1 / 32

Risk Advisory Services

Risk Advisory Services. CAIB PRE-CONFERENCE TRAINING Audit Committees: Making Corporate Governance work in the Caribbean June 21, 2007. Program Agenda. Introduction Background Perspective; Objectives of Sarbanes-Oxley Act; Management’s Responsibilities;

Download Presentation

Risk Advisory Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Risk Advisory Services CAIB PRE-CONFERENCE TRAININGAudit Committees: Making Corporate Governance work in the CaribbeanJune 21, 2007

  2. Program Agenda • Introduction • Background • Perspective; • Objectives of Sarbanes-Oxley Act; • Management’s Responsibilities; • Key SOX provisions relating to Audit Committees; • Impact of SOX on the Caribbean.

  3. Program Agenda What is SOX? COSO Internal Control Framework – A Summary of Components • A brief discussion on SOX testing procedures; • Sample sizes and control frequency; • Evaluating test results and control deficiencies; • Deficiency Assessment.

  4. Welcome and Introductions

  5. Program Objectives • Discuss briefly the background and framework of Sarbanes-Oxley Act’s 404 (SOX) requirements. • Impact of SOX on Caribbean Financial Institutions. • SOX testing procedures. • A SOX approach to Internal Controls as a Fraud Management tool.

  6. Background

  7. Perspective • Enron – shock! • WorldCom – action! • Ahold, Parmalat, Hollinger • Nortel, Shell • Restore investor confidence • Increased transparency These may have been the catalyst, but investors are demanding a higher standard of care. Markets have reacted to restore investor confidence.

  8. Objectives of the Sarbanes-Oxley Act • Increase the accountability of management of public companies; • Improve Corporate Governance; • Increase the oversight of public accounting firms; • Restore investor confidence in the capital markets.

  9. Management’s Responsibilities under SOX • Accept responsibility for the effectiveness of the Company’s internal control over financial reporting. • Evaluate the effectiveness of internal control over financial reporting using suitable control criteria. • Support its evaluation with sufficient evidence, including documentation and appropriate evidence of existence and effectiveness of internal controls.

  10. Management’s Responsibilities under SOX • Present a written assessment about the effectiveness of internal control over financial reporting as of the end of the Company’s most recent fiscal year.

  11. Key SOX Provisions Relating to Audit Committees • The Sarbanes-Oxley act has required Audit Committees to adhere to certain provisions as follows: Each member of the Audit Committee must be independent. At least one of the members must be a “Financial Expert”. Directly responsible for appointment compensation and oversight of the public accounting firm.

  12. Key SOX Provisions Relating to Audit Committees (Cont’d) • All auditing and non-auditing services must be pre-approved by committee. • Establish procedures for handling complaints (whistleblower protection) Discuss with auditor prior to issuing audited financial statement: -Critical accounting policies and alternative treatments - Management letter, waived adjustments and material written communications Have authority to engage independent counsel and other advisors.

  13. Impact of SOX on the Caribbean • Over the last 3 years global companies have had to come to grips with the implementation and reporting requirements of Sections 302 and 404 of the US Sarbanes-Oxley Act – SOX 302 and 404. The SOX Act spells out the various roles of management, the audit committee, and the external auditors. • To this end the effects of the SOX Act has had an effect on Corporate Governance regionally. While the Act does not govern the regional companies, many of the large global companies have implemented various teams to ensure that even regional subsidiaries are SOX 404 compliant.

  14. Impact of SOX on the Caribbean (Cont’d) • Though the Sarbanes-Oxley is a U.S. legislation and only required by companies quoted on U.S. stock exchanges, there are a few benefits to adopting a SOX-like strategy to regional organizations as follows: Assists Directors in administering their Corporate Governance responsibilities; Developing Internal Controls that facilitate a robust internal fraud management strategy; Acts as another way of making local Financial Institutions more attractive to foreign investors;

  15. Impact of SOX on the Caribbean (Cont’d) • Creates an environment that makes it easier for regional Financial Institutions to adopt new legislations such e.g. Anti-Money Laundering; • Facilitates the development of an Enterprise Risk Management Strategy.

