potentialwww.pu811.com
wwW.PU811.Com 时间:2021-04-09 阅读:()
www.
pwc.
comCOSOChangesandtheimpactonICFRApresentationtothePugetSoundChapteroftheIIAJanuary14,2014PwCAgendaIntroductionsCurrentTrendsImpactingSOXCOSO–What'sChangingWhat'sNotDeeperDriveonSelectedPrinciplesTransitioningICFRtothe2013FrameworkPCAOBActionsImpactingSOXManageCosts,DeliverValuefromSOXQuestions2January14,2014PwCCurrenttrendsimpactingSOX3January14,2014COSOUpdateDrivingFY'14SOXChangesPCAOBActionsManageCosts,DeliverValuePwCCOSO'sInternalControl-IntegratedFramework(2013)4January14,2014PwCWhyupdate1992frameworkDostakeholdersunderstandrequirementsofeffectiveinternalcontrol5January14,2014ChangesinthebusinessenvironmentChangesinsidethebusinessLackofclarityLackofunderstandingSource-COSO'ssurveyofusersandstakeholders,worldwide–JanuarytoSeptember20110%50%100%ControlActivitiesMonitoringControlEnvironmentInformation&…RiskAssessmentDifficulttointerpretSomewhatdifficulttointerpretModeratelyeasytointerpretGenerallyeasytointerpretEasytointerpretOnly50%thoughtitwasgenerallyeasytointerpretPwC2013Frameworkpreservescorestrengthsembeddedin1992Framework6January14,2014UpdatedCOSOCubeWhatisNotfundamentallychanging.
.
.
CoredefinitionofinternalcontrolThreecategoriesofobjectivesandfivecomponentsofinternalcontrolEachofthefivecomponentsofinternalcontrolarerequiredforeffectiveinternalcontrolImportantroleofjudgmentindesigning,implementingandconductinginternalcontrol,andinassessingitseffectivenessEntityStructureComponentsRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesprinciplesandpointsoffocus7January14,20142013COSOCube17PrinciplesPointsoffocusControls5ComponentsPointsoffocusdescribeimportantcharacteristicsofprinciplesPrinciplesarticulatefundamentalconceptsofcomponentsComponentsandPrinciplesarerequirementsforaneffectivesystemofinternalcontrolPointsofFocusandControlsaresubjecttomanagementjudgmentLegendRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesseventeenprinciplesforeffectiveinternalcontrol8January14,2014ControlEnvironment1.
Demonstratescommitmenttointegrityandethicalvalues2.
Exercisesoversightresponsibility3.
Establishesstructure,authorityandresponsibility4.
Demonstratescommitmenttocompetence5.
EnforcesaccountabilityRiskAssessment6.
Specifiessuitableobjectives7.
Identifiesandanalyzesrisk8.
Assessesfraudrisk9.
IdentifiesandanalyzessignificantchangeControlActivities10.
Selectsanddevelopscontrolactivities11.
Selectsanddevelopsgeneralcontrolsovertechnology12.
DeploysthroughpoliciesandproceduresInformation&Communication13.
Usesrelevantinformation14.
Communicatesinternally15.
CommunicatesexternallyMonitoringActivities16.
Conductsongoingand/orseparateevaluations17.
EvaluatesandcommunicatesdeficienciesPwC2013FrameworkclarifiesrequirementsforaneffectivesystemofinternalcontrolComponentsarepresentandfunctioningifeachrelevantprinciplesisdeterminedtobepresentandfunctioning(e.
g.
,nomaterialweaknessexists)Relevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemComponentsoperatetogetherwhen:ComponentsarepresentandfunctioningInternalcontroldeficienciesaggregatedacrosscomponentsdonotresultinthedeterminationthatoneormorematerialweaknessexist9January14,2014Aneffectivesystemofinternalcontrolrequires:EachofthefivecomponentsofinternalcontrolandrelevantprinciplesispresentandfunctioningThefivecomponentsareoperatingtogetherinanintegratedmannerPwCCOSOprinciples–Adeeperdive10January14,2014PwC2013FrameworkandICFR–PrinciplesRelevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemWhatcompaniesshoulddo:Documenthowthedesignofexistingcontrolsmapagainstthe17principles.
