sify sox familiarization

8/14/2019 Sify Sox Familiarization

1/21

PROJECT-SOXPROJECT-SOXCompliance with Sarbanes OxleyCompliance with Sarbanes Oxley

ActAct

Sox Team


2/21

Stakeholders

Ther

eliab

ilityo

nFina

ncialre

porti

ng

Management certification onthe Effectiveness of Internal Controlby assessing the controls (Fraud and Erro

ManagementCertification

Section 302

ManagementAssessment

Section 404

AuditorAttestation

Section 404

SEC requirement

SEC Requirements 302SEC Requirements 302

& 404& 404


3/21

Setting the StageSetting the Stage

Relevant SectionsRelevant Sections

Key Requirements Implication

302 CEO and CFO certification ofperiodic SEC filings

Accuracy issues resulting incriminal prosecution of companyofficers must be identified andremoved

404 CEO and CFO certification ofinternal controls with auditorattestation

Requires ongoing documentation,evaluation and remediation offinancial internal controls

409 Rapid and current basisdisclosure of financial andoperating events

Monitoring, prevention and real-time disclosures of materialchanges must be systematic andongoing

802 Retention and protection ofaudit documents and relatedrecords

Digital vaulting and ready accessto historical records, includingcorrespondence and e-mails must


4/21

Disclosure Controls

and Procedures

Internal Controlsover Financial

Reporting

SOX 302 and 404 -SOX 302 and 404 -

OverviewOverview

Section 302:Quarterly


Section 302:Quarterly


Section 404:Annual

ManagementAssessment

and Auditor

Attestation

Section 404:AnnualManagement

Assessmentand Auditor

Attestation


5/21

Management AssessmentManagement Assessment

- 404- 404

Entity Level Controls / IT Governance

Disclosure Controls

Internal Control over Financial Reporting

Anti Fraud Program

Application Controls ITGC

TopD

own

Ap

RiskBased

COSO COBIT


6/21

Management CertificationManagement Certification

No omission / misrepresentation caused by frauds orerrors

Fair presentation of issuers financial condition withregard to the following:

Completeness

Existence/Occurrence

Allocation/Valuation

Rights & Obligations

Presentation & Disclosure

Statement of responsibility indicating:

Adequate design of disclosure controls

Adequate design of internal controls

Evaluation of effectiveness of disclosure controls

Disclosure of changes to internal controls


7/21

SOX 404 MethodologySOX 404 Methodology

ReportTest and Monitor

Controls

Prepare Documentation

and Evaluate Controls

Scope

the Project

Evaluation Phases:

Managements

Report

on

Internal

Control

Evaluate Overall

Effectiveness,

Identify Matters for

Improvement, and

Establish Monitoring

Systems

Understand and

Evaluate Internal

Controls at the

Process,

Transaction, or

Application

Level

Evaluate

Internal

Control at the

Entity Level

Organize a

Project Team

to Conduct

the

Evaluation

Understand

the Definition

of Internal

Control

Approach:

The definition in theCOSO report is thebest starting pointfor the evaluation.

Select anappropriate teamand establishground rules.

Begin evaluationby consideringinternal control atthe entity level.

This is a comprehensive, time-consuming process ofdocumenting and understandingthe flows of transactions andrelated controls.

Includes management testing

The final step is to make anoverall assessment based onevaluation results.

Develop a monitoringprocess.

Prepare documentation,conduct detailed testing and

correct control deficiencies

Auditors Examination ofManagements Assertion

Organize process, team,project timing

Business Process Controls ReviewBusiness Process Controls ReviewBusiness Process Controls ReviewBusiness Process Controls Review

COSO Considerations:

1.Efficiency / Effectiveness of Operations

2.RELIABILITY OF FINANCIAL REPORTING

3.Compliance with applicable Laws /Regulations

COBIT Considerations:

1.Security

2.RELIABILITY OF DATA

3.Effectiveness/Efficiency


8/21

Key Benefits of EffectiveKey Benefits of Effective

internal control overinternal control over

reportingreporting Improved effectiveness/efficiency

of internal control processes

Better information for investors

Enhanced investor confidence


9/21

What is the flow ???What is the flow ???

