potentialwww.pu811.com
wwW.PU811.Com 时间:2021-04-09 阅读:()
www.
pwc.
comCOSOChangesandtheimpactonICFRApresentationtothePugetSoundChapteroftheIIAJanuary14,2014PwCAgendaIntroductionsCurrentTrendsImpactingSOXCOSO–What'sChangingWhat'sNotDeeperDriveonSelectedPrinciplesTransitioningICFRtothe2013FrameworkPCAOBActionsImpactingSOXManageCosts,DeliverValuefromSOXQuestions2January14,2014PwCCurrenttrendsimpactingSOX3January14,2014COSOUpdateDrivingFY'14SOXChangesPCAOBActionsManageCosts,DeliverValuePwCCOSO'sInternalControl-IntegratedFramework(2013)4January14,2014PwCWhyupdate1992frameworkDostakeholdersunderstandrequirementsofeffectiveinternalcontrol5January14,2014ChangesinthebusinessenvironmentChangesinsidethebusinessLackofclarityLackofunderstandingSource-COSO'ssurveyofusersandstakeholders,worldwide–JanuarytoSeptember20110%50%100%ControlActivitiesMonitoringControlEnvironmentInformation&…RiskAssessmentDifficulttointerpretSomewhatdifficulttointerpretModeratelyeasytointerpretGenerallyeasytointerpretEasytointerpretOnly50%thoughtitwasgenerallyeasytointerpretPwC2013Frameworkpreservescorestrengthsembeddedin1992Framework6January14,2014UpdatedCOSOCubeWhatisNotfundamentallychanging.
.
.
CoredefinitionofinternalcontrolThreecategoriesofobjectivesandfivecomponentsofinternalcontrolEachofthefivecomponentsofinternalcontrolarerequiredforeffectiveinternalcontrolImportantroleofjudgmentindesigning,implementingandconductinginternalcontrol,andinassessingitseffectivenessEntityStructureComponentsRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesprinciplesandpointsoffocus7January14,20142013COSOCube17PrinciplesPointsoffocusControls5ComponentsPointsoffocusdescribeimportantcharacteristicsofprinciplesPrinciplesarticulatefundamentalconceptsofcomponentsComponentsandPrinciplesarerequirementsforaneffectivesystemofinternalcontrolPointsofFocusandControlsaresubjecttomanagementjudgmentLegendRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesseventeenprinciplesforeffectiveinternalcontrol8January14,2014ControlEnvironment1.
Demonstratescommitmenttointegrityandethicalvalues2.
Exercisesoversightresponsibility3.
Establishesstructure,authorityandresponsibility4.
Demonstratescommitmenttocompetence5.
EnforcesaccountabilityRiskAssessment6.
Specifiessuitableobjectives7.
Identifiesandanalyzesrisk8.
Assessesfraudrisk9.
IdentifiesandanalyzessignificantchangeControlActivities10.
Selectsanddevelopscontrolactivities11.
Selectsanddevelopsgeneralcontrolsovertechnology12.
DeploysthroughpoliciesandproceduresInformation&Communication13.
Usesrelevantinformation14.
Communicatesinternally15.
CommunicatesexternallyMonitoringActivities16.
Conductsongoingand/orseparateevaluations17.
EvaluatesandcommunicatesdeficienciesPwC2013FrameworkclarifiesrequirementsforaneffectivesystemofinternalcontrolComponentsarepresentandfunctioningifeachrelevantprinciplesisdeterminedtobepresentandfunctioning(e.
g.
,nomaterialweaknessexists)Relevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemComponentsoperatetogetherwhen:ComponentsarepresentandfunctioningInternalcontroldeficienciesaggregatedacrosscomponentsdonotresultinthedeterminationthatoneormorematerialweaknessexist9January14,2014Aneffectivesystemofinternalcontrolrequires:EachofthefivecomponentsofinternalcontrolandrelevantprinciplesispresentandfunctioningThefivecomponentsareoperatingtogetherinanintegratedmannerPwCCOSOprinciples–Adeeperdive10January14,2014PwC2013FrameworkandICFR–PrinciplesRelevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemWhatcompaniesshoulddo:Documenthowthedesignofexistingcontrolsmapagainstthe17principles.
Remedypotentialdesigngapswhenexistingcontrolsarenotfullyadequate.
