Getting Started in Financial Consulting by cqa18336


More Info
									    sideLook Consulting
Sarbanes-Oxley Overview
   Getting Started
   Scoping
   The COSO Environment
   Anti-Fraud Controls
   Internal Control Questionnaires
   Documentation
   Testing
   Evaluation of Internal Control Deficiencies and Reporting
The Act
   The Public Company Accounting Reform and Investor
    Protection Act of 2002 (the Sarbanes–Oxley Act) has brought
    about the most extensive reform that the U.S. financial
    markets have seen since the enactment of the Securities Act
    of 1933 and the Securities Exchange Act of 1934.
   The impact of the Act has been felt throughout the financial
    markets; every industry and service sector has been, and will
    continue to be, impacted. Section 404 of the Act,
    Management Assessment of Internal Controls, which may be
    the most challenging aspect of the Act, requires most publicly
    registered companies and their external auditors to report on
    the effectiveness of the company’s internal control over
    financial reporting.
Project Initiation

  Establish scope and timing.
  Develop training material for client and staff to
   participate in SOX compliance.
  Develop Environmental questionnaires for
   Management and Audit Committee.
  Establish scope of consolidating entities if
  Review existing policies and procedures.
  Meet with External Auditor.
The scoping process is to identify the significant accounts, disclosures,
  business processes/cycles, and locations that must be documented and
    Identify significant accounts and disclosures by considering
       1. Items separately disclosed in the consolidated financial statements
       2. Qualitative and quantitative factors
       3. Materiality at the consolidated financial statement level
    Identify business processes/cycles and sub-processes/cycles and
      map to significant accounts and disclosures.
    Identify the relevant financial statement assertions for each significant
      account and disclosure.
    Perform a risk assessment, both qualitatively and quantitatively, of the
      business sub-processes/sub-cycles.
    Obtain a complete listing of locations or business units and obtain the
      Company’s organizational chart.
The documentation produced in the Section 404 project forms the basis and
  support for management’s evaluation of internal control over financial
  reporting. Further, the SEC’s rules on Section 404 indicate that it is a
  company’s responsibility to document internal control, and that developing
  and maintaining such documentation is inherent to effective internal
       Determine scope of documentation – Determine which accounts and
        disclosures will be evaluated and which locations should be included in the
        scope of the company’s internal control documentation.
       Meet with External Auditor for guidance on approach.
       Document the flow of transactions for significant accounts and disclosures to
        determine where material misstatements due to error or fraud could occur.
        Identify the control activities within these processes. Document controls within
        each of the five components of internal control (COSO) and specifically
        address company-level controls, anti-fraud programs, and evaluation of the
        audit committee’s effectiveness.
       Assess the design of controls – Evaluate whether the company’s controls are
        adequately designed to mitigate the risk of material misstatement.
To demonstrate effective internal control over financial
  reporting, management should determine whether
  the company’s controls are operating effectively.
  This requires testing the controls. The company
  must retain evidence of this testing to support
  management’s assessment of internal control over
  financial reporting.
     Develop the test plans.
     Obtain Client and Auditor approval of testing approach.
     Execute the test plans (what, how, and when to test)
      based on Narratives, Matrices of key processes.
     Evaluate the test results.
Evaluating Results
Evaluating the significance of internal control deficiencies and
  reporting is an evolving area that will require a significant
  degree of management judgment. Control deficiencies can
  range from internal control deficiencies to significant
  deficiencies to material weaknesses in internal control.
      Step 1: Identify the Deficiencies
      Step 2: Understand and Assess the Deficiency
      Step 3: Assess Likelihood of Misstatement
      Step 4: Assess Potential Magnitude of Misstatement
      Step 5: Identify Compensating Controls
      Step 6: Determine Classification of Deficiencies
      Step 7: Assess Deficiencies in Aggregation with Others
Additional Areas
The scope of the Section 404 assessment will extend well beyond a
  company’s finance and accounting departments. Areas assessed will
  also include:
         Information technology,
         Tax,
         Legal,
         Human Resources and
         Internal audit functions.

   Management will have to coordinate with third parties, including their
    external auditor and providers of outsourced services (i.e.: ADP Payroll,
    General Ledger Accounting Packages)
   Although the task for compliance with the Sarbanes Oxley Act will be a
    large endeavor during the first year, you will have to comply annually.
Contact Information

Gary Berrigan

sideLook Consulting, LLC
Telephone: 212-904-0153

To top