofconductEvaluatesadherencetostandardsofconductAddressesdeviationsinatimelymannerEstablishesoversightresponsibilityAppliesrelevantexpertiseOperateindependentlyProvidesoversightforthesystemofinternalcontrolConsidersallstructuresoftheentityEstablishesreportinglinesDefines,assignsandlimitsauthoritiesandresponsibilitiesPrinciple4DemonstratesCommitmenttoCompetenceEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciplesPointsofFocusPwCPrinciplesandPointsofFocus,adeeperlook13January14,2014ComponentControlEnvironmentEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciple4DemonstratesCommitmenttoCompetenceTheorganizationdemonstratesacommitmenttoattract,develop,andretaincompetentindividualsinalignmentwithobjectives.
IndividualperformanceplansdefineexpectationsregardingICAllaccountingstaffattendannualupdatetrainingofnewaccountingpronouncementsControlExamplesPrinciplesPointsofFocusAnorganizationwithcomplexrevenueaccountingfailstomaintainadequatelytrainedCPAstooverseerevenueaccounting.
DeficiencyExamplesPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…14January14,2014Principle6SpecifiessuitableobjectivesPrinciple7IdentifiesandanalysesriskPrinciple8AssessesfraudriskComponentRiskAssessmentComplieswithapplicableaccountingstandardsConsidersmaterialityReflectsentityactivitiesIncludesentity,division,operatingunit,andfunctionsAnalyzesinternal/externalfactorsInvolvesappropriatelevelofmanagementEstimatessignificanceofrisksidentifiedDetermineshowtorespondtorisksConsidersvarioustypesoffraudAssessesincentiveandpressuresAssessesopportunitiesAssessesattitudesandrationalizationsPrinciple9IdentifiesandanalyzessignificantchangeAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipPrinciplesPointsofFocusPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…15January14,2014ComponentRiskAssessmentPointsofFocusPrinciple9:IdentifiesandAnalysesSignificantChangeTheorganizationidentifiesandassesseschangesthatcouldsignificantlyimpactthesystemofinternalcontrol.
PrinciplesAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipRiskassessmentsarerequiredforanysignificantchange,suchas:-InternationalExposure-SignificantAcquisitonCreateaninternalcontrolplanforanyexecutivetransitionControlExamplesThecompanyfailedtoupdatetheriskassessmentforchangesarisingfromtheChinaacquisition.
DeficiencyExamplesPwCTransitioningICFRto2013framework16January14,2014PwCTransitioningICFRto2013FrameworkCOSOdecidedtosupersedethe1992Frameworkattheendofthetransitionperiod(i.
e.
,December15,2014)"SECstaffplanstomonitorthetransitionforissuersusingthe1992frameworktoevaluatewhetherandifanystafforCommissionactionsbecomenecessaryorappropriateinthefuture.
However,atthistime,I'llsimplyreferusersoftheCOSOframeworktothestatementsCOSOhasmadeabouttheirnewframeworkandtheirthoughtsabouttransition.
"(PaulBeswick,S.
E.
C.
ChiefAccountant)TheSECstaffindicatedmorerecentlythatthelongerissuerscontinuetousethe1992framework,themorelikelytheyaretoreceivequestionsfromthestaffaboutwhethertheissuer'suseofthe1992frameworksatisfiestheSEC'srequirementtouseasuitable,recognizedframework,particularlyafterDecember15,2014whenCOSOwillconsiderthe1992frameworktohavebeensupersededbythe2013framework.
(CenterforAuditQuality'sSECRegulationsCommittee)17January14,2014PwCA404transitionplan(example)18January14,2014Four-phasesKeyActionsPhase1:EducateandCommunicateReview2013FrameworkandillustrativetoolsConducttrainingappropriateforboard/committeemembers,seniormanagement,managers,etc.
Developunderstandingofwhereprinciplesarerelevantattheentity(i.
e.
,corporate)andsubunits(divisions,subsidiaries,operatingunitsandfunctionallevels)Phase2:ConductPreliminaryAssessmentMap17principles(consideringpointsoffocus)toentitylevelcontrols(ELCs)ConsiderwhetherdifferencesincontrolsexistatsubunitsIdentifyanysignificant"gaps"indesignorSOXdocumentationofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"present")Phase3:CompleteAssessment&DevelopActionPlanPerformcomprehensiveassessmentandassesstheoperatingeffectivenessofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"functioning")AssessseverityofanyinternalcontroldeficienciesIdentifychangesincontrolsorSOXdocumentationnecessarytoremediatedeficienciesPhase4:ExecuteActionPlanRemediateinternalcontroldeficienciesofSOXdocumentation,asneededPwCPotentialimpactonICFRReactionsandresponseswilldifferdependingoncircumstancesIf1992FrameworkhasbeenthoroughlyappliedtocurrentICFR,thetransitionshouldnotresultinsignificantchangesorincrementaleffortPreliminaryassessment(i.
e.
