SAN JOSE STATE SPARTANS WHO am I and WHY?

  • 120 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
120
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1.
    • SAN JOSE STATE SPARTANS
  • 2. WHO am I and WHY?
    • Doug Younce
    • CFO of New York Transit, Inc.
    • Friend of Pat Kwan (a NYT “advisor”)
    • NYT, a growing company with
    • MIS/I.S. challenges
    • Share some experiences & observations
    • Q & A
  • 3. NEW YORK TRANSIT, INC . COMPANY BACKGROUND
    • Middle Market - $100 mil
    • Privately owned
    • Wholesale women’s footwear
    • Founded in 1984
    • 110 employees
    • Import from China
    • Sell to dept stores & independents (boutiques)
    • Highly competitive, 4 seasons, environment
  • 4. You may ask yourself, WHY SHOULD I CARE?
    • My understanding is that this class is a mixed bag of business related majors; not necessarily computer science majors
    • ALL companies face Information Technology issues & challenges, and ……… they never end
      • Internal needs for better, more timely information
      • Competition never stands still
      • Customer demands
      • Outside influences such as SOX
    • “ All” means every size and every industry and every family
    • Oh, and you will be tested on today’s information
  • 5. NYT’s EXPERIENCE - STRUCTURE & PURPOSE
    • 2000/2001 DP Steering Committee
      • Composition: Finance, Ops & I.S.
      • Purpose: Determine what we needed to do in IT area to
        • Support Growth
        • Enhance effectiveness of internal MIS
        • Reduce dependency on highly tailored systems and their authors
        • Meet or Exceed Customer Expectations
  • 6. NYT’s EXPERIENCE - WHAT WE WERE WORKING WITH
    • Systems - window based UNIX
    • Software:
      • In-house, highly tailored for operations
      • Separate software for financial reporting
      • Not necessarily utilizing common data bases
    • Overriding Concern -
      • WHAT IF IT DOESN’T WORK!!!!
  • 7. NYT’s EXPERIENCE - DECISION PROCESS
    • Establish hierarchy of needs, without consideration to costs, then consider:
      • Software vs. Programming
      • Priorities – Cost / Benefit
      • Security – Systems / Personnel
      • Cost
  • 8. NYT’s EXPERIENCE - OUR DECISION
    • - NYT must
    • . Set in motion commitment to change
    • . Establish base for coordinated improvements
    • . Minimize risk and costs
    • - Two basic systems, two approaches:
      • Operations – programming
      • Financial Reporting – software (Oracle)
  • 9. NYT’s EXPERIENCE – THREE YEAR’S LATER
    • Working,……… yes
    • Continuous Improvement, a “must”
    • 2004 Task Force re Operations
      • Composition: I.S. and Ops
      • Dual Purpose:
        • Improve current applications
        • Software study
    • Decision, in process & on-going
    • IT is a journey, not a destination!
  • 10. KEYS TO SUCCESS
    • Support from the top, must be a corporate initiative
    • Know your objectives, don’t be sidetracked or wooed, but
    • Be open minded
    • Cross functional task force
    • See software demos & on-site applications
    • Think long-term
    • Ensure in-house expertise to support
    • Go mainstream for continuity
    • Follow up with user TRAINING
  • 11. OUTSIDE INFLUENCES - SOX
  • 12. SARBANES-OXLEY ACT EXECUTIVE OVERVIEW
  • 13. BACKGROUND
    • Congress reaction to corporate shenanigans (Enron, MCI, AA, etc.)
    • Senator Paul Sarbanes & Congressman Michael Oxley
    • Sarbanes-Oxley Act of 2002 (“SOX”)
  • 14. SOX – MATTERS ADDRESSED
    • PCAOB
    • Auditor independence
    • Corporate responsibility (Sec 302)
    • Enhanced financial disclosures (Sec 404)
    • Corp criminal fraud accountability (HR)
    • White collar crime (penalties)
  • 15. SECTION 302 DISCLOSURE CONTROLS
    • Disclosure Controls & Procedures, Quarterly
      • Financial Statements (Section 404)
      • Strategic Relations
      • Contracts
      • Mngt Discussion & Analysis
      • Legal Proceedings
    • Required info accurate & timely
    • Quarterly certification by CEO & CFO
    • Penalty: Neglect, up to $1mil & 10 yrs
    • Penalty: Willful, up to $10 mil & 20 yrs
  • 16. SECTION 404 - INTERNAL CONTROLS OVER FINANCIAL REPORTING
    • Mng’t resp for IC over financial reporting:
      • B/S, I/S, CF, Equity, Notes
    • Mng’t assessment of IC
    • Annual certification by CEO & CFO
    • Penalties as at Section 302 slide
    • Auditor attestation
  • 17. COSO Committee of Sponsoring Organizations of the Treadway Commission
    • Integrated Framework for Internal Control
    • COSO Cube (operations/financial)
    • Five integrated components:
      • Control Environment (ethics & integrity)
      • Risk Assessment
      • Control Activities (Reviews, reconciliations, etc.)