Testtheoperatingeffectivenessofanynewcontrolscomingintoscope11January14,2014PwC2013Frameworkdescribespointsoffocusforeachprinciple,e.
g.
12January14,2014Principle1DemonstratesCommitmenttoIntegrity…Principle2ExercisesOversightResponsibilityPrinciple3EstablishesStructuresAuthority,…ComponentControlEnvironmentSetsthetoneatthetopEstablishesstandardsofconductEvaluatesadherencetostandardsofconductAddressesdeviationsinatimelymannerEstablishesoversightresponsibilityAppliesrelevantexpertiseOperateindependentlyProvidesoversightforthesystemofinternalcontrolConsidersallstructuresoftheentityEstablishesreportinglinesDefines,assignsandlimitsauthoritiesandresponsibilitiesPrinciple4DemonstratesCommitmenttoCompetenceEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciplesPointsofFocusPwCPrinciplesandPointsofFocus,adeeperlook13January14,2014ComponentControlEnvironmentEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciple4DemonstratesCommitmenttoCompetenceTheorganizationdemonstratesacommitmenttoattract,develop,andretaincompetentindividualsinalignmentwithobjectives.
IndividualperformanceplansdefineexpectationsregardingICAllaccountingstaffattendannualupdatetrainingofnewaccountingpronouncementsControlExamplesPrinciplesPointsofFocusAnorganizationwithcomplexrevenueaccountingfailstomaintainadequatelytrainedCPAstooverseerevenueaccounting.
DeficiencyExamplesPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…14January14,2014Principle6SpecifiessuitableobjectivesPrinciple7IdentifiesandanalysesriskPrinciple8AssessesfraudriskComponentRiskAssessmentComplieswithapplicableaccountingstandardsConsidersmaterialityReflectsentityactivitiesIncludesentity,division,operatingunit,andfunctionsAnalyzesinternal/externalfactorsInvolvesappropriatelevelofmanagementEstimatessignificanceofrisksidentifiedDetermineshowtorespondtorisksConsidersvarioustypesoffraudAssessesincentiveandpressuresAssessesopportunitiesAssessesattitudesandrationalizationsPrinciple9IdentifiesandanalyzessignificantchangeAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipPrinciplesPointsofFocusPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…15January14,2014ComponentRiskAssessmentPointsofFocusPrinciple9:IdentifiesandAnalysesSignificantChangeTheorganizationidentifiesandassesseschangesthatcouldsignificantlyimpactthesystemofinternalcontrol.
PrinciplesAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipRiskassessmentsarerequiredforanysignificantchange,suchas:-InternationalExposure-SignificantAcquisitonCreateaninternalcontrolplanforanyexecutivetransitionControlExamplesThecompanyfailedtoupdatetheriskassessmentforchangesarisingfromtheChinaacquisition.
DeficiencyExamplesPwCTransitioningICFRto2013framework16January14,2014PwCTransitioningICFRto2013FrameworkCOSOdecidedtosupersedethe1992Frameworkattheendofthetransitionperiod(i.
e.
,December15,2014)"SECstaffplanstomonitorthetransitionforissuersusingthe1992frameworktoevaluatewhetherandifanystafforCommissionactionsbecomenecessaryorappropriateinthefuture.
However,atthistime,I'llsimplyreferusersoftheCOSOframeworktothestatementsCOSOhasmadeabouttheirnewframeworkandtheirthoughtsabouttransition.
"(PaulBeswick,S.
E.
C.
ChiefAccountant)TheSECstaffindicatedmorerecentlythatthelongerissuerscontinuetousethe1992framework,themorelikelytheyaretoreceivequestionsfromthestaffaboutwhethertheissuer'suseofthe1992frameworksatisfiestheSEC'srequirementtouseasuitable,recognizedframework,particularlyafterDecember15,2014whenCOSOwillconsiderthe1992frameworktohavebeensupersededbythe2013framework.
(CenterforAuditQuality'sSECRegulationsCommittee)17January14,2014PwCA404transitionplan(example)18January14,2014Four-phasesKeyActionsPhase1:EducateandCommunicateReview2013FrameworkandillustrativetoolsConducttrainingappropriateforboard/committeemembers,seniormanagement,managers,etc.