,mappingprinciples,consideringpointsoffocus,tocontrols)mayreveal"gaps"indesignordocumentationofsomecontrols-Design—Controlsarenotdesignedtodemonstrateaprincipleispresent-Documentation—Controlsassociatedwiththeprincipleexist,buttheyarenotincludedintheSOXinternalcontroldocumentation19January14,2014PwCPotentialimpactonICFRFocusondesignofindirectentitylevelcontrols(ELCs)thataffectthe14principlesassociatedwiththe"softer"componentsofinternalcontrol.
IndirectELCshaveanimportant,butindirect,effectonthelikelihoodthatamisstatementwillbedetectedorpreventedonatimelybasis.
NoimpactexpectedondesignofdirectELCsandtransactionlevelcontrols(e.
g.
,threewaymatch,cashreconciliation)relatingtoControlActivities20January14,2014PwCPotentialimpactonICFRELCsoperatethroughouttheentireorganizationandoftenhaveapervasiveimpactoncontrols.
Forexample,thedesignofanindirectELCfocusedonassessingfinancialreportingriskscanbeconductedatthecorporateleveltoassessrisksrelatingtoallcomponentsoftheentity(i.
e.
,subunitlocations)oratindividualcomponentsDeterminingwhetheraprincipleispresentisamatterofmanagementjudgment.
AssessingthedesignofELCsinclude:-Component(s)oftheentitycoveredbythecontrolbeingevaluated-Objectiveofthecontrol-Whoperformsthecontrolwithnecessaryauthorityandcompetence-Frequencyofthecontrol'soperation-Specificproceduresthatareperformedtomeetthestatedobjective,includinganyinformationusedintheoperationofthecontrol21January14,2014PwCPotentialimpactonICFRBytakingafreshlookatthedesignofindirectELCs,managementmayidentifyopportunitiestore-designcontrolstoenhanceeffectivenessorefficiency22January14,2014PwCPotentialimpactonICFREvaluationofthethreeprinciplesrelatedtotheControlActivitiescomponentshouldbefocusedontheprocessforselecting,developinganddeployingcontrolactivitiesratherthanthedetailedcontrolactivitiesthemselves.
-Therefore,transitioningtothe2013Frameworkwillnotresultinanychangestoacompany'sriskandcontrolmatricesrelatingtotransactioncontrols(e.
g.
,threewaymatch,cashreconciliations,etc.
).
Themappingofprinciplestocontrolswillultimatelysupportthecompany'sdesignofthe"soft"componentsofinternalcontroloverfinancialreportinginaccordancewiththe2013Framework23January14,2014PwCPCAOBactionsimpactingSOX24January14,2014PwCPCAOBactionsimpactingSOXIncreasedfocusbyPCOABoninternalcontrolaspectsoftheIntegratedauditleadingtoincreasedPCAOBauditfindingsrelatedtointernalcontrol.
DocumentedininspectionreportsandtheActionAlert,datedOctober24th,2013.
DrivingchangesinexternalauditapproachtoICFR,increasedlevelsofdocumentation,changestocontroldesignandrequestsforadditionalevidence.
TheimpactonSOXteamsinsomesituationscanbesignificant.
25January14,2014PwCPCAOBareasofobservationSomeObservationsArecontrolsproperlydesignedandalignedtorisksTestingofmanagementreviewcontrolsEvidenceoversystemgenerateddataandreportsUseofworkofothersControlsover:-JournalEntries-Estimates,-Uniquetransactions,-Incometaxes26ImpacttoSOXTeamsIncreasedocumentationofend-to-endprocess,qualificationofcontrolperformers,andSODIncreaserigorofmanagementreviewcontrolsanddocumentationofpropercontrolexecution.
Enhancecontrolsoverspreadsheetsandotherend-userapplications.
Assistancewithtestingofkeyreports.
Criticalassessmentofcompetenceandobjectivity.
Lessrelianceonmanagementtesting.
Re-designofmanualandautomatedcontrolsoversensitiveareas.
January14,2014PwCHolisticApproachtoManageCosts,DeliverValue27ProcessLeanprocessframeworkappliedtocontrols,relateddocumentationandprojectmanagementprocessestoalignwithriskandstreamlineunnecessaryactivitiesIdentifyingcapabilitiestouseariskbasedtestingapproachtofocuseffortsonareaswithhighestriskoferrorandmisstatement.