Remedypotentialdesigngapswhenexistingcontrolsarenotfullyadequate.
Testtheoperatingeffectivenessofanynewcontrolscomingintoscope11January14,2014PwC2013Frameworkdescribespointsoffocusforeachprinciple,e.
g.
12January14,2014Principle1DemonstratesCommitmenttoIntegrity…Principle2ExercisesOversightResponsibilityPrinciple3EstablishesStructuresAuthority,…ComponentControlEnvironmentSetsthetoneatthetopEstablishesstandardsofconductEvaluatesadherencetostandardsofconductAddressesdeviationsinatimelymannerEstablishesoversightresponsibilityAppliesrelevantexpertiseOperateindependentlyProvidesoversightforthesystemofinternalcontrolConsidersallstructuresoftheentityEstablishesreportinglinesDefines,assignsandlimitsauthoritiesandresponsibilitiesPrinciple4DemonstratesCommitmenttoCompetenceEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciplesPointsofFocusPwCPrinciplesandPointsofFocus,adeeperlook13January14,2014ComponentControlEnvironmentEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciple4DemonstratesCommitmenttoCompetenceTheorganizationdemonstratesacommitmenttoattract,develop,andretaincompetentindividualsinalignmentwithobjectives.
IndividualperformanceplansdefineexpectationsregardingICAllaccountingstaffattendannualupdatetrainingofnewaccountingpronouncementsControlExamplesPrinciplesPointsofFocusAnorganizationwithcomplexrevenueaccountingfailstomaintainadequatelytrainedCPAstooverseerevenueaccounting.
DeficiencyExamplesPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…14January14,2014Principle6SpecifiessuitableobjectivesPrinciple7IdentifiesandanalysesriskPrinciple8AssessesfraudriskComponentRiskAssessmentComplieswithapplicableaccountingstandardsConsidersmaterialityReflectsentityactivitiesIncludesentity,division,operatingunit,andfunctionsAnalyzesinternal/externalfactorsInvolvesappropriatelevelofmanagementEstimatessignificanceofrisksidentifiedDetermineshowtorespondtorisksConsidersvarioustypesoffraudAssessesincentiveandpressuresAssessesopportunitiesAssessesattitudesandrationalizationsPrinciple9IdentifiesandanalyzessignificantchangeAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipPrinciplesPointsofFocusPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…15January14,2014ComponentRiskAssessmentPointsofFocusPrinciple9:IdentifiesandAnalysesSignificantChangeTheorganizationidentifiesandassesseschangesthatcouldsignificantlyimpactthesystemofinternalcontrol.
PrinciplesAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipRiskassessmentsarerequiredforanysignificantchange,suchas:-InternationalExposure-SignificantAcquisitonCreateaninternalcontrolplanforanyexecutivetransitionControlExamplesThecompanyfailedtoupdatetheriskassessmentforchangesarisingfromtheChinaacquisition.
DeficiencyExamplesPwCTransitioningICFRto2013framework16January14,2014PwCTransitioningICFRto2013FrameworkCOSOdecidedtosupersedethe1992Frameworkattheendofthetransitionperiod(i.
e.
,December15,2014)"SECstaffplanstomonitorthetransitionforissuersusingthe1992frameworktoevaluatewhetherandifanystafforCommissionactionsbecomenecessaryorappropriateinthefuture.
However,atthistime,I'llsimplyreferusersoftheCOSOframeworktothestatementsCOSOhasmadeabouttheirnewframeworkandtheirthoughtsabouttransition.
"(PaulBeswick,S.
E.
C.
ChiefAccountant)TheSECstaffindicatedmorerecentlythatthelongerissuerscontinuetousethe1992framework,themorelikelytheyaretoreceivequestionsfromthestaffaboutwhethertheissuer'suseofthe1992frameworksatisfiestheSEC'srequirementtouseasuitable,recognizedframework,particularlyafterDecember15,2014whenCOSOwillconsiderthe1992frameworktohavebeensupersededbythe2013framework.
(CenterforAuditQuality'sSECRegulationsCommittee)17January14,2014PwCA404transitionplan(example)18January14,2014Four-phasesKeyActionsPhase1:EducateandCommunicateReview2013FrameworkandillustrativetoolsConducttrainingappropriateforboard/committeemembers,seniormanagement,managers,etc.