Developunderstandingofwhereprinciplesarerelevantattheentity(i.
e.
,corporate)andsubunits(divisions,subsidiaries,operatingunitsandfunctionallevels)Phase2:ConductPreliminaryAssessmentMap17principles(consideringpointsoffocus)toentitylevelcontrols(ELCs)ConsiderwhetherdifferencesincontrolsexistatsubunitsIdentifyanysignificant"gaps"indesignorSOXdocumentationofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"present")Phase3:CompleteAssessment&DevelopActionPlanPerformcomprehensiveassessmentandassesstheoperatingeffectivenessofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"functioning")AssessseverityofanyinternalcontroldeficienciesIdentifychangesincontrolsorSOXdocumentationnecessarytoremediatedeficienciesPhase4:ExecuteActionPlanRemediateinternalcontroldeficienciesofSOXdocumentation,asneededPwCPotentialimpactonICFRReactionsandresponseswilldifferdependingoncircumstancesIf1992FrameworkhasbeenthoroughlyappliedtocurrentICFR,thetransitionshouldnotresultinsignificantchangesorincrementaleffortPreliminaryassessment(i.
e.
,mappingprinciples,consideringpointsoffocus,tocontrols)mayreveal"gaps"indesignordocumentationofsomecontrols-Design—Controlsarenotdesignedtodemonstrateaprincipleispresent-Documentation—Controlsassociatedwiththeprincipleexist,buttheyarenotincludedintheSOXinternalcontroldocumentation19January14,2014PwCPotentialimpactonICFRFocusondesignofindirectentitylevelcontrols(ELCs)thataffectthe14principlesassociatedwiththe"softer"componentsofinternalcontrol.
IndirectELCshaveanimportant,butindirect,effectonthelikelihoodthatamisstatementwillbedetectedorpreventedonatimelybasis.
NoimpactexpectedondesignofdirectELCsandtransactionlevelcontrols(e.
g.
,threewaymatch,cashreconciliation)relatingtoControlActivities20January14,2014PwCPotentialimpactonICFRELCsoperatethroughouttheentireorganizationandoftenhaveapervasiveimpactoncontrols.
Forexample,thedesignofanindirectELCfocusedonassessingfinancialreportingriskscanbeconductedatthecorporateleveltoassessrisksrelatingtoallcomponentsoftheentity(i.
e.
,subunitlocations)oratindividualcomponentsDeterminingwhetheraprincipleispresentisamatterofmanagementjudgment.
AssessingthedesignofELCsinclude:-Component(s)oftheentitycoveredbythecontrolbeingevaluated-Objectiveofthecontrol-Whoperformsthecontrolwithnecessaryauthorityandcompetence-Frequencyofthecontrol'soperation-Specificproceduresthatareperformedtomeetthestatedobjective,includinganyinformationusedintheoperationofthecontrol21January14,2014PwCPotentialimpactonICFRBytakingafreshlookatthedesignofindirectELCs,managementmayidentifyopportunitiestore-designcontrolstoenhanceeffectivenessorefficiency22January14,2014PwCPotentialimpactonICFREvaluationofthethreeprinciplesrelatedtotheControlActivitiescomponentshouldbefocusedontheprocessforselecting,developinganddeployingcontrolactivitiesratherthanthedetailedcontrolactivitiesthemselves.
-Therefore,transitioningtothe2013Frameworkwillnotresultinanychangestoacompany'sriskandcontrolmatricesrelatingtotransactioncontrols(e.
g.
,threewaymatch,cashreconciliations,etc.
).
Themappingofprinciplestocontrolswillultimatelysupportthecompany'sdesignofthe"soft"componentsofinternalcontroloverfinancialreportinginaccordancewiththe2013Framework23January14,2014PwCPCAOBactionsimpactingSOX24January14,2014PwCPCAOBactionsimpactingSOXIncreasedfocusbyPCOABoninternalcontrolaspectsoftheIntegratedauditleadingtoincreasedPCAOBauditfindingsrelatedtointernalcontrol.
DocumentedininspectionreportsandtheActionAlert,datedOctober24th,2013.
DrivingchangesinexternalauditapproachtoICFR,increasedlevelsofdocumentation,changestocontroldesignandrequestsforadditionalevidence.
TheimpactonSOXteamsinsomesituationscanbesignificant.
