control findingsreporting
Post on 20-Jun-2015
95 Views
Preview:
DESCRIPTION
TRANSCRIPT
Compliance Made Simple
Control Finding & Reporting Deficiencies
Case Studies
Sept. 17, 2014
Presented by:
Sonia Luna
2Compliance Made Simple
Agenda
• COSO– Transition Analysis
(Do’s & Don’ts)– Point of Focus
(POF): Why they matter
• Case Study (Control Findings)– Control Environment– Group Discussion
COSO Transition: Case Studies
• PCAOB –Alert#11– Common Audit
Failures– Level Of Precision– Old Vs. New– Key Report Testing
• Next Steps– COSO Transition Map– Compliance Analysis
• Questions
3Compliance Made Simple
The Cube
COSO Transition: Case Studies
Still the Same only better, more clear and more relevant.
LAYOUT
4Compliance Made Simple
Principles: What “holds” a principle UP!
COSO Transition: Case Studies
Princ
iple
5Compliance Made Simple
Polling Question
COSO Transition: Case Studies
Have you started COSO transition and what %age are you at?
Where am I? %age
A Running to Finish Line 75%
B Getting There 50%
C Formulating a Plan 25%
D Not Started 0%
6Compliance Made Simple
Visualizing Your COSO Transition
COSO Transition: Case Studies
7Compliance Made Simple
Case Study # 1(Volume #3 pg.65- 66)
COSO Transition: Case Studies
Company Background:
– Private Co., retail furniture company (family owned)
– $200MM Rev and exclusively in Western US Sales
– Evaluation of Principle #1
8Compliance Made Simple
Case Study # 1
COSO Transition: Case Studies
• Control FINDINGS– No formal training program to make
employees aware of importance to adherence to standards of conduct.
– No process to evaluate EEs against the published integrity & ethics policy
– Processes to ID & Address Deviations are ad hoc
9Compliance Made Simple
Case Study # 1
COSO Transition: Case Studies
QUESTION: Is this a
• Control Deficiency,
• Significant Def., or
• Major Deficiency?
10Compliance Made Simple
Case Study # 1
COSO Transition: Case Studies
Principle #1
Sets
the
tone
?
Est.
SOC
Eval Adherence?Address
Deviations?
11Compliance Made Simple
Case Study – Group Solution
What should this private company consider as solutions to this MW?
1.
2.
3.
12Compliance Made Simple
Case Study # 2(Another Example: volume #4 page #17 – 18)
COSO Transition: Case Studies
Approach to Establishes Standards of Conduct Company Background:
• One-Way street Co. created in 2008 a code of business conduct & ethical standards which was provided to all employees and significant vendors.
• In 2008, both employees and significant vendors signed an acknowledgement form confirming they read and understood the policy which currently in 2014 is posted on-line via the company sharepoint intrasite available to employees only.
• Annually One-Way Street requires all employees to take live or web ethics training sessions. One-Way Street regularly provides significant suppliers as part of its SLA (Service Level Agreements) a copy of its “Supplier Code of Conduct” as either an appendix to or referenced in each agreement with these suppliers.
13Compliance Made Simple
Case Study # 2
COSO Transition: Case Studies
Control Finding Issues: Group discussion
What could go wrong with this approach One-Way Street?1.2.3.
What audit evidence would you need to review and/or assess? (Next Slide)
14Compliance Made Simple
Case Study # 2Transition Considerations -“Top 3 Audit Evidence Items”
COSO Transition: Case Studies
Item # Evidence FrequencyA/C Approval(yes /no)
1
2
3
15Compliance Made Simple
Group Discussion
COSO Transition: Case Studies
What best practices are working at your organization?
16Compliance Made Simple
Case Study # 3: Risk Assessment
COSO Transition: Case Studies
Group Exercise
• Task: Identify & analyze significant change and resulting new risks to be considered
17Compliance Made Simple
Case Study # 3
COSO Transition: Case Studies
Background:
ABC Inc. became aware of a hurricane approaching at some of its manufacturing locations that had potential to cause significant supply disruptions.
