Oscpa webinar sox change readiness

Petra Learning LLC
SOX Nimbleness
“How Responsive is Your SOX Program
September 10, 2012
7/17/2013 Proprietary and Confidential
Page
1

Purpose and Objectives
Purpose: Inform and Equip
Objectives:
 Explore the attributes of a responsive
SOX Program
 Provide an assessment tool that can be
used to evaluate current SOX programs
7/17/2013 Proprietary and Confidential Page 2

Agenda
Discussion Topic
SOX Current State 5 minutes
Attributes of a Responsive SOX Program
1) Polling Questions (3)
2) Self-Assessment Tool (Summary Slide)
40 minutes
Call to Action 5 minutes

SOX Current State
We’ve Enjoyed a Relatively Static Environment
◦ Changes mainly related to SOX optimization.
◦ Limited impact on personnel, operations, and technology from accounting
standards.
◦ Limited publicity or press related to SOX failures. Limited impact of disclosing
deficiencies, material weaknesses, or having restatements.
SOX redesign is not a palatable undertaking for most
◦ Programs aren’t overly flexible
◦ Heavy on documentation, numerous very specific and detailed controls
“SEC Sanctions Direct Edge Electronic Exchanges and Orders
Remedial Measures to Strengthen Systems and Controls”

Responsive SOX Program Attributes
Overall characteristics you should strive for in your
SOX program
 Dynamic – ability to evolve; to reinvent their business model to
achieve or maintain an advantage
 Integrated – to make into a whole by bringing all parts together;
unify; combining or coordinating separate elements so as to
provide a harmonious, interrelated whole
 Comprehensive – covering completely or broadly; dealing with
all or many of the relevant details
 Well Understood – widely or sufficiently understood or
comprehended

Question # 1 and 2: Dynamic
1. How frequently is the design of controls (not the
effectiveness) evaluated?
2. What triggers reevaluation of your design of controls?
Why this matters
 Numerous accounting changes upcoming some of which
allow for early adoption; most of which will require
significant operational changes
 Potential overlapping implementation dates means
multiple projects may occur simultaneously.
What could you do to get ahead of this?

Polling Question # 1
To what extent would you agree that
process and control owners within your
company have a sufficient understanding
of the difference between design
effectiveness and control effectiveness?
a) Strongly agree
b) Somewhat agree
c) Somewhat disagree
d) Strongly disagree

Question 3: Dynamic
3. How well do you understand and how easily can you
identify the interdependencies between controls?
Why this matters
 As sub-processes and their related controls are
changed you need to be able to quickly assess the
impact on the rest of your control environment.
 Some areas are not as obvious, for example automated
controls such as edit checks or comparisons /
thresholds.

Question 4: Integration
4. Do you have a good linkage between accounting information
and supporting IT systems (in the broadest sense)?
Why this matters
 Ability to identify information that may come from a system that
is not currently in-scope or subject to the same IT
environment.
 Ability to flag information that comes from spreadsheets that
will need revised so that you become more sensitive and
focused on spreadsheet errors during the change period.
 Ability to trace info to key databases and flags that will go
through significant change.

Question 5: Integration
5. How you assess other components of the
control environment during this change period?
Why this matters
 Qualifications of accounting personnel
 Financial expertise of Audit Committee and
especially Audit Committee Chair
 Information and communication processes
around changing accounting policies and
processes
 Disclosure committee and risk committee
Page
10

COSO Framework
Current framework prior to revision expected to be issued final 1Q2013.
Page
11
COSO Releases
Thought Paper on
Enhancing Board
Oversight by Avoiding
and Challenging Traps
and Biases in
Professional Judgment

Evaluating the control environment and allowing this evaluation
to influence the design and testing of transactional level controls
has been a challenge in many SOX programs. What level of
linkage have do you believe that you’ve been able to obtain
between the control environment and transactional level
controls?
a. Strong linkage – our control environment assessment
directly influences our control effectiveness assessment
b. Partial linkage – our control environment assessment may
impact our level of testing but does not impact our
assessment of control effectiveness
c. No linkage – assessments are completely independent of
each other; identified issues are addressed separately.
Page
12

Question 6: Comprehensive
6. Do you have a systematic process for analyzing specific
scoping and materiality nuances?
Why this matters
 Impact of adoption could be a material amount though the
account itself is not material. Is reliance upon an entity-level
control sufficient to catch these material items?
 Some processes may feed into significant new disclosures
though they are more operational in nature. Will those get
added into scope and how would be responsible for assessing
(ICOFR, IA)?
 Some locations may not have been significant in the past but
may contribute heavily to leases that will suddenly be on the
balance sheet or to other new accounts.
Page
13

Question 7: Comprehensive
7. Is your SOX process sensitive enough to detect:
a. material changes in assumptions even if the balances
themselves do not fluctuate significantly?
b. Changes in assumptions that should’ve occurred but
did not?
Why this matters
 Underlying assumptions of material estimates are still an
area of concern that continues to cause restatement.
This risk will increase as new accounting standards are
issued.
Page
14

Question 8: Understood
8. How well do you understand and how easily can
you identify the interdependencies between
controls?
Why this matters
 As sub-processes and their related controls are
changed, you need to quickly assess the impact
on the rest of your control environment.
 Areas where interdependencies may not be as
obvious include automated controls like edit
checks or comparisons / thresholds.
Page
15

Have you previously evaluated your
SOX program from a responsiveness
view?
a. Yes
b. No
Page
16

Self-Assessment Checklist
Criteria Yes No Ref
1. How frequently is the design of controls (not the effectiveness)
evaluated?
2. What triggers reevaluation of your design of controls?
3. How well do you understand and how easily can you identify the
interdependencies between controls?
4. Do you have a good linkage between accounting information and
supporting IT systems (in the broadest sense)?
5. How you assess other components of the control environment during
this change period?
6. Do you have a systematic process for analyzing specific scoping and
materiality nuances?
7. Is your SOX process sensitive enough to detect:
a. material changes in assumptions even if the balances themselves
do not fluctuate significantly?
b. Changes in assumptions that should’ve occurred but did not?
8. How well do you understand and how easily can you identify the
interdependencies between controls?
Page
17

Call to Action
 Evaluate your SOX program flexibility as
you wrap-up your 2012 testing and plan
for 2013.
 Consider querying your employees on
their understanding of the design of
controls
 Consider your approach for keeping
employees engaged and informed on
accounting changes.
Page
18

Oscpa webinar sox change readiness

More Related Content

What's hot

Similar to Oscpa webinar sox change readiness

More from Tiffany Crosby, Coach

Recently uploaded

Oscpa webinar sox change readiness

Editor's Notes