StrategyEnsuresstakeholderalignmentaroundSOXprogramobjectivesandchangegoalsStructureCapturessynergiesbetweenSOXprogramsandexternalauditstodrivehighlevelsofexternalauditreliance.
PeopleUnderstandthetrainingandcontrolsknowledgeofthoseemployeesperformingkeycontrolsDeterminethemostcost-effectiveresourcesperformingworkwithlimitedvalue.
UnderstandtheexperienceandbackgroundofprogrammanagementrunningtheSOXprogram.
TechnologyEvaluateGRCplatforms,todeterminethattheyenableefficientworkflowsuchashand-offs,approvalsandmanagementreportingAutomatedcontrolsandcontinuousmonitoringareusedwherepossible,suchassegregationofduties,interfacebalancing,reconciliationsandtransactionmonitoring.
RequirementsMonitoringProgramManagementStrategyStakeholderAlignmentStructureSynergisticPeopleTrainedCostEffectiveExperiencedProcessLeanRiskBasedStreamlinedTechnologyAutomatedContinuousWorkflowQualityCompetent&ObjectiveJanuary14,2014PwCQuestions28January14,2014Thankyou.
.
.
2014PricewaterhouseCoopersLLP.
Allrightsreserved.
PwCreferstotheUnitedStatesmemberfirm,andmaysometimesrefertothePwCnetwork.
Eachmemberfirmisaseparatelegalentity.
Pleaseseewww.
pwc.
com/structureforfurtherdetails.
- potentialwww.pu811.com相关文档
- 天河www.pu811.com
- CIN1www.pu811.com
- suggestedwww.pu811.com
- torywww.pu811.com
- S2353www.pu811.com
- Analysiswww.pu811.com
Spinservers:美国圣何塞机房少量补货/双E5/64GB DDR4/2TB SSD/10Gbps端口月流量10TB/$111/月
Chia矿机,Spinservers怎么样?Spinservers好不好,Spinservers大硬盘服务器。Spinservers刚刚在美国圣何塞机房补货120台独立服务器,CPU都是双E5系列,64-512GB DDR4内存,超大SSD或NVMe存储,数量有限,机器都是预部署好的,下单即可上架,无需人工干预,有需要的朋友抓紧下单哦。Spinservers是Majestic Hosting So...
华为云年中聚惠618活动,新用户专区,云服务器低至88元/年,3年仅580.98元,热销抢购中,最后2天!
华为云怎么样?华为云用在线的方式将华为30多年在ICT基础设施领域的技术积累和产品解决方案开放给客户,致力于提供稳定可靠、安全可信、可持续创新的云服务,做智能世界的“黑土地”,推进实现“用得起、用得好、用得放心”的普惠AI。华为云作为底座,为华为全栈全场景AI战略提供强大的算力平台和更易用的开发平台。本次年终聚惠618活动相当给力,1核2G内存1m云耀云服务器仅88元/年起,送主机安全基础版套餐,...
UCloud 618活动:香港云服务器月付13元起;最高可购3年,AMD/Intel系列
ucloud6.18推出全球大促活动,针对新老用户(个人/企业)提供云服务器促销产品,其中最低配快杰云服务器月付5元起,中国香港快杰型云服务器月付13元起,最高可购3年,有AMD/Intel系列。当然这都是针对新用户的优惠。注意,UCloud全球有31个数据中心,29条专线,覆盖五大洲,基本上你想要的都能找到。注意:以上ucloud 618优惠都是新用户专享,老用户就随便看看!点击进入:uclou...
wwW.PU811.Com为你推荐
-
lunwenjiance论文检测,知网的是32.4%,改了以后,维普的是29.23%。如果再到知网查,会不会超过呢?曹谷兰曹谷兰事件 有吧友知道吗丑福晋八阿哥胤禩有几个福晋 都叫啥名儿呀百花百游“百花竟放贺阳春 万物从今尽转新 末数莫言穷运至 不知否极泰来临”是什么意思啊?seo优化工具SEO优化神器有什么比较好的?www.e12.com.cn上海高中除了四大名校,接下来哪所高中最好?顺便讲下它的各方面情况www.765.com下载小说地址抓站工具公司网站要备份,谁知道好用的网站抓取工具,能够抓取bbs论坛的。推荐一下,先谢过了!抓站工具仿站必备软件有哪些工具?最好好用的仿站工具是那个几个?sesehu.comwww.hu338.com 怎么看不到啊