Risk Response:In response, the company immediately established internal working team to assess the risks of such disruption to its manufacturing capabilities, and the risks of its own affected facilities to its overall manufacturing footprint. All significant suppliers were contacted, via phone and email, and asked to assess the potential hurricane disruption to their production abilities. Parts that might be delayed for production and shipping was inventoried by the ABC “internal working team”, and alternative suppliers were identified and contacted. When no alternative suppliers were identified, ABC internal team created a prioritization list of which manufacturing locations should receive the limited number of parts as they became available.
18Compliance Made Simple
Case Study # 3
COSO Transition: Case Studies
Task (5 – 8 minutes)
Identify three new risks that may impact the financial reporting and the Finance & Accounting Team needs to consider.
19Compliance Made Simple
What did this Company do right?1.
2.
3.
4.
20Compliance Made Simple
Group Activity
COSO Transition: Case Studies
Classroom Room work
POF to Approaches Exercise
21Compliance Made Simple
Group Activity
COSO Transition: Case Studies
#2 and #4 Map to the most appropriate Approach(es)
Points of Focus:1. Establishes
Oversight Responsibilities
2. Applies Relevant Expertise
3. Operates Independently
4. Provides Oversight for System of IC
Approaches:a) Establishing Roles, Responsibilities
& Delegation of Authority of the BOD
b) Est. Policies and Practices for meetings btwn BOD & mgmt.
c) ID & reviewing BOD Candidatesd) Reviewing Mgmt’s Assertions &
Judgmentse) Obtain an external viewf) Considering Whistle – blower info
about FS Errors and Irregularities.
22Compliance Made Simple
Group Activity
COSO Transition: Case Studies
#2 and #4 Map to the most appropriate Approach(es)
23Compliance Made Simple
Group Activity
COSO Transition: Case Studies
Control Environment (Pr. #4)
Principle # 4:
Organization Demonstrates commitment to attract, develop and retain competent individuals in alignment with objectives.
Points of Focus:
1. Est. Policies and Practices2. Evaluates competence and
address short comings3. Attracts, develops & retains
individuals4. Plans & Prepares for Succession
24Compliance Made Simple
Group Activity: Control Environment (Pr#4)
COSO Transition: Case Studies
Points of Focus:1. Est. Policies and
Practices2. Evaluates
competence and address short comings
3. Attracts, develops & retains individuals
4. Plans & Prepares for Succession
Approaches:a) Est. required knowledge, skills &
expertiseb) Linking Competence standards to est.
Policies and practices hiring, training and retention decisions
c) ID & Delivering on FR related training as needed
d) Selecting appropriate O/S service providers
e) Evaluating competence and behaviorf) Evaluating the Capacity of Finance
personnelg) Developing alternate candidates for
key financial reporting roles
25Compliance Made Simple
Group Activity
COSO Transition: Case Studies
“Plans & Prepares for Succession”
a) How is succession planning being addressed in your organization? How deep in the organizational chart does COSO want you to evaluate this POF?
b) Is this NOT a COSO 2013 Transition item for your organization and WHY? How would you document this conclusion?
26Compliance Made Simple
Case Study # 4
COSO Transition: Case Studies
Risk Assessment and Control Activities process effectiveness overview:
27Compliance Made Simple
Case study # 4Risk Assessment & Control Activity
COSO Transition: Case Studies
• Company Background:
– Public financial services company– Three divisions A, B and C– Objective Category for COSO framework =
External Financial Reporting
28Compliance Made Simple
Case study # 4Risk Assessment & Control Activity
COSO Transition: Case Studies
• Overview of Assessment of control effectiveness
• Management determined it has some revenue recognition control deficiencies and need to reflect the severity of those deficiencies. One of the revenue streams lacked good controls. They noted deficiencies in one of their up and coming divisions “DIVISION C” but there were NO KNOWN financial statement errors!
• Root case analysis done with conclusion that management failed to implement control activities over the revenue recognition process at Division C, which became a significant part of their overall revenue and growth for the organization.
29Compliance Made Simple
Case studies # 4Risk Assessment & Control Activity
COSO Transition: Case Studies
POLLING QUESTION How bad is it? Was this a
A)Control Deficiency,
B) Significant Deficiency
C) Material Weakness
D) Not a deficiency
30Compliance Made Simple
What Went Wrong with “Division C”?
1. Who should have sound the alarm?
2. When should it have been 3. What improvements should
be implemented to prevent this from happening
4. Who does this get reported to?
31Compliance Made Simple
Answers Listed:
1.Alarm:2.When/Timing:3.Improvements
A. B.
4.Reporting:
32Compliance Made Simple
Polling Q: Control Def. Policy (Group)
• Who has one?• When was it last updated?• When bad “stuff” happens
how does it get reported?
