NAIC Insurer
Financial Reports Rules
Cost Advisors’ Background
 Founded in 1999
 Focus on Financial Risk Management, Fraud and
 Recovery
 Developed SarbOxPro® ...
Bill Douglas’ Background
 Principal of Cost Advisors, Inc.
 29 years’ experience
    Management positions in Accounting, I...
Agenda
 SOX vs. Insurer Financial Reports Rules
 NAIC Project Framework
    Governance
    Assessment
    Prevention
    D...
Applicability of Insurer Financial
Reports Rules
 Over $500M in premiums
 Audits of the year beginning January 1, 2010
 Ca...
Sarbanes-Oxley Act of 2002
  Contents
The Act is comprised of 11 Titles:
        Title I – Public Company Accounting Overs...
SEC vs. PCAOB




       External   Public Co.
       Auditor     (Insurer)




                                          ...
Rulemaking & Oversight
                                                 Risk-Focused
                                     ...
SOX 404 vs. Insurer Financial Reports Rules

SOX 404                                 Insurer Financial Reports Rules
     ...
SOX 404 vs. Insurer Financial Reports Rules
Page 1 of 2

                            SOX                        Insurer Fi...
SOX 404 vs. Insurer Financial Reports Rules
Page 2 of 2

                           SOX                      Insurer Fin. ...
SOX 404 vs. Insurer Financial Reports Rules

            Auditor                            Auditor
            Attest    ...
Sarbanes-Oxley Section 404
COSO Objectives vs. Section 404

                                      Section 404
            ...
Insurer Financial Reports Rules
CEO and CFO Statement

  Management is responsible for internal control
  Management has e...
Agenda
 SOX vs. Insurer Financial Reports Rules
 NAIC Project Framework
    Governance
    Assessment
    Prevention
    D...
• Deficiency Evaluation
                                                                             • Entity-Level Contro...
Agenda
 SOX vs. Insurer Financial Reports Rules
 NAIC Project Framework
    Governance
    Assessment
    Prevention
    D...
The ‘Wedding Cake’


           Business          Flowcharts, Risk & Control Matrices
           Processes
               ...
Governance
 Integrity & ethics                        HR Policies
      Business Practices                        Hiring G...
Agenda
 SOX vs. Insurer Financial Reports Rules
 NAIC Project Framework
    Governance
    Assessment
    Prevention
    D...
Processes vs. Risks




                                                                21
                      © 2008 Co...
Assessment
Identifying Process Population

                    Other Companies
                      • Company X
         ...
Causes of Inherent PROCESS risk
 Size of account (materiality)
 Susceptibility to errors or fraud
 Complex accounting (GAA...
Risk of CONTROL Failure
 The nature and materiality of misstatements that the control is intended to prevent or
 detect;
 ...
Risk-Based Approach to Testing




                                        Continued below




Free download at: www.sarbo...
Risk Assessment (Heat Sheet)

                   High



                                                   More
         ...
Reliance on Controls


                    Can rely



                                Financial
                         ...
Assessing Risk in Segregation of Duties
(SOD)
Risk Assessment
Segregation of Duties
SOD Matrix (Good Approach)

             Authorize   Record Custody Control Function...
Risk Assessment
Segregation of Duties
Export System Access data and combine with Manual Activities
(Best Approach)



    ...
Agenda
 SOX vs. Insurer Financial Reports Rules
 NAIC Project Framework
    Governance
    Assessment
    Prevention
    D...
Real ‘Swimlane’ Flowchart
AP System
  GL System




              Controls


                                             ...
Sarbanes-Oxley Testing Training
  Risk & Control Matrix




                        Control Description                   ...
Agenda
 SOX vs. Insurer Financial Reports Rules
 NAIC Project Framework
    Governance
    Assessment
    Prevention
    D...
Detection
 Purpose is to evaluate control operation
 Purpose not to detect fraud
 Purpose not to detect financial misstate...
Control Frequencies
          Control Frequency                 Examples

More than Daily (Large Pop.)   Vendor Invoicing
...
Control Frequencies/Sample Sizes




                                                                       37
           ...
Example Test Plan




                                       Test attributes

   Sample
identification




               ...
What is a walkthrough?
 Physical “walk-through” the documented process from beginning to
 end with the Control Owner.
 Obs...
Agenda
 SOX vs. Insurer Financial Reports Rules
 NAIC Project Framework
    Governance
    Assessment
    Prevention
    D...
Gaps & Deficiencies
 3 levels of identified gaps: deficiencies, significant deficiencies and
 material weaknesses
 Gaps ma...
Top 10 Material Weaknesses
 (for all public companies)