25January14,2014PwCPCAOBareasofobservationSomeObservationsArecontrolsproperlydesignedandalignedtorisksTestingofmanagementreviewcontrolsEvidenceoversystemgenerateddataandreportsUseofworkofothersControlsover:-JournalEntries-Estimates,-Uniquetransactions,-Incometaxes26ImpacttoSOXTeamsIncreasedocumentationofend-to-endprocess,qualificationofcontrolperformers,andSODIncreaserigorofmanagementreviewcontrolsanddocumentationofpropercontrolexecution.
Enhancecontrolsoverspreadsheetsandotherend-userapplications.
Assistancewithtestingofkeyreports.
Criticalassessmentofcompetenceandobjectivity.
Lessrelianceonmanagementtesting.
Re-designofmanualandautomatedcontrolsoversensitiveareas.
January14,2014PwCHolisticApproachtoManageCosts,DeliverValue27ProcessLeanprocessframeworkappliedtocontrols,relateddocumentationandprojectmanagementprocessestoalignwithriskandstreamlineunnecessaryactivitiesIdentifyingcapabilitiestouseariskbasedtestingapproachtofocuseffortsonareaswithhighestriskoferrorandmisstatement.
StrategyEnsuresstakeholderalignmentaroundSOXprogramobjectivesandchangegoalsStructureCapturessynergiesbetweenSOXprogramsandexternalauditstodrivehighlevelsofexternalauditreliance.
PeopleUnderstandthetrainingandcontrolsknowledgeofthoseemployeesperformingkeycontrolsDeterminethemostcost-effectiveresourcesperformingworkwithlimitedvalue.
UnderstandtheexperienceandbackgroundofprogrammanagementrunningtheSOXprogram.
TechnologyEvaluateGRCplatforms,todeterminethattheyenableefficientworkflowsuchashand-offs,approvalsandmanagementreportingAutomatedcontrolsandcontinuousmonitoringareusedwherepossible,suchassegregationofduties,interfacebalancing,reconciliationsandtransactionmonitoring.
RequirementsMonitoringProgramManagementStrategyStakeholderAlignmentStructureSynergisticPeopleTrainedCostEffectiveExperiencedProcessLeanRiskBasedStreamlinedTechnologyAutomatedContinuousWorkflowQualityCompetent&ObjectiveJanuary14,2014PwCQuestions28January14,2014Thankyou.
.
.
2014PricewaterhouseCoopersLLP.
Allrightsreserved.
PwCreferstotheUnitedStatesmemberfirm,andmaysometimesrefertothePwCnetwork.
Eachmemberfirmisaseparatelegalentity.
Pleaseseewww.
pwc.
com/structureforfurtherdetails.
pwc.
comCOSOChangesandtheimpactonICFRApresentationtothePugetSoundChapteroftheIIAJanuary14,2014PwCAgendaIntroductionsCurrentTrendsImpactingSOXCOSO–What'sChangingWhat'sNotDeeperDriveonSelectedPrinciplesTransitioningICFRtothe2013FrameworkPCAOBActionsImpactingSOXManageCosts,DeliverValuefromSOXQuestions2January14,2014PwCCurrenttrendsimpactingSOX3January14,2014COSOUpdateDrivingFY'14SOXChangesPCAOBActionsManageCosts,DeliverValuePwCCOSO'sInternalControl-IntegratedFramework(2013)4January14,2014PwCWhyupdate1992frameworkDostakeholdersunderstandrequirementsofeffectiveinternalcontrol5January14,2014ChangesinthebusinessenvironmentChangesinsidethebusinessLackofclarityLackofunderstandingSource-COSO'ssurveyofusersandstakeholders,worldwide–JanuarytoSeptember20110%50%100%ControlActivitiesMonitoringControlEnvironmentInformation&…RiskAssessmentDifficulttointerpretSomewhatdifficulttointerpretModeratelyeasytointerpretGenerallyeasytointerpretEasytointerpretOnly50%thoughtitwasgenerallyeasytointerpretPwC2013Frameworkpreservescorestrengthsembeddedin1992Framework6January14,2014UpdatedCOSOCubeWhatisNotfundamentallychanging.
.
.