  16. What is SOX?

  17. COSO* Internal Control Framework A Summary of the Components The COSO framework is a model against which the components of internal control within an organization can be measured and evaluated. This report is representative of one of the ways management applies its assessment of risk at the entity level. This assessment is in line with the risk categories of COSO across the top of the cube (Operations, Financial Reporting, and Compliance). See page 11 for a definition of internal control. Control Environment – The control environment sets the tone of an organization, influencing the control consciousness of its people Control Activities – These policies and procedures help ensure management directives are carried out Information and Communication – Pertinent information must be identified, captured, and communicated in a form and time frame that supports all other control components. Monitoring – Internal control systems need to be monitored – a process that assesses the quality of the systems’ performance over time. Risk Assessment – Every entity faces a variety of risks from external and internal sources that must be assessed both at the entity and the activity level *Committee of Sponsoring Organizations of the Treadway Commission

  18. COSO* Internal Control Framework A Summary of the Components Internal control is broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Financial Reporting • The absence of a key financial control causes a material error in the financial statements, including the footnotes • Compliance with Laws and Regulations • Company is in violation of applicable regulatory requirements • Efficiency and Effectiveness of Operations • Company does not meet strategic objectives • The process does not operate efficiently • Customers are not satisfied with services received *Committee of Sponsoring Organizations of the Treadway Commission

  19. A brief discussion on SOX testing procedures

  20. Sample Sizes and Control Frequency Determine the extent of testsof controls Manual Control Application Control (programmed) Annually Quarterly Monthly Weekly Many time per day or daily or performed frequently but less than daily General Controls are ineffective General Controls are effective TestExtents* 1 2 3 10 25 * Larger sample sizes may be appropriate when: Deviations from designed controls are expected Likelihood of errors or override is considered other than low The control is « primary » or only control related to a significant account Control is applied by a number of different personnel at various locations

  21. Sample Sizes and Control Frequency Nature of Control and Frequency of Performance Minimum Number of Items to Test (Extent of Test of Controls) Manual control, performed many times per day At least 25 Manual control, performed daily At least 25 Manual control, performed frequently but less than daily 25% of the number of occurrences or at least 25 Manual control, performed weekly At least 10 Manual control, performed monthly At least 3 Manual control, performed quarterly At least 2 Manual control, performed annually Test annually Automatedcontrol Test one application of each programmed control for each type of transaction if supported by effective IT general controls (that have been tested); otherwise test at least 25 IT general controls Follow guidance above for manual and programmed aspects of IT general controls Sample Testing Guidance

  22. Evaluating the Testing Results Evaluate the Testing Results Control deficiencies/ exceptions were found ** If after evaluating the exception, it is determined to be isolated, consider expanding the sample size. (for example, by an addition 10 tests for each exception) Amend decision to rely on control and consider another control Extend test extents ** Address deficiency Control operates effectively Evaluate Design Effectiveness of Control Select key controls No additional exceptions Additional exceptions noted

  23. Assessment of Control Deficiencies 3 levels: Inconsequential; Significant Deficiency; Material Weakness.

  24. Control Deficiencies Significant Deficiency • A control deficiency that adversely affects the Company’s ability to initiate, authorize, record, process, or report external financial data reliably in accordance with GAAP. • Could be a single deficiency or a combination of deficiencies that results in more than aremotelikelihood that a misstatement of the annual or interim financial statements that is more thaninconsequential will not be prevented or detected.

  25. Control Deficiencies Significant Deficiency • Material Weakness; • A significant deficiency, or a combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected; • Material Weakness = Adverse Opinion; • “Remote”: the chance of the future event or events occurring is slight.

  26. Evaluating Significant Deficiencies • Must evaluate all identified deficiencies in internal control over financial reporting for significance based on: • Likelihood that a deficiency, or combination of deficiencies, could result in a misstatement of an account balance or disclosure. • Magnitude of the potential misstatement resulting from the deficiency or deficiencies. • Evaluation of significance includes both quantitative and qualitative factors. • Maintain a log of all deficiencies: • Requires aggregation – all locations reporting.

  27. A brief overview of Internal Control as a Fraud Management tool

  28. Accountability and Control Red Flags

  29. How to Minimize Fraud Risk Adhere to policies/procedures (especially documentation and authorization); Ensure physical security over assets; Provide proper training to employees; Independently review and monitor tasks; Provide for segregation of duties; Establish clear line of authority; Rotate duties in positions susceptible to fraud; Ensure employees take regular vacations; Schedule regular independent audits of areas susceptible to fraud; Ensure background check for employees handling financial transactions;

  30. How to Minimize Fraud Risk Make sure internal controls are being followed; Review, Review, Review! Ask for documentation; Ensure that one person dos not have total responsibility for a process; Evaluate performance regularly; Report suspicious activity.

  31. Thank You

  32. Contacts Rendra Gopee KPMG Barbados Phone: 1-246-427-5230 Mobile: 1-246-233-5165 Email: rgopee@kpmg.bb • Frederick Bernard • KPMG Barbados • Phone: 1-246-427-5230 • Mobile: 1-246-233-2883 • Email: frederickbernard@kpmg.bb Michael Edghill KPMG Barbados Phone: 1-246-427-5230 Mobile: 1-246-231-1111 Email: maedghill@kpmg.bb Frank Myers KPMG St. Lucia Phone: 1-758-4531471 Email: fvmyers@kpmg.bb

More Related