Developunderstandingofwhereprinciplesarerelevantattheentity(i.
e.
,corporate)andsubunits(divisions,subsidiaries,operatingunitsandfunctionallevels)Phase2:ConductPreliminaryAssessmentMap17principles(consideringpointsoffocus)toentitylevelcontrols(ELCs)ConsiderwhetherdifferencesincontrolsexistatsubunitsIdentifyanysignificant"gaps"indesignorSOXdocumentationofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"present")Phase3:CompleteAssessment&DevelopActionPlanPerformcomprehensiveassessmentandassesstheoperatingeffectivenessofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"functioning")AssessseverityofanyinternalcontroldeficienciesIdentifychangesincontrolsorSOXdocumentationnecessarytoremediatedeficienciesPhase4:ExecuteActionPlanRemediateinternalcontroldeficienciesofSOXdocumentation,asneededPwCPotentialimpactonICFRReactionsandresponseswilldifferdependingoncircumstancesIf1992FrameworkhasbeenthoroughlyappliedtocurrentICFR,thetransitionshouldnotresultinsignificantchangesorincrementaleffortPreliminaryassessment(i.
e.
,mappingprinciples,consideringpointsoffocus,tocontrols)mayreveal"gaps"indesignordocumentationofsomecontrols-Design—Controlsarenotdesignedtodemonstrateaprincipleispresent-Documentation—Controlsassociatedwiththeprincipleexist,buttheyarenotincludedintheSOXinternalcontroldocumentation19January14,2014PwCPotentialimpactonICFRFocusondesignofindirectentitylevelcontrols(ELCs)thataffectthe14principlesassociatedwiththe"softer"componentsofinternalcontrol.
IndirectELCshaveanimportant,butindirect,effectonthelikelihoodthatamisstatementwillbedetectedorpreventedonatimelybasis.
NoimpactexpectedondesignofdirectELCsandtransactionlevelcontrols(e.
g.
,threewaymatch,cashreconciliation)relatingtoControlActivities20January14,2014PwCPotentialimpactonICFRELCsoperatethroughouttheentireorganizationandoftenhaveapervasiveimpactoncontrols.
Forexample,thedesignofanindirectELCfocusedonassessingfinancialreportingriskscanbeconductedatthecorporateleveltoassessrisksrelatingtoallcomponentsoftheentity(i.
e.
,subunitlocations)oratindividualcomponentsDeterminingwhetheraprincipleispresentisamatterofmanagementjudgment.
AssessingthedesignofELCsinclude:-Component(s)oftheentitycoveredbythecontrolbeingevaluated-Objectiveofthecontrol-Whoperformsthecontrolwithnecessaryauthorityandcompetence-Frequencyofthecontrol'soperation-Specificproceduresthatareperformedtomeetthestatedobjective,includinganyinformationusedintheoperationofthecontrol21January14,2014PwCPotentialimpactonICFRBytakingafreshlookatthedesignofindirectELCs,managementmayidentifyopportunitiestore-designcontrolstoenhanceeffectivenessorefficiency22January14,2014PwCPotentialimpactonICFREvaluationofthethreeprinciplesrelatedtotheControlActivitiescomponentshouldbefocusedontheprocessforselecting,developinganddeployingcontrolactivitiesratherthanthedetailedcontrolactivitiesthemselves.
-Therefore,transitioningtothe2013Frameworkwillnotresultinanychangestoacompany'sriskandcontrolmatricesrelatingtotransactioncontrols(e.
g.
,threewaymatch,cashreconciliations,etc.
).
Themappingofprinciplestocontrolswillultimatelysupportthecompany'sdesignofthe"soft"componentsofinternalcontroloverfinancialreportinginaccordancewiththe2013Framework23January14,2014PwCPCAOBactionsimpactingSOX24January14,2014PwCPCAOBactionsimpactingSOXIncreasedfocusbyPCOABoninternalcontrolaspectsoftheIntegratedauditleadingtoincreasedPCAOBauditfindingsrelatedtointernalcontrol.
DocumentedininspectionreportsandtheActionAlert,datedOctober24th,2013.