33Compliance Made Simple COSO Transition: Case Studies
Internal Control FINDINGS! New PCAOB Auditing BAR!
34Compliance Made Simple COSO Transition: Case Studies
• Caused audit procedure layering
• More in-depth written description of estimates and use of judgment, especially review controls
• Detailed documentation and testing of system reports utilized in performance of controls.
What’s Different?
35Compliance Made Simple COSO Transition: Case Studies
Common Audit failures
Source: PCAOB Audit Alert #11 (Oct. 2013)
36Compliance Made Simple COSO Transition: Case Studies
Closing The Books
Source: PCAOB Audit Alert #11 (Oct. 2013)
37Compliance Made Simple COSO Transition: Case Studies
Closing The Books [Contd.]
Source: PCAOB Audit Alert #11 (Oct. 2013)
38Compliance Made Simple COSO Transition: Case Studies
Level of precision in Plain English?
• How detailed is management’s review of journal entries?
• Document your thought process– Dollar Threshold– Percentage of Revenue– Geographic Location– Lines of Business– Other Risk Factors– Timing
39Compliance Made Simple
Good isn’t good enoughgood v. NEW PCAOB control Language
COSO Transition: Case Studies
Older Language (“OK”)
Quarterly, Controller reviews the AR allowance for adequacy and reasonableness of reserve amounts by initialing and dating the “AR reserve” analysis.
Audit Controller initials & Match Total $ = DONE!
40Compliance Made Simple
NEW PCAOB control Language“new standards for control language”
COSO Transition: Case Studies
Older Language (“OK”)
Quarterly, Controller reviews the AR allowance for adequacy and reasonableness of reserve amounts by initialing and dating the “AR reserve” analysis.
Updated Control (“Better”)
Quarterly, Controller reviews AR balances of significant customers with o/s balances greater than $10K and 5% of AR balance and those under that threshold by customer type (e.g. geographical location, types of orders, etc.), to review the AR allowance for accuracy and completeness. Adjustments, if needed, are sent via email to the AR manager, final review of the AR reserve analysis is initialed and dated by the Controller which agrees to the final g/l balance for the period.
41Compliance Made Simple
So what happens in testing?
COSO Transition: Case Studies
BEFOREReview
initials – DONE!
#1 - Initials
#2 - AR Threshold Analysis (completeness/accuracy)
#3 - AR Emails w/follow-up interview documentation
Laye
red
testi
ng
42Compliance Made Simple
Documentation in Excel
COSO Transition: Case Studies
Accounts Receivable Aging
Last Payment Current Past DueCUSTOMER Date Amount 0-30 31-60 61-90 91-119 120-150 150+ Total DueLoyal Customer December 1, 2013 $10,000 $214,000 $245,000 $288,000 $747,000
New Customer - Russia September 1, 2013 $53,000 $101,000 $130,000 $0 $445,000 $676,000
Trying Things Out Customer January 12, 2014 $76,000 $95,000 $279,000 $131,000 $505,000
Not so new Customer February 1, 2014 $46,000 $284,000 $116,000 $400,000
TOTALS $379,000 $594,000 $491,000 $131,000 $288,000 $445,000 $2,328,000
Allowance Analysis New Customer - Russia $0 $101,000 $130,000 $0 $0 $445,000 $676,000
Trying Things Out Customer $126,250Grand Total of Allowance to A/R $802,250
Current G/L Balance $500,000Adjusting Journal Entry (Inc)/Dec ($302,250)
/s/ Susie Smith 4/5/2014Prepared by: Date
/s/ Arnold Jones 4/15/2014Prepared by: Date
Monday, March 31, 2014
Review Signatures “Old School Auditing”
43Compliance Made Simple
Documentation in Excel
COSO Transition: Case Studies
Accounts Receivable Aging
Last Payment Current Past DueCUSTOMER Date Amount 0-30 31-60 61-90 91-119 120-150 150+ Total DueLoyal Customer December 1, 2013 $10,000 $0 $214,000 $245,000 $288,000 $747,000
New Customer - Russia September 1, 2013 $53,000 $0 $101,000 $130,000 $0 $0 $445,000 $676,000
Trying Things Out Customer January 12, 2014 $76,000 $95,000 $279,000 $0 $131,000 $0 $0 $505,000
Not so new Customer February 1, 2014 $46,000 $284,000 $0 $116,000 $0 $0 $0 $400,000
TOTALS $379,000 $594,000 $491,000 $131,000 $288,000 $445,000 $2,328,000
Allowance Analysis New Customer - Russia $0 $101,000 $130,000 $0 $0 $445,000 $676,000
Trying Things Out Customer $126,250Grand Total of Allowance to A/R $802,250
Current G/L Balance $500,000Adjusting Journal Entry (Inc)/Dec ($302,250)
/s/ Susie Smith 4/5/2014Prepared by: Date
/s/ Arnold Jones 4/15/2014Prepared by: Date
Monday, March 31, 2014
Russia Allowance supporting documents:1) AR Client detail report (a)2) Client Invoice Analysis report by product type (a)3) Payment history - client detail report (a)4) Email communication w/Dir. of Rev5) Email communication w/Dir. of Sales6) Confirmation email of AJE by COO and CEO (specifying Russia)
(a) - Part of Management Key report testing (page # 27 of PCAOB audit alert #11)
44Compliance Made Simple
Remember what key report testing!
