Presentation to san jose state university december 7 2006
This presentation is the property of its rightful owner.
Sponsored Links
1 / 35

Presentation to San Jose State University December 7, 2006 PowerPoint PPT Presentation


  • 89 Views
  • Uploaded on
  • Presentation posted in: General

Presentation to San Jose State University December 7, 2006. Presenters . Jerry Meyers, TR Senior Manager [email protected] Jagdish Pandey, TR Assoc. Director [email protected] Dina Talerico, IA Senior Manager [email protected] Objectives .

Download Presentation

Presentation to San Jose State University December 7, 2006

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Presentation to san jose state university december 7 2006

Presentation to San Jose State UniversityDecember 7, 2006


Presenters

Presenters

Jerry Meyers, TR Senior Manager

[email protected]

Jagdish Pandey, TR Assoc. Director

[email protected]

Dina Talerico, IA Senior Manager

[email protected]


Objectives

Objectives

  • Who is Protiviti?

    • What We Do – Risk Consulting Defined

    • Our Vision, Mission and Core Values

    • Our Accomplishments

    • Our Locations, Our Clients

    • Behind the Enron Scandal

    • The Protiviti Story

  • The Financial Statement Risk Assessment Process

    • Sarbanes-Oxley Overview

    • Our Approach/Methodology

    • FS Prioritization Process

  • Questions and Wrap-Up


Who is protiviti

Who is Protiviti?


Who is protiviti1

Who is Protiviti?

Protiviti is a leading provider of independent risk consulting and internal audit services.


What we do risk consulting defined

What We Do - Risk Consulting Defined

The discipline of:

  • Identifying, sourcing and measuring risk

  • Formulating risk management strategies

  • Designing and implementing capabilities for avoiding, retaining, reducing, transferring and exploiting risk

  • Monitoring risk within acceptable tolerance levels


In other words

In Other Words…

We help clients understand their risks and how they can turn them into a competitive advantage.


Protiviti s vision and mission

Protiviti’s Vision and Mission

  • Vision

    To be recognized as the Premier Global Risk Consulting and Internal Audit Service Company.

  • Mission

    To constantly improve how businesses manage risk. We will develop deep competencies in people which enhance their value. We will bring unparalleled expertise to clients in risk management.


Protiviti embodies our core values

Protiviti Embodies Our Core Values

Protiviti core values:

We are:

professionalism

productiviti

proactiviti

objectiviti

creativiti

integriti

  • Experienced Professionals with Proven Processes, Methodologies and Tools

  • Focused on Risk Consulting

  • A Driven Organization

  • Independent

  • Financially Strong

  • A Strategic Advantage to Meet Your Resource Needs

  • “Passionate About our Clients”

quality


Why protiviti

Why Protiviti?

Protiviti fills a unique and valuable position in the market, as depicted below. Protiviti brings a unique blend of knowledge and experience to the table which combines the focus, dedication and independence of a boutique firm, with the methodologies & tools, global presence, and deep skill sets of the Big 4.

  • Big Four:

    • Methodologies & tools

    • Experienced professionals

    • Depth of risk consulting services

    • Financial & management stability

    • Recognized

    • Global presence

  • Boutique:

    • Responsive client service

    • Lack of SEC restrictions

    • Independent from attest & tax services

    • Better teaming with external auditors

    • Focus on core offerings

    • Fee flexibility

Protiviti combines the strengths of the large consulting companies and independent alternatives…without compromise


Accomplishments

Accomplishments

  • Growth in the number of Protiviti employees and locations

  • Recent quarterly earnings

  • Implementation of a company Intranet, iShare, with cutting-edge knowledge management solution

  • Recognized as a thought leader through our SOA and Internal Audit FAQs

  • National alliances and partnerships

  • Continued training development initiatives


Protiviti locations

Protiviti Locations

Protiviti employs over 2200 professionals in more than 50 locations in North America, Latin America, Europe, Asia and Australia.


Protiviti clients

Protiviti Clients

Our client experience includes organizations across all major industries from global Fortune 500 corporations to small, privately-held, local institutions.*

*All logos used with client permission


Our practice

Our Practice

Our product offerings offer a breadth of internal audit and business and technology risk solutions.