CoredefinitionofinternalcontrolThreecategoriesofobjectivesandfivecomponentsofinternalcontrolEachofthefivecomponentsofinternalcontrolarerequiredforeffectiveinternalcontrolImportantroleofjudgmentindesigning,implementingandconductinginternalcontrol,andinassessingitseffectivenessEntityStructureComponentsRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesprinciplesandpointsoffocus7January14,20142013COSOCube17PrinciplesPointsoffocusControls5ComponentsPointsoffocusdescribeimportantcharacteristicsofprinciplesPrinciplesarticulatefundamentalconceptsofcomponentsComponentsandPrinciplesarerequirementsforaneffectivesystemofinternalcontrolPointsofFocusandControlsaresubjecttomanagementjudgmentLegendRiskAssessmentControlEnvironmentControlActivitiesMonitoringActivitiesInformationandCommunicationPwC2013Frameworkarticulatesseventeenprinciplesforeffectiveinternalcontrol8January14,2014ControlEnvironment1.
Demonstratescommitmenttointegrityandethicalvalues2.
Exercisesoversightresponsibility3.
Establishesstructure,authorityandresponsibility4.
Demonstratescommitmenttocompetence5.
EnforcesaccountabilityRiskAssessment6.
Specifiessuitableobjectives7.
Identifiesandanalyzesrisk8.
Assessesfraudrisk9.
IdentifiesandanalyzessignificantchangeControlActivities10.
Selectsanddevelopscontrolactivities11.
Selectsanddevelopsgeneralcontrolsovertechnology12.
DeploysthroughpoliciesandproceduresInformation&Communication13.
Usesrelevantinformation14.
Communicatesinternally15.
CommunicatesexternallyMonitoringActivities16.
Conductsongoingand/orseparateevaluations17.
EvaluatesandcommunicatesdeficienciesPwC2013FrameworkclarifiesrequirementsforaneffectivesystemofinternalcontrolComponentsarepresentandfunctioningifeachrelevantprinciplesisdeterminedtobepresentandfunctioning(e.
g.
,nomaterialweaknessexists)Relevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemComponentsoperatetogetherwhen:ComponentsarepresentandfunctioningInternalcontroldeficienciesaggregatedacrosscomponentsdonotresultinthedeterminationthatoneormorematerialweaknessexist9January14,2014Aneffectivesystemofinternalcontrolrequires:EachofthefivecomponentsofinternalcontrolandrelevantprinciplesispresentandfunctioningThefivecomponentsareoperatingtogetherinanintegratedmannerPwCCOSOprinciples–Adeeperdive10January14,2014PwC2013FrameworkandICFR–PrinciplesRelevantprinciplesarepresentandfunctioningifpersuasiveevidenceexiststhatcontrolsareselected,developedanddeployedtoeffectthemWhatcompaniesshoulddo:Documenthowthedesignofexistingcontrolsmapagainstthe17principles.
Remedypotentialdesigngapswhenexistingcontrolsarenotfullyadequate.
Testtheoperatingeffectivenessofanynewcontrolscomingintoscope11January14,2014PwC2013Frameworkdescribespointsoffocusforeachprinciple,e.
g.
12January14,2014Principle1DemonstratesCommitmenttoIntegrity…Principle2ExercisesOversightResponsibilityPrinciple3EstablishesStructuresAuthority,…ComponentControlEnvironmentSetsthetoneatthetopEstablishesstandardsofconductEvaluatesadherencetostandardsofconductAddressesdeviationsinatimelymannerEstablishesoversightresponsibilityAppliesrelevantexpertiseOperateindependentlyProvidesoversightforthesystemofinternalcontrolConsidersallstructuresoftheentityEstablishesreportinglinesDefines,assignsandlimitsauthoritiesandresponsibilitiesPrinciple4DemonstratesCommitmenttoCompetenceEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciplesPointsofFocusPwCPrinciplesandPointsofFocus,adeeperlook13January14,2014ComponentControlEnvironmentEstablishespoliciesandpracticesEvaluatescompetenceandaddressesshortcomingsAttracts,develops,andretainsindividualsPlansandpreparesforsuccessionPrinciple4DemonstratesCommitmenttoCompetenceTheorganizationdemonstratesacommitmenttoattract,develop,andretaincompetentindividualsinalignmentwithobjectives.