    1.    Poor accounting documentation
    2.    External auditor...
Managing Gaps (Deficiencies)

 Keep a list of all gaps
    Design Gaps from Documentation
    Testing Failures
 Prioritize...
Test Failure Form

Four Sections:
1. Tester’s Reason for Failing
2. Manager’s Evaluation
3. Process Owner’s Remediation
4....
Agenda
 SOX vs. Insurer Financial Reports Rules
 NAIC Project Framework
    Governance
    Assessment
    Prevention
    D...
If you only use Excel, Word, Visio…




                                                                        46
       ...
Software Tool Alternatives

                                                Desktop
                                      ...
Agenda
 Reasons for SOX
    COSO Study
    Scandals in 2000
    ACFE Report to the Nation


 How SOX tackles fraud
    Gov...
Takeaways
 SOX and the NAIC Financial rules use a similar
 framework
 Include only relevant processes
 Use a risk-based as...
SOX Resources
(most relevant in red)

          SEC                           PCAOB                               COSO    ...
Resources
COSO Small Business Guidance



                      Internal Control over Financial Reporting –
              ...
Resources – IT General Controls




    CobiT          IT Control        COSO
                 Objectives for    (Small Bu...
For More Information
Bill Douglas CPA CIA CFE PI
Main: 503-646-3500
bill.douglas@costadvisors.com

Molly Remington, Busine...
Upcoming SlideShare
Loading in...5
×

NAIC Insurer Financial Reports Rules

799

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
799
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