COSO Transition: Case Studies
45Compliance Made Simple
Audit Alert #11 (extract pg#20)
COSO Transition: Case Studies
46Compliance Made Simple
COSO TRANSITION RESOURCES
COSO Transition: Case Studies
47Compliance Made Simple
COSO transition Mapping Template
COSO Transition: Case Studies
avivaspectrum.com/blog
48Compliance Made Simple
Next Steps
COSO Transition: Case Studies
Initial Intake
Analysis & Benchmarking CCA Report
The Process
49Compliance Made Simple
Our Control Compliance Analysis (“CCA”)
COSO Transition: Case Studies
COSO Transition
• Top Transition Failures (Case Studies)
• Audit Evidence required• Priority Driven by
Principles
PCAOB, IIA & SEC Guidance
• Latest PCAOB Internal Control Standards
• IIA Incorporated Top 7 IC Failures
• SEC Guidance for Mgmt on Internal Controls
50Compliance Made Simple
Control Compliance Analysis
COSO Transition: Case Studies
Join Our LinkedIn GroupCOSO Framework Discussion & Webinars
http://www.linkedin.com/groups/2013-COSO-Implementation-4888186/about
Technical Community sharing Ideas ,Templates, WEBINARS, Advise and Learn from others implementing new framework.
JOIN Today!
51Compliance Made Simple
Questions?
COSO Transition: Case Studies
Sonia Luna- President, CEOAviva Spectrumwww.linkedin.com/in/sonialuna www.slideshare.net/soxppt www.avivaspectrum.com/podcasts
52Compliance Made Simple
Case Study # 2Suggested Audit Evidence
COSO Transition: Case Studies
Audit evidence considerations:1. Code of Conduct (“COC”)2. Supplier COC 3. Accessibility to COC4. SLA inventory5. Definition and confirmation of significant vendors (in
Policy/Procedure document)6. Training $$$$ spent/budgeted7. Training Policy/Procedures8. Certificate of Completion (Training) or Attendance Records9. Legal Policy/Procedure document for suppliers master services
agreements (Is legal informed of this requirement and are they executing this per Company policy of Significant Vendors)
53Compliance Made Simple
Case Study # 3
COSO Transition: Case Studies
Some of the new risk areas to consider could be:
1. Potential penalties contained within various sales contracts
2. Inventory Obsolescence 3. Impact from delays in supply of parts4. Insurance claims & potential losses5. Incremental risks from required system &
process changes
Consider: Audit Evidence Required to Mitigate the Risk.
54Compliance Made Simple
Case Study # 4 - ANSWERRisk Assessment & Control Activity
COSO Transition: Case Studies
What COSO has to say:
A related weakness was noted in Principle #9 “Identifies & Analyzes Significant Change”, because the company never adopted key controls over this Division C that was growing rapidly and Corporate office assumed it was doing what they expected. The conclusion was a:
MATERIAL WEAKNESS for :Principle #10 “Selects and Develops Control Activities” andPrinciple #9 “ID & Analyzes Significant Change”
top related