Presentation is loading. Please wait.

Presentation is loading. Please wait.

UW Financial Reporting Conference May 5, 2016 4-0-FOUR! AVOIDING THE ICFR ROUGH.

Published byTabitha Chase Modified over 8 years ago

Similar presentations

Presentation on theme: "UW Financial Reporting Conference May 5, 2016 4-0-FOUR! AVOIDING THE ICFR ROUGH."— Presentation transcript:

1 UW Financial Reporting Conference May 5, 2016 4-0-FOUR! AVOIDING THE ICFR ROUGH

2 Panelists Frank Brod, Microsoft Brian Croteau, SEC John Fogarty, Deloitte Susan Insley, VMware 2

3 UW ICFR Panel Discussion Frank Brod CAO, Microsoft Corporation

4 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ SOX at Microsoft by the Numbers +$94B MS reported revenue 430+ worldwide SOX 404 Controls 870 1 Auditor Scope 95%+ Revenue coverage 80+ IT systems and applications 390 Participants SOX 302 quarterly disclosure

5 SOX Program Goals Design Respond Improve Manage Prevent material weaknesses or significant deficiencies Anticipate and identify risks Rapid response to remediate deficiencies Provide leadership Ensure costs for compliance are appropriate Compliance above all else Encourage and maintain control vigilance culture throughout the organization

6 Involvement with Deloitte Work in tandem with Deloitte auditors and ensure transparency and open dialog Objective: Process: Include auditors in key close reviews Alignment of SOX plans Share managements 404 documentation Common process and control walkthroughs Testing designed to maximize auditor reliance

7 Best Practices Ensure ICFR coverage and compensating controls Controls to validate 10Q/10K and Earnings Release Ensure controls aligned with process changes and evolving risks Adopted FY ending June 30, 2014 Microsoft’s strong program minimized need for new controls Program designed to minimize risk of Material Weakness Standardized template and process to facilitate review individually and in aggregate COSO 2013 Early adoption    

8 Deficiency Evaluation Template IssueIssue #SubcycleRelated ControlRemediation StateRepeat Deficiency Order Tool User Access15031RevenueT1-XXXPendingNo Control Deficiency Description One user was provisioned 'super user' access to the Order tool without documented evidence of approval. Access was deemed to be appropriate. Related SOX Control T1-XXX - Super User access is only available to authorized internal Microsoft employees and cannot be self-granted. Another authorized Microsoft employee Super User must approve and grant this application access role through business process. Related Financial Statement Caption Revenue – Product X COSO Root Cause Control performer or owner didn’t fully understand or perform their roles and responsibilities Deficiency Assessment Likelihood of potential misstatement or omission: remote In summary - The deficiency does not rise above “control deficiency” given that the user access was deemed appropriate and has relevant mitigating controls that further reduce the severity of the control deficiency Compensating Controls T1-UAL: Quarterly review of users with access to high risk SAP Finance roles T1 XX2 - Super user access, which is limited to authorized Microsoft internal users is reviewed on a quarterly basis. The business unit perform a quarterly audit of users with Super Admin role access and request access removal if no longer needed. Remediation Develop and deliver training for users authorized to provision access in the Tool, including awareness of the SOX control requirements relating to retaining documentation of access approvals Conduct a review of users authorized to provision access in the tool to determine if number can be limited further to a small user provisioning group. Finalize the list of users who should continue to be authorized to provision such access. New monthly report for management’s detective review of users authorized to provision access in the tool. Ensure the report is reviewed to determine that there is no inappropriate access.

9 Thank You

10 4-0-Four! Avoiding the ICFR Rough Panel Discussion Frank Brod, Microsoft Brian Croteau, SEC John Fogarty, Deloitte Susan Insley, VMware 10

11 Material Weakness A material weakness is defined as:  A deficiency, or combination of deficiencies, in ICFR such that there is a reasonable possibility that a material misstatement of the registrant’s annual or interim financial statements will not be prevented or detected on a timely basis. 11

12 Management Review Controls “Reaching a Consensus on Management Review Controls” Recent article in CFO.com By John Fogarty, Partner, Deloitte & Touche LLP PDF copy of article available via Conference URL (printing a copy for personal use only permitted) 12

13 Evaluating Evidence of Operating Effectiveness of ICFR Determining the Sufficiency of Evidence Based on ICFR Risk Assessment High Misstatement Risk of Financial Reporting Element Medium Low MediumHigh Risk of Control Failure More Evidence

14 THANK YOU

Download ppt "UW Financial Reporting Conference May 5, 2016 4-0-FOUR! AVOIDING THE ICFR ROUGH."

Similar presentations

Internal Control–Integrated Framework

Internal Control–Integrated Framework
Presented by YOUR NAME THE DATE

Presented by YOUR NAME THE DATE
G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
Auditing Concepts.

Auditing Concepts.
2007 Annual Meeting ● Assemblée annuelle 2007 Vancouver 2007 Annual Meeting ● Assemblée annuelle 2007 Vancouver Canadian Institute of Actuaries Canadian.

2007 Annual Meeting ● Assemblée annuelle 2007 Vancouver 2007 Annual Meeting ● Assemblée annuelle 2007 Vancouver Canadian Institute of Actuaries Canadian.
Audit Documentation PCAOB Auditing Standard no.3.

Audit Documentation PCAOB Auditing Standard no.3.
Finance at Microsoft.

Finance at Microsoft.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
CAIB PRE-CONFERENCE TRAINING Audit Committees: Making Corporate Governance work in the Caribbean June 21, 2007 Risk Advisory Services.

CAIB PRE-CONFERENCE TRAINING Audit Committees: Making Corporate Governance work in the Caribbean June 21, 2007 Risk Advisory Services.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Seminar in Accounting & Society SOX – Section 404 April 23, 2008.

Seminar in Accounting & Society SOX – Section 404 April 23, 2008.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Current Developments at the PCAOB Ensuring Integrity: 3 rd Annual Auditing Conference at Baruch College December 4, 2008.

Current Developments at the PCAOB Ensuring Integrity: 3 rd Annual Auditing Conference at Baruch College December 4, 2008.
COMPLYING WITH SARBANES- OXLEY SECTION 404: MANAGEMENT’S ASSESSMENT OF THE ACTUARIAL CONTROL ENVIRONMENT Brian Reilly, Senior Vice President & Chief Auditor.

COMPLYING WITH SARBANES- OXLEY SECTION 404: MANAGEMENT’S ASSESSMENT OF THE ACTUARIAL CONTROL ENVIRONMENT Brian Reilly, Senior Vice President & Chief Auditor.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
CHAPTER 2 FINANCIAL STATEMENT AUDITS AND AUDITORS’ RESPONSIBILITIES Fall 2007 u G enerally Accepted Auditing Standards u Assurance Provided by an Audit.

CHAPTER 2 FINANCIAL STATEMENT AUDITS AND AUDITORS’ RESPONSIBILITIES Fall 2007 u G enerally Accepted Auditing Standards u Assurance Provided by an Audit.
UCSD Office of the Controller1 SAS112 Implementation UCSD Status Update.

UCSD Office of the Controller1 SAS112 Implementation UCSD Status Update.
The Camp Audit “Keep your friends close and your auditor closer”

The Camp Audit “Keep your friends close and your auditor closer”
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-

Similar presentations

Ads by Google