NAIC Insurer Financial Reports Rules

  1. 1. NAIC Insurer Financial Reports Rules
  2. 2. Cost Advisors’ Background Founded in 1999 Focus on Financial Risk Management, Fraud and Recovery Developed SarbOxPro® software www.sarboxpro.com 2 © 2008 Cost Advisors, Inc. All rights reserved.
  3. 3. Bill Douglas’ Background Principal of Cost Advisors, Inc. 29 years’ experience Management positions in Accounting, IT Systems CFO, IPO, 'Big 4' public accounting, business processes, internal controls, fraud, internal auditing, Sarbanes-Oxley (SOX) Project management at both large and small public companies Published SOX Illustrated – a 200 page book on SOX Published Guide for managing Sarbanes-Oxley projects in the Internal Auditor magazine Instructor for Oregon Society of CPAs Credentials: Certified Public Accountant (CPA) Certified Internal Auditor (CIA) Certified Fraud Examiner (CFE) Licensed Private Investigator (PI) in Oregon 3 © 2008 Cost Advisors, Inc. All rights reserved.
  4. 4. Agenda SOX vs. Insurer Financial Reports Rules NAIC Project Framework Governance Assessment Prevention Detection Reporting & Correction Correction Governance Software tools available Takeaways & resources Detection Assessment Prevention 4 © 2008 Cost Advisors, Inc. All rights reserved.
  5. 5. Applicability of Insurer Financial Reports Rules Over $500M in premiums Audits of the year beginning January 1, 2010 Can use SOX 404 report instead > $500M SOX 404 Insurance 5 © 2008 Cost Advisors, Inc. All rights reserved.
  6. 6. Sarbanes-Oxley Act of 2002 Contents The Act is comprised of 11 Titles: Title I – Public Company Accounting Oversight Board (PCAOB) Establishment, Auditing and Accounting Standards Title II – Auditor Independence Sets forth required actions by external auditors and audit committee Title III – Corporate Responsibility Requires CEOs and CFOs to certify quarterly and annual reports to the SEC (Section 302) SECTION 302:Financial Disclosures RESPONSIBILITY FOR FINANCIAL REPORTS Title IV – Enhanced CORPORATE Additional and accelerated disclosure requirements SECTION 404: MANAGEMENT ASSESSMENT OF INTERNAL CONTROLS Title V – Analyst Conflicts of Interest Title VI – Commission Resources and Authority SECTION 404: MANAGEMENT ASSESSMENT OF INTERNAL CONTROLS Authorizations, qualifications Title VII – Studies and Reports Credit ratings, violators, etc Title VIII – Corporate and Criminal Fraud Accountability Has the biggest impact Provides tougher criminal penalties for defrauding shareholder, altering docs, etc on public companies Title IX – White-Collar Crime Penalty Enhancements Enhanced penalties for certain white-collar crimes (i.e., mail/wire fraud) Title X – Corporate Tax Returns Title XI – Corporate Fraud and Accountability Fines or imprisonment with regards to certain other matters involving corporate fraud 6 © 2008 Cost Advisors, Inc. All rights reserved.
  7. 7. SEC vs. PCAOB External Public Co. Auditor (Insurer) 7 © 2008 Cost Advisors, Inc. All rights reserved.
  8. 8. Rulemaking & Oversight Risk-Focused Surveillance Framework Financial Condition Examiners Handbook SAS 104 – 111 Accounting ‘Risk-Based Practices and Standards’ Procedures Manual Insurer Financial Reports Rules External Insurer Examiner Auditor 8 © 2008 Cost Advisors, Inc. All rights reserved.
  9. 9. SOX 404 vs. Insurer Financial Reports Rules SOX 404 Insurer Financial Reports Rules ick’ if er ICFR= Internal Controls over Financial Reporting Scope: Detailed, accurate records to reflect transactions and dispositions •Ditto Transactions roll up to Financial Statements which comply with GAAP •Ditto Management has authorized receipts and expenditures Prevent or Detect •Ditto unauthorized acquisition, use or disposition – IF •Ditto MATERIAL 9 © 2008 Cost Advisors, Inc. All rights reserved.
  10. 10. SOX 404 vs. Insurer Financial Reports Rules Page 1 of 2 SOX Insurer Fin. Rept. Rules Audit Committee Yes – with one Financial Yes – with independence Expert rules Audit Required Yes Yes Designation of CPA Yes to SEC – when Yes - to Insurance Dept changed of State with letter from CPA Audit Partner Rotation Yes Yes CPA barred from non- Yes – except tax prep or Yes – audit services other approved by Board • except if premiums < $100M with waiver • except tax prep or other approved by Board • Except if < 5% CPA manager & partner Yes Yes can’t be hired for 1 year 10 © 2008 Cost Advisors, Inc. All rights reserved.
  11. 11. SOX 404 vs. Insurer Financial Reports Rules Page 2 of 2 SOX Insurer Fin. Rept. Rules CPA studies controls Yes Yes Adverse Condition Notice As audit opinion only Yes- to Director in 5 days Material Weaknesses In Management's Report Tell Director 60 days after audit Significant Deficiencies Tell Audit Committee Hold for Examiners Accountant's Letter of No Yes to Insurer Qualifications Accountant’s workpapers No Hold for Examiners Management’s report on Yes – documentation & Yes – Some Controls testing documentation & diligent inquiry 11 © 2008 Cost Advisors, Inc. All rights reserved.