IndividualperformanceplansdefineexpectationsregardingICAllaccountingstaffattendannualupdatetrainingofnewaccountingpronouncementsControlExamplesPrinciplesPointsofFocusAnorganizationwithcomplexrevenueaccountingfailstomaintainadequatelytrainedCPAstooverseerevenueaccounting.
DeficiencyExamplesPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…14January14,2014Principle6SpecifiessuitableobjectivesPrinciple7IdentifiesandanalysesriskPrinciple8AssessesfraudriskComponentRiskAssessmentComplieswithapplicableaccountingstandardsConsidersmaterialityReflectsentityactivitiesIncludesentity,division,operatingunit,andfunctionsAnalyzesinternal/externalfactorsInvolvesappropriatelevelofmanagementEstimatessignificanceofrisksidentifiedDetermineshowtorespondtorisksConsidersvarioustypesoffraudAssessesincentiveandpressuresAssessesopportunitiesAssessesattitudesandrationalizationsPrinciple9IdentifiesandanalyzessignificantchangeAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipPrinciplesPointsofFocusPwCPointsoffocusdescribeimportantcharacteristicsoftheprinciples,forexample…15January14,2014ComponentRiskAssessmentPointsofFocusPrinciple9:IdentifiesandAnalysesSignificantChangeTheorganizationidentifiesandassesseschangesthatcouldsignificantlyimpactthesystemofinternalcontrol.
PrinciplesAssesseschangesinexternalenvironmentAssesseschangesinbusinessmodelAssesseschangesinleadershipRiskassessmentsarerequiredforanysignificantchange,suchas:-InternationalExposure-SignificantAcquisitonCreateaninternalcontrolplanforanyexecutivetransitionControlExamplesThecompanyfailedtoupdatetheriskassessmentforchangesarisingfromtheChinaacquisition.
DeficiencyExamplesPwCTransitioningICFRto2013framework16January14,2014PwCTransitioningICFRto2013FrameworkCOSOdecidedtosupersedethe1992Frameworkattheendofthetransitionperiod(i.
e.
,December15,2014)"SECstaffplanstomonitorthetransitionforissuersusingthe1992frameworktoevaluatewhetherandifanystafforCommissionactionsbecomenecessaryorappropriateinthefuture.
However,atthistime,I'llsimplyreferusersoftheCOSOframeworktothestatementsCOSOhasmadeabouttheirnewframeworkandtheirthoughtsabouttransition.
"(PaulBeswick,S.
E.
C.
ChiefAccountant)TheSECstaffindicatedmorerecentlythatthelongerissuerscontinuetousethe1992framework,themorelikelytheyaretoreceivequestionsfromthestaffaboutwhethertheissuer'suseofthe1992frameworksatisfiestheSEC'srequirementtouseasuitable,recognizedframework,particularlyafterDecember15,2014whenCOSOwillconsiderthe1992frameworktohavebeensupersededbythe2013framework.
(CenterforAuditQuality'sSECRegulationsCommittee)17January14,2014PwCA404transitionplan(example)18January14,2014Four-phasesKeyActionsPhase1:EducateandCommunicateReview2013FrameworkandillustrativetoolsConducttrainingappropriateforboard/committeemembers,seniormanagement,managers,etc.
Developunderstandingofwhereprinciplesarerelevantattheentity(i.
e.
,corporate)andsubunits(divisions,subsidiaries,operatingunitsandfunctionallevels)Phase2:ConductPreliminaryAssessmentMap17principles(consideringpointsoffocus)toentitylevelcontrols(ELCs)ConsiderwhetherdifferencesincontrolsexistatsubunitsIdentifyanysignificant"gaps"indesignorSOXdocumentationofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"present")Phase3:CompleteAssessment&DevelopActionPlanPerformcomprehensiveassessmentandassesstheoperatingeffectivenessofcontrols(i.
e.
,assesswhethereachcomponentofinternalcontrolandprincipleis"functioning")AssessseverityofanyinternalcontroldeficienciesIdentifychangesincontrolsorSOXdocumentationnecessarytoremediatedeficienciesPhase4:ExecuteActionPlanRemediateinternalcontroldeficienciesofSOXdocumentation,asneededPwCPotentialimpactonICFRReactionsandresponseswilldifferdependingoncircumstancesIf1992FrameworkhasbeenthoroughlyappliedtocurrentICFR,thetransitionshouldnotresultinsignificantchangesorincrementaleffortPreliminaryassessment(i.
e.