      • Information & Communications (How gathered & disseminated)
      • Monitoring
  • 18. SOX and PRIVATE COMPANIES
    • Standard for Best Practices
    • Lenders, insurance & underwriters
    • IPO/acquisition (18% premium)
    • Cost of implementation per FEI:
      • $825,000 for $100 million company
  • 19. RISK ASSESSMENT
    • Business Risks :
      • Impact health of the company
      • NYT examples:
        • China factories
        • WT health
        • Retail consolidation
        • Independent warehousing
  • 20. RISK ASSESSMENT
    • Material misstatement of financials
      • Identify what drives general ledger entries
      • Identify primary risks:
        • Choices of accounting policies (GAAP)
        • Accounts requiring judgment (reserves/allowances)
        • Adjustments outside routine processing (JE’s)
        • Environment encouraging “stretch” (incentives)
        • Pts in processing where data is manipulated
  • 21. IDENTIFY “SIGNIFICANT CONTROL OBJECTIVES”
    • To manage most significant financial reporting risks (consider value chain activities)
    • Giving consideration to –
      • Key business activities
      • Industry characteristics
      • Most significant risks to entity & industry
      • Financial reporting matters
        • Accounts that are subjective
        • Complex accounting
        • Accounting rules subject to interpretation
        • Dependent on external information
  • 22. ASSESS & IMPLEMENT INTERNAL CONTROLS
  • 23. ENTITY LEVEL CONTROLS (Corporate governance, sets the tone)
    • Company culture
    • Define/communicate ethical & behavioral norms
    • Code of Conduct
    • Reinforce via Leadership behavior
    • Minimize temptation for actions o/s ethical norms
    • Enforce remedial action for behavior o/s ethical norms
    • Personnel policies: Select / retain competent employees
    • HR responsibilities
  • 24. HR RESPONSIBILITIES
    • HR must provide all employees –
      • An understanding of:
        • Expectations of the individual employee
        • Individual employee’s authority
        • Corporate lines of authority
        • Corporate attitude re risk identification
        • Corporate attitude re fraud
      • Formal job descriptions
      • Training, including corporate ethics
      • Performance appraisals & feedback
  • 25. COMPUTER CONTROLS
    • General Controls
    • Application Controls
  • 26. OVERVIEW OF COMPUTER CONTROLS
    • Aligned w/ business objectives to provide
      • Systems to manage the quality & integrity of financial & other business information
      • Access controls over IT systems & applications
      • Authorization process for computer applications
      • Information on a timely basis
      • Confidentiality of sensitive information
      • Support of continued information flow
  • 27. IT - GENERAL CONTROLS
    • Data Center – Backup, recovery & scheduling
    • Systems Software – Acquisition & implementation
    • Access Security – Firewalls, access codes, etc.
    • Application Systems – Development & maintenance
    • Documentation – All significant processes/activities
    • Monitor – IT performance & capacity levels
  • 28. IT – APPLICATION CONTROLS
    • Control processing of data/transactions
      • Completeness
      • Accuracy
      • Authorization & validity
      • Data storage & backup
    • Control system interface & data exchange
  • 29. ACTIVITY LEVEL INTERNAL CONTROLS
    • Prevent material misstatement of financials
    • Reflect risk assessment –
      • Account
      • Activity
      • Input source
    • Focus on:
      • F/S accounts (debits & credits) & disclosure, consider
        • Materiality, quality, inherent risk, non-routine sources
      • Data security (boundaries & authorization)
      • Processing points where data is manipulated
      • Preventative controls supplemented by detection
  • 30. BOTTOM LINE - WHAT ALL PUBLIC COMPANIES NEED TO DO
    • Clearly communicate SOX is a priority
    • Assess risks & control environment
    • Document:
      • Entity Level Controls
      • Computer Controls
      • Activity Level Controls
      • Information flow to GL accounts
    • Implement additional controls where needed
    • Document updated control procedures
    • Monitor effectiveness of controls
  • 31. Q & A