  12. 12. SOX 404 vs. Insurer Financial Reports Rules Auditor Auditor Attest Consideration Management Management Assertion Assertion Documentation & Documentation & Testing Diligent Inquiry* Internal Control Framework (COSO) NAIC Rules with any framework * No special documentation necessary. ‘Diligent Inquiry’ includes review, monitoring and testing in the normal course of business. 12 © 2008 Cost Advisors, Inc. All rights reserved.
  13. 13. Sarbanes-Oxley Section 404 COSO Objectives vs. Section 404 Section 404 Scope Financial Reporting Laws & Operations Regulations 13 © 2008 Cost Advisors, Inc. All rights reserved.
  14. 14. Insurer Financial Reports Rules CEO and CFO Statement Management is responsible for internal control Management has established internal control and its internal controls are effective No Material Weaknesses The approach and scope management used Effectiveness Unremediated material weaknesses from prior year 14 © 2008 Cost Advisors, Inc. All rights reserved.
  15. 15. Agenda SOX vs. Insurer Financial Reports Rules NAIC Project Framework Governance Assessment Prevention Detection Reporting & Correction Correction Governance Software tools available Takeaways & resources Detection Assessment Prevention 15 © 2008 Cost Advisors, Inc. All rights reserved.
  16. 16. • Deficiency Evaluation • Entity-Level Controls • Deficiency Remediation • Tone-at-the-Top • Mgt/Board Reporting Correction Governance Risk-based Framework Detection Assessment • Process flowcharts & narratives • Process Controls Testing • Risk Identification • IT Testing • Risk Evaluation • 3rd Party controls (SAS70) • Segregation of Duties analysis Prevention • Process Improvement • Internal Controls 16 16 © 2008 Cost Advisors, Inc. All rights reserved.
  17. 17. Agenda SOX vs. Insurer Financial Reports Rules NAIC Project Framework Governance Assessment Prevention Detection Reporting & Correction Correction Governance Software tools available Takeaways & resources Detection Assessment Prevention 17 © 2008 Cost Advisors, Inc. All rights reserved.
  18. 18. The ‘Wedding Cake’ Business Flowcharts, Risk & Control Matrices Processes Testing Coordinated with IT Applications Application Superusers Data Centers, Operating Systems, IT Infrastructure Networks (IT General Controls) ‘Tone at the Top’, Governance Company-Level Controls 18 © 2008 Cost Advisors, Inc. All rights reserved.
  19. 19. Governance Integrity & ethics HR Policies Business Practices Hiring Guidelines & Procedures New Employee Orientation HR Policies Background Checks Whistleblower procedures Performance Evaluation process Risk Assessment SOX Process Documentation Board of Directors Business Plans Minutes Info & Communication Governance Guidelines IT General Controls Audit Committee Charter Division Reviews Compensation Committee Charter Accounting & Finance Meetings Operating Style Monitoring Risk Analysis Internal Audit function Employee Turnover IRS audits Financial Manager Code of Ethics Regulatory Audits Travel to subs SEC comments SOX Steering Committee Management Incentives Recognition Awards Organizational Structure Org Charts Job Descriptions & Classifications 19 © 2008 Cost Advisors, Inc. All rights reserved.
  20. 20. Agenda SOX vs. Insurer Financial Reports Rules NAIC Project Framework Governance Assessment Prevention Detection Reporting & Correction Correction Governance Software tools available Takeaways & resources Detection Assessment Prevention 20 © 2008 Cost Advisors, Inc. All rights reserved.
  21. 21. Processes vs. Risks 21 © 2008 Cost Advisors, Inc. All rights reserved.
  22. 22. Assessment Identifying Process Population Other Companies • Company X • Company Y • Company Z Process List Process List Process List Finance Process Company Owner Financial Statements Validation and Disclosures (account mapping) 22 © 2008 Cost Advisors, Inc. All rights reserved.
  23. 23. Causes of Inherent PROCESS risk Size of account (materiality) Susceptibility to errors or fraud Complex accounting (GAAP) Subjectivity, estimates, judgment Transaction complexity Lack of automation Recent changes Contingent Liabilities Related-Party transactions Subject to environmental factors, such as technological and/or economic developments 23 © 2008 Cost Advisors, Inc. All rights reserved.
  24. 24. Risk of CONTROL Failure The nature and materiality of misstatements that the control is intended to prevent or detect; The risk of management override; Whether there have been changes in the volume or nature of transactions that might adversely affect control design or operating effectiveness; Whether the control has a history of errors; The effectiveness of entity-level controls, especially controls that monitor other controls; The degree to which the control relies on the effectiveness of other controls (e.g., the control environment or information technology general controls); The competence of the personnel who perform the control or monitor its performance and whether there have been changes in key personnel who perform the control or monitor its performance; Whether the control relies on performance by an individual or is automated (i.e., an automated control would generally be expected to be lower risk if relevant information technology general controls are effective); The complexity of the control. 24 © 2008 Cost Advisors, Inc. All rights reserved.
