AUDIT Seminar in Accounting & Society SOX – Section 404 & Enterprise Risk Management March 30, 2010.

Slides:



Advertisements
Similar presentations
1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,
Advertisements

Organizational Governance
Els Hostyn Partner Internal Audit, Risk & Compliance Services Forensic 13 October 2009 FORENSIC ADVISORY Internal Audit and other assurance providers.
Risk Management at Harvard – Panel Discussion Harvard IT Summit
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Corporate Governance Chapter 2.
Chapter 10 Accounting Information Systems and Internal Controls
Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
Institute of Operational Risk Breakout Session - Operational Risk Nirvana KPMG Giles Triffitt Peter Watson Peter Docherty 1 November 2013.
CHAPTER 16 Auditing and corporate governance. Contents  Corporate governance  Independent directors  Chairman of the board and chief executive officer.
1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Seminar in Accounting & Society SOX – Section 404 April 20, 2009.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Sarbanes-Oxley Compliance Process Automation
Seminar in Accounting & Society SOX – Section 404 April 23, 2008.
Audit Planning and Analytical Procedures Chapter 8.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
One Firm. One Team. Countless Opportunities. Baruch College Come out to network and learn more about a career with KPMG that is far beyond coding !
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
WHAT ARE MY AUDITORS DOING?. Your Presenter Dianne Batistoni, CPA –EisnerAmper Insurance Group Audit Partner – Bridgewater, NJ – , ext
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
V. Conferencia Internacional Antilavado de dinero y Contra el Financiamiento al Terrorismo Anti-Money Laundering Compliance for Broker/Dealers Current.
TRANSACTION SERVICES ADVISORY Romania conference – IPO process Victor Kevehazi, Senior Partner 18 October 2005.
Internal Auditing and Outsourcing
Audit Sampling: A Basic Understanding AGA-Baltimore Johnny Ramsey, Senior Manager KPMG Government Industry Sector September 20, 2012.
Fall 2003 Auditing Update for Auditing and Assurance Services: An Integrated Approach.
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Chapter 3 Internal Controls.
The CPA Profession Chapter 2 By Arens et. al. Learning Objective 1 Describe the nature of CPA firms, what they do, and their structure.
Risk Management Reconstructed Implementing fraud risk intelligence practices July 2011 KPMG FORENSIC SM.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
OMB Circular A-123 Lessons Learned OMB Circular A-123 Lessons Learned FEDERAL ADVISORY Sean Hoffman Partner KPMG LLP.
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Enterprise Risk Management Expectations Outpacing Capabilities and The Audit Committee’s Role July 30, 2013 Presented by: Suzette E. Ramsden (B.Sc., CISA,
AUDIT FEI Career Management Group Qualifications for a Successful CFO/Controller in Today's Market December 3, 2009.
© 2007 KPMG, the Malaysian member firm of KPMG International, a Swiss cooperative. All rights reserved. 1 Differing Roles of Internal Auditor and Risk.
September 30, 2008 BIBA ROUNDTABLE Regulatory Panel.
Agency Risk Management & Internal Control Standards (ARMICS)
Issues in Corporate Governance: Board Structures and Functions Based on a Student Presentation by Joshua Shullaw and Matthew Domeyer.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
WAISC September 19, 2012 The Evolution of and Industry.
Factors Associated with IT Audits by the Internal Audit Function Discussant Comments October 2, 2009 INFORMATION RISK MANAGEMENT ADVISORY.
© 2003 DelCreo, Inc. All rights reserved. | U.S. Toll-free 866.DELCREO | International 001/ |
Casualty Loss Reserve Seminar General Session II September 9, 2003 Section 302/404 of Sarbanes-Oxley Act What Actuaries Need to Know Jan A. Lommele, FCAS,
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
1 Techniques for Effectively Managing Credit Relationships: Achieving the “Right” Rating Next Page To Advance: Click Screen Anywhere or Click Next To Return.
From cost to value: 2010 Global Survey on the CIO Agenda June 15 th, 2010 IT ADVISORY KPMG INTERNATIONAL.
FINANCIAL SERVICES ADVISORY SERVICES 13 March 2007 Challenges faced by consultants whilst consulting on Basel II.
KPMG GOVERNMENT INSTITUTE The Future of Government Financial Reporting: Where Do We Go From Here? AGA Baltimore Chapter AUDIT Andrew C. Lewis, CPA, CGFM,
Linkage of Risk, Capital and Financial Management CAS Annual Meeting Aaron Halpert, ACAS, MAAA Leslie R. Marlo, FCAS, MAAA November 12, 2007 INSURANCE.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
1 COSO ERM Framework Update Our Next Challenge and Opportunity September 2015.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Trade Compliance Considerations April 13, © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network.
F8: Audit and Assurance. 2 Audit and Assurance Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B:
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
ERM and Information Risks July 2013 Advisory. 1 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
ENTERPRISE RISK MANAGEMENT IN THE CASE OF THE FINANCIAL SERVICE SECTOR
Internal Audit & Enterprise Risk Management
From the eyes of the assurer — April 24, 2018
Rethinking classroom design
Professional services in papua new guinea
Presentation transcript:

AUDIT Seminar in Accounting & Society SOX – Section 404 & Enterprise Risk Management March 30, 2010

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 2 Seminar in Accounting & Society SOX Section 404 – March 30, 2010 Rick Andrews Partner KPMG Karen Vangyia Partner KPMG

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 3 Agenda Introductions/Background Overview – What is Sarbanes-Oxley? Impact of SOX Impact of AS5 The Economy & Risk – What Happened? What’s Next? Enterprise Risk Management Questions

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 4 About KPMG KPMG LLP is a provider of audit, tax and advisory services KPMG LLP is #1 in the St. Louis market auditing 42% of St. Louis’ Top 50 Public Companies KPMG LLP is the U.S. member firm of the KPMG international network with a presence in ~ 150 countries KPMG has been recognized as a great place to work by Fortune, Working Mother, the Human Rights Campaign, Business Week, The Women’s Alliance, the Black Collegian, Diversity Inc and others KPMG LLP consists of 21,000 partners and staff across the U.S. The St. Louis office is supported by approximately 250 employees serving in the capacity of client support delivery or client service support functions

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 5 What is Sarbanes-Oxley? What is SOX 302? What is SOX 404? What is AS5?

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 6 Management’s Certifications The CEO and CFO must personally certify to the: Accuracy of financial statements Adequacy & effectiveness of disclosure controls and procedures (SOX 302) Adequacy & effectiveness of internal controls over financial reporting (SOX 404) Completeness of all disclosures that materially impact the financial statements or relate to frauds involving management with a significant role in internal controls over financial reporting

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 7 Impact of SOX on Stakeholders SOX 404 & 302 had a significant impact on: Board of Directors’ responsibilities Management’s responsibilities Internal Audit Department resources and responsibilities Costs of compliance

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 8 Impact on Board of Directors Increased liability & responsibility for Audit Committee members Qualifications for Audit Committee members more stringent (“financial expert” requirement) Director, Internal Audit reports directly to the Chairman of the Audit Committee Whistleblower Policy implemented with reports to the Audit Committee Chair

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 9 Impact on Board of Directors As a result, the Audit Committee has: Increased focus on internal controls & audit results Demanded swift remediation of internal control weaknesses Supported the addition of Internal Audit resources to support compliance efforts Initiated discussion over business risk management strategies across the organization

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 10 Impact on Management Certifying officers (CEO & CFO) are personally liable for undisclosed issues and significant financial misstatements Potential for large $$ penalties and prison sentences Increased accountability to Board with respect to maintaining internal controls and SOX compliance processes

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 11 Impact on Management As a result, Management has: Increased focus on internal controls & audit results Demanded swift remediation of internal control weaknesses Placed reliance on transparency of quarterly disclosure certification process Continued to set a strong “Tone at the Top” with respect to establishment and adherence to policies & controls

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 12 Impact on the Audit Profession “The Good” Stature of audit profession raised Bubble of demand for auditors Increased salaries “The Bad” Balance of work shifted to routine detail tests More challenging to find ways to provide value due to independence rules (external audit) & resource limitations (internal audit)

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 13 Benefits of SOX 404 & 302 Increased knowledge of internal controls throughout the organization Ownership of internal controls embedded within the organization More rapid remediation of significant control deficiencies Increased transparency over events that may impact the financial statements and disclosures (SOX 302)

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 14 Impact of AS5 External audit no longer opines on management’s approach to forming their opinion on internal controls over financial reporting Scales are balancing with more focus on a risk-based approach Management has increased flexibility in developing its compliance plan

