hftp_sox_presentation
TRANSCRIPT
-
8/7/2019 HFTP_SOX_Presentation
1/11
1
Sarbanes-Oxley Section 404
June 29, 2005
-
8/7/2019 HFTP_SOX_Presentation
2/11
2
SOX 404 Background 3
SOX 404 Goals 4
SOX 404 Requirements 5
SOX 404 Assertions 6 SOX 404 Compliance 7
COSO Internal Controls 8
COSO Internal Controls Framework 9
Why Do You Really Care About SOX 404? 10
Things You Can Do 11
Table of Contents
-
8/7/2019 HFTP_SOX_Presentation
3/11
3
SOX 404 Background
Due to the scandals in corporate financial reporting, Congress enacted in2002, the Sarbanes Oxley Act (SOX). The Security ExchangeCommission oversees the compliance by publicly traded companies to theAct. The Public Companies Accounting Oversight Board (PCAOB) drivesthe compliance.
SOX Section 404 rules require each annual report to contain an internal
control report which shall state the responsibility of management forestablishing and maintaining an adequate internal control structure andprocedures for financial reporting, and contain an assessment of theeffectiveness of the internal control structure and procedures of the issuerfor financial reporting.
Filing due dates:
Fiscal years ended on or after November 15, 2004 for acceleratedfilers (ie., market capitalization in excess of $75mm)
Fiscal years ended on or after July 15, 2006 for non-acceleratedfilers.
-
8/7/2019 HFTP_SOX_Presentation
4/11
4
SOX 404 Goals
no material weaknesses that must be reported at the registrantlevel by either management or the by external auditor;
no significant deficiencies that must be reported at the registrantlevel by either management or the external auditor to the AuditCommittee of the Board of Directors; and
no material misstatements of the companys financialstatements
The goals of a SOX 404 program are to ensure that enterprise internalcontrols are of such quality that there will be:
-
8/7/2019 HFTP_SOX_Presentation
5/11
5
SOX 404 Requirements
Client management must:
Document and test the internal controls over financial reporting
Issue an annual assertion on the effectiveness of internal controlover financial reporting
External Auditors must:
Determine nature, timing, and extent of testing
Review work performed by management
Perform some independent tests of controls
Attest and report on:
Managements 404 assertion process Design and effectiveness of internal controls
-
8/7/2019 HFTP_SOX_Presentation
6/11
-
8/7/2019 HFTP_SOX_Presentation
7/11
7
SOX 404 Compliance
-
8/7/2019 HFTP_SOX_Presentation
8/11
8
COSO provides the PCAOBs accepted basis for establishing internalcontrol systems and determining their effectiveness.
Stands for Committee of Sponsoring Organizations
Originally formed in 1985 to sponsor the National Commission onFraudulent Financial Reporting (aka The Treadway Commission)
The sponsoring organizations include: American Institute of Certified Public Accountants (AICPA)
The Institute of Internal Auditors (IIA)
Financial Executives International (FEI)
Institute of Management Accountants (IMA)
American Accounting Association (AAA)
Published two documents and one pending
1992 Internal Controls Integrated Framework
Mid 90s Internal Control on Derivative Issues
Early 2004 Enterprise Risk Management Framework
COSO Internal Controls
-
8/7/2019 HFTP_SOX_Presentation
9/11
9
The control conscience of
an organization. The
tone at the top
The evaluation of
internal and external
factors that impact an
organizations
performance
The policies and
procedures that help
ensure that actions
identified to manage risk
are executed and timely
The process which
ensures that relevant
information is identifiedand communicated in a
timely manner
The process to determine
whether internal control is
adequately designed,
executed, effective and
adaptive
COSO - Internal Control Framework
Components
Objectives
-
8/7/2019 HFTP_SOX_Presentation
10/11
10
Non-profit (country clubs) and non-publicly traded (hotels) companiesare not required to comply with SOX 404 requirements.
Reasons to care:
Why Do You Really Care About SOX 404?
Board members, who are responsible for the establishment and
maintenance of good corporate governance ALL Financing sources (banks and investors) want assurance that the
financial statements are not misrepresented ALL
Owners want assurance that the financial statements are notmisrepresented Hotels
Risk of membership loss due to fraudulent practices disclosed tothe public Country Clubs
If acquired by a publicly traded company, SOX 404 compliance isrequired - Hotels
-
8/7/2019 HFTP_SOX_Presentation
11/11
11
Things You Can Do
Steps to take to enhance your internal controls: Establishment of an audit committee to provide financial reporting
and internal control expertise, along with oversight on suchmatters
Establish a Whistle-Blower policy to provide the means and
safeguards to those who identify fraudulent practices Assess the risk associated with the processes that make-up your
organization (ie., sales/revenue, cash, accounts receivable, fixedassets, accounts payable, payroll, etc.)
For high risk areas and processes ask yourself, What Could Go
Wrong and address the answers to the question (ie., segregationof duties)
Reference List: http://www.aicpa.org/audcommctr/homepage.html
http://www.pcaobus.org
http://www.sec.gov/rules/pcaob.html