  25. 25. Risk-Based Approach to Testing Continued below Free download at: www.sarboxpro.com 25 © 2008 Cost Advisors, Inc. All rights reserved.
  26. 26. Risk Assessment (Heat Sheet) High More Evidence Inherent Risk Medium Less Evidence Low Medium High Risk of Control Failure Source: MANAGEMENT’S REPORT ON INTERNAL CONTROL OVER FINANCIAL REPORTING, SEC, December 20, 2006 26 © 2008 Cost Advisors, Inc. All rights reserved.
  27. 27. Reliance on Controls Can rely Financial Statements Controls Cannot rely 27 © 2008 Cost Advisors, Inc. All rights reserved.
  28. 28. Assessing Risk in Segregation of Duties (SOD)
  29. 29. Risk Assessment Segregation of Duties SOD Matrix (Good Approach) Authorize Record Custody Control Function Name Here Name Here Name Here Name Here Name Here Name Here Name Here Name Here Name Here Investigate Further Issue - Over-reliance on process owner representations 29 © 2008 Cost Advisors, Inc. All rights reserved.
  30. 30. Risk Assessment Segregation of Duties Export System Access data and combine with Manual Activities (Best Approach) System Access IT System Report List of Excel or Conflict Reports Manual Access Activities 30 © 2008 Cost Advisors, Inc. All rights reserved.
  31. 31. Agenda SOX vs. Insurer Financial Reports Rules NAIC Project Framework Governance Assessment Prevention Detection Reporting & Correction Correction Governance Software tools available Takeaways & resources Detection Assessment Prevention 31 © 2008 Cost Advisors, Inc. All rights reserved.
  32. 32. Real ‘Swimlane’ Flowchart AP System GL System Controls 32 © 2008 Cost Advisors, Inc. All rights reserved.
  33. 33. Sarbanes-Oxley Testing Training Risk & Control Matrix Control Description Control Frequency Control Owner Accounts Payable verifies that all invoices from new vendors are approved for validity prior to adding the vendor to the vendor Many X / Day Accounts Payable master file. Authorized Signers are CEO, CFO, CAO, CLO Check signers verify the invoice is valid, and the check amount and Many X / Day Controller, Cashier, SVP/Operations, or GL coding are accurate prior to signing the check. Human Resources Officer. 33 © 2008 Cost Advisors, Inc. All rights reserved.
  34. 34. Agenda SOX vs. Insurer Financial Reports Rules NAIC Project Framework Governance Assessment Prevention Detection Reporting & Correction Correction Governance Software tools available Takeaways & resources Detection Assessment Prevention 34 © 2008 Cost Advisors, Inc. All rights reserved.
  35. 35. Detection Purpose is to evaluate control operation Purpose not to detect fraud Purpose not to detect financial misstatements 35 © 2008 Cost Advisors, Inc. All rights reserved.
  36. 36. Control Frequencies Control Frequency Examples More than Daily (Large Pop.) Vendor Invoicing Daily Sub-ledger distribution Monthly Account reconciliations Quarterly Reserve Adjustments Semiannual SAS-70 System / Annual 10K Report 36 © 2008 Cost Advisors, Inc. All rights reserved.
  37. 37. Control Frequencies/Sample Sizes 37 © 2008 Cost Advisors, Inc. All rights reserved.
  38. 38. Example Test Plan Test attributes Sample identification 38 © 2008 Cost Advisors, Inc. All rights reserved.
  39. 39. What is a walkthrough? Physical “walk-through” the documented process from beginning to end with the Control Owner. Observe the steps and controls in the process. Mark hardcopy documentation with discrepancies. Observe Physical security. Confirm employee’s understanding of controls and the timeliness of performance. Confirm what happens (per documentation) when there is an error. Identify recent changes in the process. Note un-identified risks or controls that are ineffective. Obtain copies of testable documents and screen shots that show the documented process. 39 © 2008 Cost Advisors, Inc. All rights reserved.
  40. 40. Agenda SOX vs. Insurer Financial Reports Rules NAIC Project Framework Governance Assessment Prevention Detection Reporting & Correction Correction Governance Software tools available Takeaways & resources Detection Assessment Prevention 40 © 2008 Cost Advisors, Inc. All rights reserved.
  41. 41. Gaps & Deficiencies 3 levels of identified gaps: deficiencies, significant deficiencies and material weaknesses Gaps may be identified during documentation, internal testing or auditor testing Judgmental materiality Material Weakness Disclose to Shareholders via Management’s Letter Reasonably Possible Control Deficiency (least severe) Reportable in writing to management by auditors Remote Inconsequential Merits Attention Material 41 © 2008 Cost Advisors, Inc. All rights reserved.