Technology Risk

Internal Audit

Business Risk

  • Audit Committee Advisory

  • IA Technology/Tool Implementation

  • Internal Audit Co-Sourcing

  • Internal Audit Full Outsourcing

  • Internal Audit QA Review

  • Internal Audit Transformation

  • IT Audit Services – Start up and Development Advice

  • Application Effeteness Solutions

  • Change Management Solutions

  • Continuity Solutions

  • Identity management

  • IT Asset Management Solutions

  • Program Management Solutions

  • Security and Privacy Solutions

  • Corporate Governance

  • Event Response

  • Financial Risk

  • Operational Risk


Internal audit

Limited Consulting/ Ad Hoc Projects

Full In-House

Strategic Sourcing

Specialized SkillsArrangement

Co-Sourcing

Single Audit Director Model

Recurring Co-Sourcing

Partial Outsourcing

Full Outsourcing

Strategic Partnering

Internal Audit

An outsourcing provider should have the flexibility to tailor the delivery options to meet the needs of your organization in the short-term and long term. Some common outsourcing options are listed below.

  • Ad hoc consulting work and execution of internal audit projects on an “as needed” basis.

  • Examples: transformation/benchmarking, facilitation, IA training, quality assurance reviews, selected internal audits, loan of personnel.

  • Internal Audit leverages specialized skills/knowledge from outsource provider for specific projects.

  • Examples: IT, Fraud, International, Self Assessment.

  • Internal Audit Director manages internal audit function and reports to CFO and Audit Committee.

  • Director is responsible for implementing the internal audit plan using outsource partner resources to execute.

  • Internal Audit department teams with outsource partner for resources on regular, ongoing basis, generally spanning multiple years.

  • Internal Audit partners with outsource partner to manage and execute the IA function, sharing all knowledge, proprietary tools, methodologies, and training, as well as providing substantial amount of resources on a recurring, long-term basis.


Business risk

Business Risk

  • Corporate Governance

  • Enterprise Risk Management

  • Sarbanes-Oxley

  • Self-Assessment

  • J-SOX

  • Financial Risk

  • Basel II Services

  • Credit Risk

  • Trading & Commodities Risk

  • Treasury Risk

  • Risk Technology Solutions (RTS)

  • Discoveri

  • Dynamic Policy

  • Protiviti's Governance Portal

  • Resolver Suite

  • Event Response

  • Fraud Risk Management

  • Financial Investigations

  • Litigation Consulting

  • Operations Risk

  • Capital Projects & Construction Risk

  • Finance Process Effectiveness

  • Financial Reporting Risk Services

  • Regulatory Risk Consulting

  • Revenue Risk Services

  • Spend Risk Solutions

  • Supply Chain Risk Management


Technology risk

Technology Risk


Behind the enron scandal

Behind the Enron Scandal

  • In March 2002, the US Justice Department indicted Arthur Andersen for obstruction of justice. Within 2 weeks, many of Andersen’s Fortune 100 Clients had announced going with another firm.

  • Protiviti launched in May, 2002 with approximately 700 ex-Arthur Andersen employees that had just lost their jobs as a result of the Enron scandal

  • In June 2002, jurors convicted Andersen for obstructing justice by destroying Enron Corp related documents

  • The conviction forced Andersen out of business, as the remaining 28,000 employees (two thirds of their workforce) were forced to lose their jobs and the firm was suspended from practicing audit

  • Three years later the Supreme Court overturned the ruling saying Andersen was convicted without proof that its shredding of documents was deliberately intended to undermine the SEC’s investigation of Enron


The protiviti story

The Protiviti Story

  • Protiviti’s launch in 2002 with only 700 employees was the result of an employment agreement between Robert Half International (“RHI”) and Arthur Andersen

  • Protiviti was formed as a wholly-owned subsidiary of RHI (a $3.3 billion dollar public company specializing in staffing) and today employs more than 2,200 professionals in more than 50 offices in the Americas, Asia-Pacific and Europe

  • Protiviti and the RHI divisions refer each other to clients for new business

  • RHI staffs the appropriate contractors to augment Protiviti engagement teams

  • RHI and Protiviti use the same shared services for Accounting, IT, Operations, etc.