,mappingprinciples,consideringpointsoffocus,tocontrols)mayreveal"gaps"indesignordocumentationofsomecontrols-Design—Controlsarenotdesignedtodemonstrateaprincipleispresent-Documentation—Controlsassociatedwiththeprincipleexist,buttheyarenotincludedintheSOXinternalcontroldocumentation19January14,2014PwCPotentialimpactonICFRFocusondesignofindirectentitylevelcontrols(ELCs)thataffectthe14principlesassociatedwiththe"softer"componentsofinternalcontrol.
IndirectELCshaveanimportant,butindirect,effectonthelikelihoodthatamisstatementwillbedetectedorpreventedonatimelybasis.
NoimpactexpectedondesignofdirectELCsandtransactionlevelcontrols(e.
g.
,threewaymatch,cashreconciliation)relatingtoControlActivities20January14,2014PwCPotentialimpactonICFRELCsoperatethroughouttheentireorganizationandoftenhaveapervasiveimpactoncontrols.
Forexample,thedesignofanindirectELCfocusedonassessingfinancialreportingriskscanbeconductedatthecorporateleveltoassessrisksrelatingtoallcomponentsoftheentity(i.
e.
,subunitlocations)oratindividualcomponentsDeterminingwhetheraprincipleispresentisamatterofmanagementjudgment.
AssessingthedesignofELCsinclude:-Component(s)oftheentitycoveredbythecontrolbeingevaluated-Objectiveofthecontrol-Whoperformsthecontrolwithnecessaryauthorityandcompetence-Frequencyofthecontrol'soperation-Specificproceduresthatareperformedtomeetthestatedobjective,includinganyinformationusedintheoperationofthecontrol21January14,2014PwCPotentialimpactonICFRBytakingafreshlookatthedesignofindirectELCs,managementmayidentifyopportunitiestore-designcontrolstoenhanceeffectivenessorefficiency22January14,2014PwCPotentialimpactonICFREvaluationofthethreeprinciplesrelatedtotheControlActivitiescomponentshouldbefocusedontheprocessforselecting,developinganddeployingcontrolactivitiesratherthanthedetailedcontrolactivitiesthemselves.
-Therefore,transitioningtothe2013Frameworkwillnotresultinanychangestoacompany'sriskandcontrolmatricesrelatingtotransactioncontrols(e.
g.
,threewaymatch,cashreconciliations,etc.
).
Themappingofprinciplestocontrolswillultimatelysupportthecompany'sdesignofthe"soft"componentsofinternalcontroloverfinancialreportinginaccordancewiththe2013Framework23January14,2014PwCPCAOBactionsimpactingSOX24January14,2014PwCPCAOBactionsimpactingSOXIncreasedfocusbyPCOABoninternalcontrolaspectsoftheIntegratedauditleadingtoincreasedPCAOBauditfindingsrelatedtointernalcontrol.
DocumentedininspectionreportsandtheActionAlert,datedOctober24th,2013.
DrivingchangesinexternalauditapproachtoICFR,increasedlevelsofdocumentation,changestocontroldesignandrequestsforadditionalevidence.
TheimpactonSOXteamsinsomesituationscanbesignificant.
25January14,2014PwCPCAOBareasofobservationSomeObservationsArecontrolsproperlydesignedandalignedtorisksTestingofmanagementreviewcontrolsEvidenceoversystemgenerateddataandreportsUseofworkofothersControlsover:-JournalEntries-Estimates,-Uniquetransactions,-Incometaxes26ImpacttoSOXTeamsIncreasedocumentationofend-to-endprocess,qualificationofcontrolperformers,andSODIncreaserigorofmanagementreviewcontrolsanddocumentationofpropercontrolexecution.
Enhancecontrolsoverspreadsheetsandotherend-userapplications.
Assistancewithtestingofkeyreports.
Criticalassessmentofcompetenceandobjectivity.
Lessrelianceonmanagementtesting.
Re-designofmanualandautomatedcontrolsoversensitiveareas.
January14,2014PwCHolisticApproachtoManageCosts,DeliverValue27ProcessLeanprocessframeworkappliedtocontrols,relateddocumentationandprojectmanagementprocessestoalignwithriskandstreamlineunnecessaryactivitiesIdentifyingcapabilitiestouseariskbasedtestingapproachtofocuseffortsonareaswithhighestriskoferrorandmisstatement.
