#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.

Slides:



Advertisements
Similar presentations
Internal Control Integrated Framework
Advertisements

Internal Control–Integrated Framework
Lisanne Sison Director ERM Bickmore
Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
Internal Control.
8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
Audit Planning and Analytical Procedures Chapter 8.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Section 404 Audits of Internal Control and Control Risk
Purpose of the Standards
Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Information Systems Controls for System Reliability -Information Security-
INTERNAL CONTROL OVER FINANCIAL REPORTING
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.
Internal Control and Control Self-Assessment
Global Risk Management Solutions Risk Management and the Board of Director: Moving Beyond Concepts to Execution Anton VAN WYK Partner, Global Risk Management.
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
Transitioning to the COSO 2013 Update.  Released on May 14, 2013  Designed to build upon the foundation of the 1992 Framework  Will supersede the 1992.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.
Enterprise Risk Management
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
Internal Control in a Financial Statement Audit
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
Agency Risk Management & Internal Control Standards (ARMICS)
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Chapter 5 Evaluating the Integrity and Effectiveness of the Client’s Control Systems.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
#127 – Risk Management Basics Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
Internal Control. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition A process...designed.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Understanding the Principles and Their Effect on the Audit
PEM PAL IA COP Internal Control Working Group COSO Principles
Internal control objectives
Internal Control Integrated Framework
Internal control - the IA perspective
Internal Controls Policies and Procedures
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.

2 Overview Identifying legal and regulatory risks Quantifying and weighing these risks Proactively mitigating legal and regulatory risk Communicating legal and regulatory risk to the business process owners

3 Identifying Legal and Regulatory Risks COSO framework –Control environment –Information and communication –Risk assessment –Monitoring Determining where the gaps are –Inherent risk –Controls in place

4 Internal Control – Integrated Framework Familiar Cube Three objective categories Five Components Entity and organizational units

5 Control Environment Integrity and ethical values Commitment to competence Board of Directors/Audit Committee Management’s philosophy and operating style Organizational Structure Assignment of authority and responsibility Human resource policies and procedures

6 Information and Communication Information is identified, captured, processed and reported by information systems. Relevant information includes industry, economic and regulatory information obtained from external sources, as well as internally generated information. Communication is inherent in information processing. Communication also takes place in a broader sense, dealing with expectations and responsibilities of individuals and groups. Effective communication must occur down, across and up an organization and with parties external to the organization.

7 Risk Assessment Entity-wide objectives –Include broad statements of what an entity desires to achieve, and are supported by related strategic plans Activity level objectives –Flow from entity-wide objectives –Are frequently stated as goals with specific targets and deadlines Risks –Consider external and internal factors that could impact achievement of the objectives Managing Change –Economic, industry and regulatory environments change and entities' activities evolve; mechanisms are needed to identify and react to changing conditions.

8 Monitoring Ongoing monitoring occurs in the ordinary course of operations, and includes regular management and supervisory activities, and other actions personnel take in performing their duties that assess the quality of internal control system performance. The scope and frequency of separate evaluations will depend primarily on an assessment of risks, and ongoing monitoring procedures. Internal control deficiencies should be reported upstream with certain matters reported to top management and the board.

9 ERM Integrated Framework Expands the original cube Four objective categories Eight Components Entity and organizational units

10 ERM Framework Objective Setting –Strategic High level goals Aligned with mission/vision –Operations Relates to effectiveness and efficiency –Reporting Effectiveness; relates to internal and external – Compliance Applicable laws and regulations

11 Compliance Objectives Relevant laws and regulations –Examples Wage and hour laws EEOC IRS/SEC Dependent on external factors –Examples: Environmental regulation Sarbanes-Oxley Act Homeland Security/Patriot Act Tend to be similar –Across entities or industries

12 Applicable Laws and Regulations Establish minimum standards for behavior –Entities must integrate into compliance objectives Compliance records –Significantly – positively or negatively – affect an entity’s reputation in the community and marketplace Overlap of objectives –Compliance objectives can affect other categories Strategic, operational, reporting

13 Achievement of Objectives Measurable targets toward which an entity moves Will have differing degrees of importance and priority Reasonable assurance objectives are achieved –May not pertain to all objectives –Compliance objectives are largely under entity’s control –Has the ability to do what’s needed to meet them

14 Risk Appetite Expressed as the acceptable balance between: –Growth, risk and return – OR – –Risk-adjusted shareholder value-added measures Risk appetite vs strategy –Strategy may exceed entity’s risk appetite –Strategy may not embrace sufficient risk to allow entity to achieve its vision/mission Guide resource allocation

15 Risk Tolerances Acceptable levels of variation relative to the achievement of objectives Measurable Performance measures –Help ensure actual results will be within the acceptable risk tolerances –Based on relative importance of related objectives

16 Event Identification Governmental changes –Changes in overall climate Legislation –Sarbanes-Oxley Act –Patriot Act Regulation –Certain required processes and disclosures

17 Proactively Mitigating Legal and Regulatory Risk Some examples –Establish a compliance office –Establish policies and procedures for appropriate legal reviews of contracts –Ensure line recognizes primary compliance responsibilities –Review privacy policies and practices –Benchmark against government requirements and best practices

18 Mitigating Risk vs Impeding Progress Establish guidelines –What requires review –Articulate where leverage may be applied Develop tools –Checklists –Standard language Empower business partners to perform their own control self assessment

19 Communicating Legal and Regulatory Risk Use layperson’s terms –Avoid “sounding” like an attorney or compliance officer Demonstrate with examples –Likelihood – have other entities been affected –Impact – what is a worst case scenario Know your audience –Sales objectives often collide with legal risk management –What does the risk mean to the executive group

Open Discussion and Examples

Questions?

22 For More Information: Deborah Frazer, CPA, CISA, CISSP Senior Director, Internal Audit PalmSource, Inc.

Thank you!