  42. 42. Top 10 Material Weaknesses (for all public companies) 1. Poor accounting documentation 2. External auditor adjustments 3. Lack of training, competency of accounting people 4. Poor account reconciliations 5. Restatements 6. Poor controls over non-routine transactions 7. IT Access and security 8. Poor JE controls 9. Poor control design and segregation of duties 10. Issues with top management and tone at the top Data provided by Audit Analytics. 42 © 2008 Cost Advisors, Inc. All rights reserved.
  43. 43. Managing Gaps (Deficiencies) Keep a list of all gaps Design Gaps from Documentation Testing Failures Prioritize gaps by: Risk of failure and Financial statement impact Aggregation of gaps in Financial Statements (Cycles) 43 © 2008 Cost Advisors, Inc. All rights reserved.
  44. 44. Test Failure Form Four Sections: 1. Tester’s Reason for Failing 2. Manager’s Evaluation 3. Process Owner’s Remediation 4. Evaluation Team Sign Off 44 © 2008 Cost Advisors, Inc. All rights reserved.
  45. 45. Agenda SOX vs. Insurer Financial Reports Rules NAIC Project Framework Governance Assessment Prevention Detection Reporting & Correction Correction Governance Software tools available Takeaways & resources Detection Assessment Prevention 45 © 2008 Cost Advisors, Inc. All rights reserved.
  46. 46. If you only use Excel, Word, Visio… 46 © 2008 Cost Advisors, Inc. All rights reserved.
  47. 47. Software Tool Alternatives Desktop Excel Database Web-Based Share controls and tests between √ √ documenters Ensure pre-defined and uniform √ √ data capture Run consolidated reports for all √ √ documenters Easy to setup √ √ Custom reports in Excel √ √ maybe Responsive (no latency) √ √ Low Cost √ √ E-Mail notification √ # Simultaneous users 1 about 5 dozens Download a free copy of our desktop tool at www.sarboxpro.com 47 © 2008 Cost Advisors, Inc. All rights reserved.
  48. 48. Agenda Reasons for SOX COSO Study Scandals in 2000 ACFE Report to the Nation How SOX tackles fraud Governance Assessment Prevention Detection Reporting & Correction Takeaways & resources 48 © 2008 Cost Advisors, Inc. All rights reserved.
  49. 49. Takeaways SOX and the NAIC Financial rules use a similar framework Include only relevant processes Use a risk-based assessment Document controls preventing risks Test for control operation, not fraud occurrence Document how you established that controls work Well performed tests will save examiners’ time Control deficiencies should be evaluated & reported 49 © 2008 Cost Advisors, Inc. All rights reserved.
  50. 50. SOX Resources (most relevant in red) SEC PCAOB COSO AICPA 1977 - Foreign Corrupt 1992 - Internal Control Practices Act (Have good Framework controls) 1996 – Addendum to address Safeguarding of Assets June 5, 2003 - Rules March 9, 2004 - Auditing December 2004 – Evaluating implementing Section 404 (Use Standard #2 Auditing Internal Deficiencies (aka – The a framework like COSO) Control Concluding Framework) May 16, 2005 - Staff Guidance May 16, 2005 - Increase (Management is responsible) Efficiency of Audits (Top down, Risk-based, Integrated audit) April 23, 2006 – Advisory SAS 99 Consideration of Fraud Committee for Small in a Financial Statement Audit Companies (exempt most) April 2006 – Govt. July 11, 2006 - Guidance for March 2006 – SAS 104-111 Accountability Office Smaller Public Companies (Risk Standards), effective for (Management needs more 2007 audits guidance) June 20, 2007 – New Guidance July 25, 2007 –Auditing corresponding to AS #5 Standard (AS) #5 June 20, 2008 extend auditor October 17, 2007 – Proposed attestation for non-accelerated Guidance for Auditors of filers until 2009 (and begin a Smaller Public Companies small business cost study) October 21, 2008 – Proposed July 4, 2008 – Monitoring New Auditing Standards Internal Control (Draft) Related to the Auditor's Assessment of Risk 50 © 2008 Cost Advisors, Inc. All rights reserved.
  51. 51. Resources COSO Small Business Guidance Internal Control over Financial Reporting – Guidance for Smaller Public Companies $65 Paperback (3 volumes) $50 PDF (3 PDF, 1 Word) www.cpa2biz.com 51 © 2008 Cost Advisors, Inc. All rights reserved.
  52. 52. Resources – IT General Controls CobiT IT Control COSO Objectives for (Small Business) SOX 34 Objectives 12 Objectives 10 Objectives 52 © 2008 Cost Advisors, Inc. All rights reserved.
  53. 53. For More Information Bill Douglas CPA CIA CFE PI Main: 503-646-3500 bill.douglas@costadvisors.com Molly Remington, Business Development Mgr. Main: 503-646-3500 molly.remington@costadvisors.com Free software downloads: www.sarboxpro.com Company information: www.costadvisors.com 53 US-5-1208-IC © 2008 Cost Advisors, Inc. All rights reserved.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×