StrategyEnsuresstakeholderalignmentaroundSOXprogramobjectivesandchangegoalsStructureCapturessynergiesbetweenSOXprogramsandexternalauditstodrivehighlevelsofexternalauditreliance.
PeopleUnderstandthetrainingandcontrolsknowledgeofthoseemployeesperformingkeycontrolsDeterminethemostcost-effectiveresourcesperformingworkwithlimitedvalue.
UnderstandtheexperienceandbackgroundofprogrammanagementrunningtheSOXprogram.
TechnologyEvaluateGRCplatforms,todeterminethattheyenableefficientworkflowsuchashand-offs,approvalsandmanagementreportingAutomatedcontrolsandcontinuousmonitoringareusedwherepossible,suchassegregationofduties,interfacebalancing,reconciliationsandtransactionmonitoring.
RequirementsMonitoringProgramManagementStrategyStakeholderAlignmentStructureSynergisticPeopleTrainedCostEffectiveExperiencedProcessLeanRiskBasedStreamlinedTechnologyAutomatedContinuousWorkflowQualityCompetent&ObjectiveJanuary14,2014PwCQuestions28January14,2014Thankyou.
.
.
2014PricewaterhouseCoopersLLP.
Allrightsreserved.
PwCreferstotheUnitedStatesmemberfirm,andmaysometimesrefertothePwCnetwork.
Eachmemberfirmisaseparatelegalentity.
Pleaseseewww.
pwc.
com/structureforfurtherdetails.
- potentialwww.pu811.com相关文档
- 天河www.pu811.com
- CIN1www.pu811.com
- suggestedwww.pu811.com
- torywww.pu811.com
- S2353www.pu811.com
- Analysiswww.pu811.com
Stablehost 美国主机商黑五虚拟主机四折
如今我们网友可能较多的会选择云服务器、VPS主机,对于虚拟主机的话可能很多人不会选择。但是我们有些外贸业务用途的建站项目还是会有选择虚拟主机的。今天看到的Stablehost 商家虚拟主机在黑五期间也有四折优惠,对于这个服务商而言不是特别的喜欢,虽然他们商家和我们熟悉的老鹰主机商有些类似,且在后来老鹰主机改版和方案后,Stablehost 商家也会跟随改版,但是性价比认为不如老鹰主机。这次黑色星期...
10gbiz:香港/洛杉矶CN2直连线路VPS四折优惠,直连香港/香港/洛杉矶CN2四折
10gbiz怎么样?10gbiz在本站也多次分享过,是一家成立于2020的国人主机商家,主要销售VPS和独立服务器,机房目前有中国香港和美国洛杉矶、硅谷等地,线路都非常不错,香港为三网直连,电信走CN2,洛杉矶线路为三网回程CN2 GIA,10gbiz商家七月连续推出各种优惠活动,除了延续之前的VPS产品4折优惠,目前增加了美国硅谷独立服务器首月半价的活动,有需要的朋友可以看看。10gbiz优惠码...
wordpress外贸集团企业主题 wordpress高级推广外贸主题
wordpress外贸集团企业主题,wordpress通用跨屏外贸企业响应式布局设计,内置更完善的外贸企业网站优化推广功能,完善的企业产品营销展示 + 高效后台自定义设置。wordpress高级推广外贸主题,采用标准的HTML5+CSS3语言开发,兼容当下的各种主流浏览器,根据用户行为以及设备环境(系统平台、屏幕尺寸、屏幕定向等)进行自适应显示; 完美实现一套主题程序支持全部终端设备,保证网站在各...
wwW.PU811.Com为你推荐
-
vc组合VC 组合框 禁用 破解商标注册流程及费用我想注册商标一般需要什么流程和费用?冯媛甑尸城女主角叫什么名字www.yahoo.com.hk香港有什么网页网站检测如何进行网站全面诊断www.765.com有没好的学习网站m.2828dy.com电影虫www.dyctv.com这个电影站能下载电影吗?广告法有那些广告法?还有广告那些广告词?ww.66bobo.com谁知道11qqq com被换成哪个网站www.ca800.comPLC好学吗