DrivingchangesinexternalauditapproachtoICFR,increasedlevelsofdocumentation,changestocontroldesignandrequestsforadditionalevidence.
TheimpactonSOXteamsinsomesituationscanbesignificant.
25January14,2014PwCPCAOBareasofobservationSomeObservationsArecontrolsproperlydesignedandalignedtorisksTestingofmanagementreviewcontrolsEvidenceoversystemgenerateddataandreportsUseofworkofothersControlsover:-JournalEntries-Estimates,-Uniquetransactions,-Incometaxes26ImpacttoSOXTeamsIncreasedocumentationofend-to-endprocess,qualificationofcontrolperformers,andSODIncreaserigorofmanagementreviewcontrolsanddocumentationofpropercontrolexecution.
Enhancecontrolsoverspreadsheetsandotherend-userapplications.
Assistancewithtestingofkeyreports.
Criticalassessmentofcompetenceandobjectivity.
Lessrelianceonmanagementtesting.
Re-designofmanualandautomatedcontrolsoversensitiveareas.
January14,2014PwCHolisticApproachtoManageCosts,DeliverValue27ProcessLeanprocessframeworkappliedtocontrols,relateddocumentationandprojectmanagementprocessestoalignwithriskandstreamlineunnecessaryactivitiesIdentifyingcapabilitiestouseariskbasedtestingapproachtofocuseffortsonareaswithhighestriskoferrorandmisstatement.
StrategyEnsuresstakeholderalignmentaroundSOXprogramobjectivesandchangegoalsStructureCapturessynergiesbetweenSOXprogramsandexternalauditstodrivehighlevelsofexternalauditreliance.
PeopleUnderstandthetrainingandcontrolsknowledgeofthoseemployeesperformingkeycontrolsDeterminethemostcost-effectiveresourcesperformingworkwithlimitedvalue.
UnderstandtheexperienceandbackgroundofprogrammanagementrunningtheSOXprogram.
TechnologyEvaluateGRCplatforms,todeterminethattheyenableefficientworkflowsuchashand-offs,approvalsandmanagementreportingAutomatedcontrolsandcontinuousmonitoringareusedwherepossible,suchassegregationofduties,interfacebalancing,reconciliationsandtransactionmonitoring.
RequirementsMonitoringProgramManagementStrategyStakeholderAlignmentStructureSynergisticPeopleTrainedCostEffectiveExperiencedProcessLeanRiskBasedStreamlinedTechnologyAutomatedContinuousWorkflowQualityCompetent&ObjectiveJanuary14,2014PwCQuestions28January14,2014Thankyou.
.
.
2014PricewaterhouseCoopersLLP.
Allrightsreserved.
PwCreferstotheUnitedStatesmemberfirm,andmaysometimesrefertothePwCnetwork.
Eachmemberfirmisaseparatelegalentity.
Pleaseseewww.
pwc.
com/structureforfurtherdetails.
pwc.
comCOSOChangesandtheimpactonICFRApresentationtothePugetSoundChapteroftheIIAJanuary14,2014PwCAgendaIntroductionsCurrentTrendsImpactingSOXCOSO–What'sChangingWhat'sNotDeeperDriveonSelectedPrinciplesTransitioningICFRtothe2013FrameworkPCAOBActionsImpactingSOXManageCosts,DeliverValuefromSOXQuestions2January14,2014PwCCurrenttrendsimpactingSOX3January14,2014COSOUpdateDrivingFY'14SOXChangesPCAOBActionsManageCosts,DeliverValuePwCCOSO'sInternalControl-IntegratedFramework(2013)4January14,2014PwCWhyupdate1992frameworkDostakeholdersunderstandrequirementsofeffectiveinternalcontrol5January14,2014ChangesinthebusinessenvironmentChangesinsidethebusinessLackofclarityLackofunderstandingSource-COSO'ssurveyofusersandstakeholders,worldwide–JanuarytoSeptember20110%50%100%ControlActivitiesMonitoringControlEnvironmentInformation&…RiskAssessmentDifficulttointerpretSomewhatdifficulttointerpretModeratelyeasytointerpretGenerallyeasytointerpretEasytointerpretOnly50%thoughtitwasgenerallyeasytointerpretPwC2013Frameworkpreservescorestrengthsembeddedin1992Framework6January14,2014UpdatedCOSOCubeWhatisNotfundamentallychanging.