Financial ReportingDisclosures

US GAAP Adjustments Indian GAAP

AdjustmentsTrial BalanceGL Closure

Closure of AR,AP,FA Completion - Finance Transaction - Business

Stakeholders


10/21

Steps in Top DownSteps in Top Down

ApproachApproach

Identify, understand and evaluate the design of entity-

wide controls Identify significant accounts and relevant assertions

Identify significant processes & major classes ofTransactions

Identify points at which errors or fraud could occur

Identify controls to test that prevent or detect errors orfraud on a timely basis

Clearly link individual controls with the significantaccounts and assertions to which they relate

Deployment of Resources HIGH RISKAREAS


11/21

Sox universe A birds eyeSox universe A birds eye

viewview

Financial Statements

Significant

Accounts

Management

Assertions

Significant Processes / Sub Processes

Locations

Applications/Transactions

ITGC

SOX

Entity

ITGC

Fraud

Dis

clo

su

re


12/21

Key Areas for AuditorsKey Areas for Auditors

CertificationCertification

Entity Level Controls & Disclosure

Controls Finance Closure Process

Accounting Estimates and Judgments

General Computer Controls


13/21

Entity-wide Controls.AEntity-wide Controls.A

most pervasivemost pervasive Control Environment

Risk Assessment

Information & Communication Monitoring

Control Activities


14/21

Entity Level Controls AuditEntity Level Controls Audit

ProgramProgram Integrity and Ethical Values

Management Commitment to competence An effective Board of Directors

Managements philosophy and operating style

Organizational structure

Assignment of Authority and responsibility

Organization around the Human resource Department Entity Level objectives

Process Level objectives

Risk identification and analysis

Managing change

Quality of Information Effectiveness of communication

Process Controls

Ongoing monitoring activities

Evaluation of internal control system

Reporting Deficiencies


15/21

Anti Fraud Control -Anti Fraud Control -

ProgramProgram Evaluation based on Fraud Indicators

Whistle Blower Policy

Management Responsibilities Audit committee oversight

Internal/External Audit

Code of conduct


16/21

Disclosure controlsDisclosure controls

Controls which ensure the quality andtimeliness of information included in

securities filings

Includes controls over recording, processingand summarization of information disclosed in

filings

Policies to ensure completeness ofinformation are important


17/21

Examples of DisclosureExamples of Disclosure

ControlsControls

Policy

Disclosure Committee

Review of disclosures by: Senior management

Board / Audit Committee

Communications strategy

Requirements strategy

Cascading certification


18/21

Tying IT All TogetherTying IT All Together

ControlEnvironme

ntApplication

Controls

IT General Controls

IT ServicesIT Services OS/Data/Telecom/Continuity/NetworksOS/Data/Telecom/Continuity/Networks

B

usine

ss

Proce

ss

B

usiness

Pro

ce

ss

Fin

ance

Fin

ance

B

usine

ss

Proce

ss

B

usine

ss

Pro

ce

ss

Manu

fa

ct

urin

g

Manu

fa

ct

urin

g

B

usine

ss

Proce

ss

B

usiness

Pro

ce

ss

Lo

gis

tic

s

Lo

gis

tic

s

B

usine

ss

Proce

ss

B

usine

ss

Pro

ce

ss

Et

c.

Et

c.

ExecutiveExecutiveManagementManagement

Source: IT Governance Institute


19/21

IT Control ComponentsIT Control Components

IT Considerationsin ControlEnvironment

Systems planningGovernanceEnterprise policiesOperating style

IT General ControlsSystems Security /AccessChange ManagementSystem DevelopmentComputer Operations

Application Controls

AuthorizationConfiguration / accountmappingException / edit reportsInterface / conversionSystem access

CollaborationInformationSharingCode of ConductFraud Prevention

MANA EMENT FINAL TH U HT


20/21

MANA EMENT FINAL TH U HT

Anti Fraud Assessment

Control Framework

Entity Level Controls

Anti Fraud Assessment

COSO

Process

COBIT

Disclosure ITICOFR - FCP

Financial Statements

Significant

Accounts

Management

Assertions

Significant Processes / Sub Processes

Locations

Applications/Transactions

What Can

Go Wrong?

MitigatingControls

Walkthrough Testing

Control Deficiency

Significant Deficiency

Material Weaknesses

Management Report

SEC Report 20F

Management Report

Qualified Audit ReportClear Audit Report

IT General Controls


21/21

Thank youThank you

sify sox familiarization

Documents