@import url("https://acslive.com/arlo.css");

internal controls cpe conference 2016

, , , , , ,

Sarbanes-Oxley Update 2016: Past Issues and Emerging Trends

0 2.2k

From October 2015 Conference at Marriott Tysons Corner

Led by Deloitte’s Wei Sheng, Antionio Farias and Ryan Gulino

See upcoming conference dates – including 2016 SOX event details: 2016 Schedule

 

The Deloitte team led off the discussion with a summary of the 2013 COSO Framework – the components and principles including the key areas of focus (Risk assessment concepts, outsourced service providers, information technology).  They also discussed who actually implemented the new framework: as of April 2015, 75% of companies with public filings had used the framework.

Deloitte was hearing the following implementation challenges from the marketplace:

−Effective evaluation of design for internal controls, including entity-level controls

−Demonstrating an effective ethics program

−Maintaining an effective risk assessment process that considers risks to financial reporting, fraud risks, and changes to the entity

−Segregation of duties

−Effective design of management review controls

−Internal controls with respect to outsourced service providers (OSPs)

−Information quality and reliance on erroneous data or reports

 

Their response for best practices for these common areas included:

−Effectively evaluate the design of controls considering multiple factors

−Develop a strong tone at the top related to ethics programs, provide code of conduct to both employees and third parties, and monitor violations reported.

−Review and refresh your risk assessment process annually, including financial reporting and fraud considerations, to account for any changes that occurred.

−Establish and test controls that address segregation of duties conflicts, from both a preventive and a detective standpoint, across business and IT.

−Assess the precision of management review controls and certify that such controls have been consistently executed.

−Establish governance & oversight of controls executed by OSPs.

−Design specific controls over data, including non-system-generated reports and data to and from OSPs.

sanfrancisco2_thumb

The team also discussed PCAOB areas of focus and went into the evolution of SOX Compliance.  They described the movement from controls rationalization to controls optimization, check-the-box to meaningful execution, effectiveness to efficiency and risk response to risk identification.

Deloitte closed the presentation with a description of the three lines of defense, third party risk management and cyber risks.

See upcoming conference dates – including 2016 SOX event details: 2016 Schedule