.
.
CoredefinitionofinternalcontrolThreecategoriesofobjectivesandfivecomponentsofinternalcontrolEachofthefivecomponentsofinternalcontrolarerequiredforeffectiveinternalcontrolImportantroleofjudgmentindesigning,implementingandconductinginternalcontrol,andinassessingitseffectivenessEntityStructureComponentsRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesprinciplesandpointsoffocus7January14,20142013COSOCube17PrinciplesPointsoffocusControls5ComponentsPointsoffocusdescribeimportantcharacteristicsofprinciplesPrinciplesarticulatefundamentalconceptsofcomponentsComponentsandPrinciplesarerequirementsforaneffectivesystemofinternalcontrolPointsofFocusandControlsaresubjecttomanagementjudgmentLegendRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesseventeenprinciplesforeffectiveinternalcontrol8January14,2014ControlEnvironment1.
Demonstratescommitmenttointegrityandethicalvalues2.
Exercisesoversightresponsibility3.
Establishesstructure,authorityandresponsibility4.
Demonstratescommitmenttocompetence5.
EnforcesaccountabilityRiskAssessment6.
Specifiessuitableobjectives7.
Identifiesandanalyzesrisk8.
Assessesfraudrisk9.
IdentifiesandanalyzessignificantchangeControlActivities10.
Selectsanddevelopscontrolactivities11.
Selectsanddevelopsgeneralcontrolsovertechnology12.
DeploysthroughpoliciesandproceduresInformation&Communication13.
Usesrelevantinformation14.
Communicatesinternally15.
CommunicatesexternallyMonitoringActivities16.
Conductsongoingand/orseparateevaluations17.
EvaluatesandcommunicatesdeficienciesPwC2013FrameworkclarifiesrequirementsforaneffectivesystemofinternalcontrolComponentsarepresentandfunctioningifeachrelevantprinciplesisdeterminedtobepresentandfunctioning(e.
g.
,nomaterialweaknessexists)Relevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemComponentsoperatetogetherwhen:ComponentsarepresentandfunctioningInternalcontroldeficienciesaggregatedacrosscomponentsdonotresultinthedeterminationthatoneormorematerialweaknessexist9January14,2014Aneffectivesystemofinternalcontrolrequires:EachofthefivecomponentsofinternalcontrolandrelevantprinciplesispresentandfunctioningThefivecomponentsareoperatingtogetherinanintegratedmannerPwCCOSOprinciples–Adeeperdive10January14,2014PwC2013FrameworkandICFR–PrinciplesRelevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemWhatcompaniesshoulddo:Documenthowthedesignofexistingcontrolsmapagainstthe17principles.
Remedypotentialdesigngapswhenexistingcontrolsarenotfullyadequate.
Testtheoperatingeffectivenessofanynewcontrolscomingintoscope11January14,2014PwC2013Frameworkdescribespointsoffocusforeachprinciple,e.
g.
12January14,2014Principle1DemonstratesCommitmenttoIntegrity…Principle2ExercisesOversightResponsibilityPrinciple3EstablishesStructuresAuthority,…ComponentControlEnvironmentSetsthetoneatthetopEstablishesstandardsofconductEvaluatesadherencetostandardsofconductAddressesdeviationsinatimelymannerEstablishesoversightresponsibilityAppliesrelevantexpertiseOperateindependentlyProvidesoversightforthesystemofinternalcontrolConsidersallstructuresoftheentityEstablishesreportinglinesDefines,assignsandlimitsauthoritiesandresponsibilitiesPrinciple4DemonstratesCommitmenttoCompetenceEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciplesPointsofFocusPwCPrinciplesandPointsofFocus,adeeperlook13January14,2014ComponentControlEnvironmentEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciple4DemonstratesCommitmenttoCompetenceTheorganizationdemonstratesacommitmenttoattract,develop,andretaincompetentindividualsinalignmentwithobjectives.
IndividualperformanceplansdefineexpectationsregardingICAllaccountingstaffattendannualupdatetrainingofnewaccountingpronouncementsControlExamplesPrinciplesPointsofFocusAnorganizationwithcomplexrevenueaccountingfailstomaintainadequatelytrainedCPAstooverseerevenueaccounting.
DeficiencyExamplesPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…14January14,2014Principle6SpecifiessuitableobjectivesPrinciple7IdentifiesandanalysesriskPrinciple8AssessesfraudriskComponentRiskAssessmentComplieswithapplicableaccountingstandardsConsidersmaterialityReflectsentityactivitiesIncludesentity,division,operatingunit,andfunctionsAnalyzesinternal/externalfactorsInvolvesappropriatelevelofmanagementEstimatessignificanceofrisksidentifiedDetermineshowtorespondtorisksConsidersvarioustypesoffraudAssessesincentiveandpressuresAssessesopportunitiesAssessesattitudesandrationalizationsPrinciple9IdentifiesandanalyzessignificantchangeAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipPrinciplesPointsofFocusPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…15January14,2014ComponentRiskAssessmentPointsofFocusPrinciple9:IdentifiesandAnalysesSignificantChangeTheorganizationidentifiesandassesseschangesthatcouldsignificantlyimpactthesystemofinternalcontrol.
PrinciplesAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipRiskassessmentsarerequiredforanysignificantchange,suchas:-InternationalExposure-SignificantAcquisitonCreateaninternalcontrolplanforanyexecutivetransitionControlExamplesThecompanyfailedtoupdatetheriskassessmentforchangesarisingfromtheChinaacquisition.
DeficiencyExamplesPwCTransitioningICFRto2013framework16January14,2014PwCTransitioningICFRto2013FrameworkCOSOdecidedtosupersedethe1992Frameworkattheendofthetransitionperiod(i.
e.
,December15,2014)"SECstaffplanstomonitorthetransitionforissuersusingthe1992frameworktoevaluatewhetherandifanystafforCommissionactionsbecomenecessaryorappropriateinthefuture.
However,atthistime,I'llsimplyreferusersoftheCOSOframeworktothestatementsCOSOhasmadeabouttheirnewframeworkandtheirthoughtsabouttransition.
"(PaulBeswick,S.
E.
C.
ChiefAccountant)TheSECstaffindicatedmorerecentlythatthelongerissuerscontinuetousethe1992framework,themorelikelytheyaretoreceivequestionsfromthestaffaboutwhethertheissuer'suseofthe1992frameworksatisfiestheSEC'srequirementtouseasuitable,recognizedframework,particularlyafterDecember15,2014whenCOSOwillconsiderthe1992frameworktohavebeensupersededbythe2013framework.
(CenterforAuditQuality'sSECRegulationsCommittee)17January14,2014PwCA404transitionplan(example)18January14,2014Four-phasesKeyActionsPhase1:EducateandCommunicateReview2013FrameworkandillustrativetoolsConducttrainingappropriateforboard/committeemembers,seniormanagement,managers,etc.
Developunderstandingofwhereprinciplesarerelevantattheentity(i.
e.
,corporate)andsubunits(divisions,subsidiaries,operatingunitsandfunctionallevels)Phase2:ConductPreliminaryAssessmentMap17principles(consideringpointsoffocus)toentitylevelcontrols(ELCs)ConsiderwhetherdifferencesincontrolsexistatsubunitsIdentifyanysignificant"gaps"indesignorSOXdocumentationofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"present")Phase3:CompleteAssessment&DevelopActionPlanPerformcomprehensiveassessmentandassesstheoperatingeffectivenessofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"functioning")AssessseverityofanyinternalcontroldeficienciesIdentifychangesincontrolsorSOXdocumentationnecessarytoremediatedeficienciesPhase4:ExecuteActionPlanRemediateinternalcontroldeficienciesofSOXdocumentation,asneededPwCPotentialimpactonICFRReactionsandresponseswilldifferdependingoncircumstancesIf1992FrameworkhasbeenthoroughlyappliedtocurrentICFR,thetransitionshouldnotresultinsignificantchangesorincrementaleffortPreliminaryassessment(i.
e.