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 15 Global disruption of economy Massive stock market decline Bernie Madoff Mortgage backed Securities AIG bailout Lehman Bankruptcy Bank foreclosures What Happened??? Wall St VS. Main St

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 16 What’s Next? The Economy, Risk & SOX 404 Companies are dealing with issues that are still evolving! As a result of the global economic disruption and the turmoil in the financial markets, companies are dealing with certain accounting and reporting issues for the first time in decades, and for some, the first time EVER

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 17 What’s Next? The Economy, Risk & SOX 404 Anticipate increased focus on Enterprise Risk Management (ERM) and integration of related control structure into organizations Boards and management are being asked why they did not foresee the potential impact of major risks Debt ratings agencies (Standard & Poor’s) are starting to ask about ERM

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 18 ENTERPRISE RISK MANAGEMENT Journey ERM

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 19 The Meaning of Risk is Changing Prior Thinking Current Thinking A way of preserving value by avoiding risk A way of creating sustainable value by embracing risk Focus on what has happened Focus on what could happen

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 20 What is Risk Management? What is Risk? “the chance of something that will have an impact on objectives. It is measured in terms of consequences and likelihood.” What is Risk Management? “the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects”

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 21 Source: COSO Enterprise Risk Management – Integrated Framework (September 2004) Enterprise Risk Management Defined “Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 22 ERM Drivers? External triggers Share shocker: Surprises that lead to a falling or poor-performing share price Born in the U.S.A.: Sarbanes-Oxley controls reporting is time- consuming and must deliver back more than just compliance Capital concerns: Credit-rating agencies taking an interest in governance and risk management capabilities Rules and more rules: New trends in the regulatory environment at home and abroad (e.g., Euro-SOX) Listing pressure: Demerger or listing on a new exchange that requires additional governance and compliance processes Losing face: An event that could put the company’s reputation at significant risk of damage

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 23 ERM Drivers? (continued) Internal triggers Musical chairs A new CEO or Chair of the Board/Audit Committee who is open to fresh approaches Flex from the center Concerns at HQ about the level of control they have over a diverse business Expansionists The company is growing quickly and struggling to maintain control over operations A risky business Major changes in business direction or the dynamics of an industry Ticking off Ongoing Audit Committee or major shareholder complaining about a lack of internal control Keeping up with the Trends Executive management wants to maintain parity with the practices of their peers

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved % 20% 8% 4% 48% 76% 53% 50% 29% 24% 0%20%40%60%80%100% Other No/little change Improved equity value or reduced debt costs Reduced earnings volatility due to hedging Improved earnings or shareholder value Reduced infrastructure, operating, or resource costs Improved decision-making Improved operations Improved regulatory compliance Improved risk awareness and collaboration What value has Enterprise-wide risk management created? Source: KPMG, LLP: ERM in the US – A 2006 Report Card 265 US Company Responses Where Are Global Companies Heading with ERM? Expected Potential Benefits/Outcomes

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 25 Accountability Pyramid The Business Help manage the risks Risk Management Oversight Facilitate the process The Board Provide Governance Helps enable direct objective comparison of risks Risks can be monitored and reported Limits/KRI’s and accountabilities are set Policies and procedures defined and implemented Risk Policy and Appetite Key Systems/Processes Clear and unambiguous communication of the risk

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 26 Creating Process Building and maintaining a dynamic risk management framework and process to achieve sustainability Creating Content Identifying, evaluating and prioritizing enterprise risks KPMG ERM Framework Risk Governance Risk Assessment Risk Quantification & Aggregation Risk Monitoring and Reporting Risk & Control Optimization Framework Element Description Establishment of approach for developing, supporting, and embedding the risk strategy and accountabilities Identifying, assessing, and categorizing risks across the enterprise Measurement, analysis, and consolidation of enterprise risks Reporting, monitoring, and assurance activities to provide insights into risk management strengths and weaknesses Using risk and control information to help improve performance Likelihood Consequence Insignificant Minor Moderate Major Catastrophic Remote Unlikely PossibleLikelyAlmost certain Top Risks (those that threaten) 1.Strategic Priorities 2.Business Model 3.Corporate Existence Create Content Create Process ERM Content and Process

©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 27 Questions??? The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.