,mappingprinciples,consideringpointsoffocus,tocontrols)mayreveal"gaps"indesignordocumentationofsomecontrols-Design—Controlsarenotdesignedtodemonstrateaprincipleispresent-Documentation—Controlsassociatedwiththeprincipleexist,buttheyarenotincludedintheSOXinternalcontroldocumentation19January14,2014PwCPotentialimpactonICFRFocusondesignofindirectentitylevelcontrols(ELCs)thataffectthe14principlesassociatedwiththe"softer"componentsofinternalcontrol.
IndirectELCshaveanimportant,butindirect,effectonthelikelihoodthatamisstatementwillbedetectedorpreventedonatimelybasis.
NoimpactexpectedondesignofdirectELCsandtransactionlevelcontrols(e.
g.
,threewaymatch,cashreconciliation)relatingtoControlActivities20January14,2014PwCPotentialimpactonICFRELCsoperatethroughouttheentireorganizationandoftenhaveapervasiveimpactoncontrols.
Forexample,thedesignofanindirectELCfocusedonassessingfinancialreportingriskscanbeconductedatthecorporateleveltoassessrisksrelatingtoallcomponentsoftheentity(i.
e.
,subunitlocations)oratindividualcomponentsDeterminingwhetheraprincipleispresentisamatterofmanagementjudgment.
AssessingthedesignofELCsinclude:-Component(s)oftheentitycoveredbythecontrolbeingevaluated-Objectiveofthecontrol-Whoperformsthecontrolwithnecessaryauthorityandcompetence-Frequencyofthecontrol'soperation-Specificproceduresthatareperformedtomeetthestatedobjective,includinganyinformationusedintheoperationofthecontrol21January14,2014PwCPotentialimpactonICFRBytakingafreshlookatthedesignofindirectELCs,managementmayidentifyopportunitiestore-designcontrolstoenhanceeffectivenessorefficiency22January14,2014PwCPotentialimpactonICFREvaluationofthethreeprinciplesrelatedtotheControlActivitiescomponentshouldbefocusedontheprocessforselecting,developinganddeployingcontrolactivitiesratherthanthedetailedcontrolactivitiesthemselves.
-Therefore,transitioningtothe2013Frameworkwillnotresultinanychangestoacompany'sriskandcontrolmatricesrelatingtotransactioncontrols(e.
g.
,threewaymatch,cashreconciliations,etc.
).
Themappingofprinciplestocontrolswillultimatelysupportthecompany'sdesignofthe"soft"componentsofinternalcontroloverfinancialreportinginaccordancewiththe2013Framework23January14,2014PwCPCAOBactionsimpactingSOX24January14,2014PwCPCAOBactionsimpactingSOXIncreasedfocusbyPCOABoninternalcontrolaspectsoftheIntegratedauditleadingtoincreasedPCAOBauditfindingsrelatedtointernalcontrol.
DocumentedininspectionreportsandtheActionAlert,datedOctober24th,2013.
DrivingchangesinexternalauditapproachtoICFR,increasedlevelsofdocumentation,changestocontroldesignandrequestsforadditionalevidence.
TheimpactonSOXteamsinsomesituationscanbesignificant.
25January14,2014PwCPCAOBareasofobservationSomeObservationsArecontrolsproperlydesignedandalignedtorisksTestingofmanagementreviewcontrolsEvidenceoversystemgenerateddataandreportsUseofworkofothersControlsover:-JournalEntries-Estimates,-Uniquetransactions,-Incometaxes26ImpacttoSOXTeamsIncreasedocumentationofend-to-endprocess,qualificationofcontrolperformers,andSODIncreaserigorofmanagementreviewcontrolsanddocumentationofpropercontrolexecution.
Enhancecontrolsoverspreadsheetsandotherend-userapplications.
Assistancewithtestingofkeyreports.
Criticalassessmentofcompetenceandobjectivity.
Lessrelianceonmanagementtesting.
Re-designofmanualandautomatedcontrolsoversensitiveareas.
January14,2014PwCHolisticApproachtoManageCosts,DeliverValue27ProcessLeanprocessframeworkappliedtocontrols,relateddocumentationandprojectmanagementprocessestoalignwithriskandstreamlineunnecessaryactivitiesIdentifyingcapabilitiestouseariskbasedtestingapproachtofocuseffortsonareaswithhighestriskoferrorandmisstatement.
StrategyEnsuresstakeholderalignmentaroundSOXprogramobjectivesandchangegoalsStructureCapturessynergiesbetweenSOXprogramsandexternalauditstodrivehighlevelsofexternalauditreliance.
PeopleUnderstandthetrainingandcontrolsknowledgeofthoseemployeesperformingkeycontrolsDeterminethemostcost-effectiveresourcesperformingworkwithlimitedvalue.
UnderstandtheexperienceandbackgroundofprogrammanagementrunningtheSOXprogram.
TechnologyEvaluateGRCplatforms,todeterminethattheyenableefficientworkflowsuchashand-offs,approvalsandmanagementreportingAutomatedcontrolsandcontinuousmonitoringareusedwherepossible,suchassegregationofduties,interfacebalancing,reconciliationsandtransactionmonitoring.
RequirementsMonitoringProgramManagementStrategyStakeholderAlignmentStructureSynergisticPeopleTrainedCostEffectiveExperiencedProcessLeanRiskBasedStreamlinedTechnologyAutomatedContinuousWorkflowQualityCompetent&ObjectiveJanuary14,2014PwCQuestions28January14,2014Thankyou.
.
.
2014PricewaterhouseCoopersLLP.
Allrightsreserved.
PwCreferstotheUnitedStatesmemberfirm,andmaysometimesrefertothePwCnetwork.
Eachmemberfirmisaseparatelegalentity.
Pleaseseewww.
pwc.
com/structureforfurtherdetails.
- potentialwww.pu811.com相关文档
- 天河www.pu811.com
- CIN1www.pu811.com
- suggestedwww.pu811.com
- torywww.pu811.com
- S2353www.pu811.com
- Analysiswww.pu811.com
ucloud香港服务器优惠活动:香港2核4G云服务器低至358元/年,968元/3年
ucloud香港服务器优惠降价活动开始了!此前,ucloud官方全球云大促活动的香港云服务器一度上涨至2核4G配置752元/年,2031元/3年。让很多想购买ucloud香港云服务器的新用户望而却步!不过,目前,ucloud官方下调了香港服务器价格,此前2核4G香港云服务器752元/年,现在降至358元/年,968元/3年,价格降了快一半了!UCloud活动路子和阿里云、腾讯云不同,活动一步到位,...
腾讯云轻量服务器老用户续费优惠和老用户复购活动
继阿里云服务商推出轻量服务器后,腾讯云这两年对于轻量服务器的推广力度还是比较大的。实际上对于我们大部分网友用户来说,轻量服务器对于我们网站和一般的业务来说是绝对够用的。反而有些时候轻量服务器的带宽比CVM云服务器够大,配置也够好,更有是价格也便宜,所以对于初期的网站业务来说轻量服务器是够用的。这几天UCLOUD优刻得香港服务器稳定性不佳,于是有网友也在考虑搬迁到腾讯云服务器商家,对于轻量服务器官方...
易探云330元/年,成都4核8G/200G硬盘/15M带宽,仅1888元/3年起
易探云服务器怎么样?易探云是国内一家云计算服务商家,致力香港云服务器、美国云服务器、国内外服务器租用及托管等互联网业务,目前主要地区为运作香港BGP、香港CN2、广东、北京、深圳等地区。目前,易探云推出的国内云服务器优惠活动,国内云服务器2核2G5M云服务器低至330元/年起;成都4核8G/200G硬盘/15M带宽,仅1888元/3年起!易探云便宜vps服务器配置推荐:易探云vps云主机,入门型云...
wwW.PU811.Com为你推荐
-
brandoff香港购物在哪里特朗普取消访问丹麦特朗普专机抵达日本安保警力情形如何?怎么查询商标想要知道一个商标是否被注册,在哪里查到的比较权威?梦之队官网史上最强的nba梦之队是哪一年同ip网站查询怎样查询一个ip绑了多少域名杰景新特我准备在网上买杰普特711RBES长笛,10700元,这价格合理吗?还有,这是纯银的吗,是国内组装的吗?丑福晋历史上真正的八福晋是什么样子的?seo优化工具SEO优化神器有什么比较好的?avtt4.comCOM1/COM3/COM4是什么意思??/斗城网女追男有多易?喜欢你,可我不知道你喜不喜欢我!!平安夜希望有他陪我过