Questions

QUESTIONS?


Break

BREAK


The financial statement risk assessment process

The Financial Statement Risk Assessment Process


Sarbanes oxley overview

Sarbanes-Oxley Overview

  • Section 301: Publicly traded companies are required to establish a procedure for the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters.

  • Section 302: Management must evaluate the design and operational effectiveness of its disclosure controls and procedures quarterly (disclosure controls include internal controls).

  • Section 404: Management is required to file an internal control report with their annual report, stating –

    • Management’s responsibilities to establish and maintain adequate internal controls and procedures for financial reporting

    • Management’s conclusion on the effectiveness of these internal controls at year end

    • That the company’s public accountant has attested to and reported on management’s evaluation of internal controls over financial reporting

  • Section 906: Expressly imposes criminal penalties if the information contained in the periodic report does not fairly represent, in all material respects, the financial condition and results of the operations of the issuer.


Our approach methodology

Our Approach/Methodology

Financial Reporting

Requirements

Process Risks

Components

of Internal

Control

Reporting

Internal Control

Report

Entity-Level Controls

Control Design

Control Improvements

Relevant Processes

Control Operation

PHASE I

PHASE II

PHASE III

PHASE IV

Set Foundation

Assess Current State and Identify Relevant Processes

Document Design and Evaluate Critical Processes and Controls

Design

Solutions for Control Gaps

Implement Solutions for Control Gaps

Report

Protiviti’s

Approach

Continuous Improvement

Project Management

Knowledge Sharing

Communication

IT Organization and Structure

IT Entity-Level Control Evaluations

IT Controls

IT Control Considerations

IT Process Level Control Evaluations

SarbanesDiagnostics

Process Management (SarbOx PortalTM)

Tools &

Technology

Assessment Management (The Self AssessorTM)

Knowledge Management


Our approach detailed project steps

Our Approach: Detailed Project Steps

Set Foundation

PHASE I: Assess Current State and Identify Relevant Processes

PHASE II: Document Design and Evaluate Critical Processes and Controls

  • Organize project

  • Develop project plan

  • Agree on approach/reporting requirements

  • Perform entity-level controls assessment

  • Select financial statement elements, processes and locations

  • Documentation standards – level of depth, assertions and control objectives

  • Inventory existing control documentation

  • Testing approach

  • Document processes

  • Source risks (what can go wrong?)

  • Document controls

  • Assess design

  • Validate operation

PHASE III: Design Solutions for Control Gaps

PHASE IV: Implement Solutions for Control Gaps

Report

  • Evaluate nature of identified deficiencies

  • Decide deficiencies requiring correction

  • Design and document improvements

  • Build improvements

  • Roll out improvements

  • Test improvements

  • Update policies and procedures

  • Provide training

  • Measure performance

  • Formulate conclusions with respect to internal controls over reliability of financial reporting

  • Provide results and documentation to external audit for attestation process

  • Conclude attestation process

  • Write internal controls report


Fs prioritization process selecting financial reporting elements

FS Prioritization Process: Selecting Financial Reporting Elements

Factors to consider in determining key financial reporting elements:

  • Materiality of financial statement items

  • Degree of volatility of the recorded amount over time

  • Degree of subjectivity used in determining account balance

  • Susceptibility to error or omission as well as loss or fraud

  • Complexity of calculation

    Additional factors to consider might include the following:

  • Velocity of account - the speed of transactions through the account

  • Nature and types of errors and omissions that could occur, i.e., “what can go wrong”

  • Volume, size, complexity and homogeneity of the individual transactions processed through a given account or group of accounts

  • Disclosures / footnotes in financial statements

  • Prior year external auditor management letter comments


Fs prioritization process linking accounts to processes

FS Prioritization Process: Linking Accounts to Processes


Presentation to san jose state university december 7 2006

Close Process & Consolidation

Managing Cash

and Investments

AR&

Collections

Order Management

IT

Revenue

Reserves

Borrowings

Employee

Master File

Maintenance

Tax Compliance

Budgeting

Financial Statement Reporting &

Disclosures

Bad Debt

Allowances

Amortize Prepaid & Intangible Assets

FS Prioritization Process: Risk Map

  • Processes

  • Revenue Processes:

  • Order Management

  • Shipping and Billing

  • Accounts Receivables and Collections

  • Allowances

  • Revenue Reserves

  • Expenditure Processes:

  • Purchasing

  • AP & Cash Disbursement

  • Asset Management

  • Amortize Prepaid and Intangible Assets

  • Manage Travel and Entertainment

  • Conversion Processes:

  • Inventory Costing & COGS

  • Inventory Reserves

  • Inventory Management

  • Financial Reporting:

  • Close Process and Consolidation

  • Financial Statement Reporting and Disclosure

  • Budgeting, Forecasting and Management Reporting

  • HR and Payroll:

  • Employee Master File Maintenance

  • Payroll and employee benefit liabilities

  • Incentive Compensation

  • Treasury:

  • Managing Cash and Investments

  • Borrowings

  • Equity:

  • Stock Compensation and Administration

  • Taxes

  • Income Tax Provisions and Compliance

  • Information Technology

  • IT General Controls

High

Purchasing

AP& Cash Disbursements

Payroll&

Employee Benefit

Liabilities

Asset

Management

Inventory Costing & Cost of Sales

Shipping and

Billing

Significance

Inventory Management

Stock Compensation & Administration

Incentive

Compensation

Inventory Reserves

Manage Travel & Entertainment

Expenses

Low

Low

Risk

High


The financial statement risk assessment process technology coverage

The Financial Statement Risk Assessment Process“Technology Coverage”


Our approach linkage to it

Our Approach: Linkage to IT

The IT work builds on these steps

Select Priority

Elements

  • Select the priority accounts and disclosures

  • Consider significance to financial reporting and risk of misstatement

Document

Processes

  • Document the transaction flows that materially impact the priority financial elements

Source

Risks

  • Use financial reporting assertions to source “what can go wrong” within the processes

  • What are the risks?

Document

Controls

  • Document entity controls (“tone at the top”)

  • Document the controls at the source of the risk (preventive) or downstream in the process (detective)

  • What are the controls?

  • Who owns the controls?

Assess

Design

  • Assess effectiveness of controls design at entity and process levels

  • How is the controls design rated?

Validate

Operation

  • How are the controls performing?

Report

  • Conclude

  • Communicate

  • Report


Our approach linkage to it1

  • IT General Controls

  • Program development

  • Program changes

  • Program operations

  • Access control

  • Control environment

  • Application Controls

  • Accuracy

  • Completeness

  • Validity

  • Authorization

  • Segregation of duties

  • etc...

Our Approach: Linkage to IT

Source: IT Governance Institute – IT Control Objectives for Sarbanes-Oxley, April 2004

Significant Accounts in the Financial Statements

Significant Accounts in Financial Statements

Balance

Income

Balance

Income

SCFP

Notes

Other

SCFP

Notes

Other

Sheet

Statement

Sheet

Business Processes / Classes of Transactions

Business Processes / Classes of Transactions

Process A

Process B

Process C

Process A

Process B

Process C

Financial Applications

Application A

Application B

Application B

IT Infrastructure Services

Database

Operating System

Network


Our approach itgc scope

Our Approach: ITGC Scope

Objectives

  • Development (SDLC) and Change Management

  • Acquire or Develop Application Software

  • Acquire Technology Infrastructure

  • Install and Test Application Software and Technology Infrastructure

  • Manage Changes

  • Access and Security

  • Ensure Systems Security (Physical, Network, Operating System, Database and Application levels)

  • Manage the Configuration Operations

  • Manage Problems and Incidents

  • Manage Data

  • Manage Operations

  • Define and Manage Service Levels

  • Manage Third-party Services


Our approach itgc scope1

Our Approach: ITGC Scope

Applications


Application controls

  • IT General Controls

  • Program development

  • Program changes

  • Program operations

  • Access control

  • Control environment

  • Application Controls

  • Accuracy

  • Completeness

  • Validity

  • Authorization

  • Segregation of duties

  • etc...

Application Controls

Source: IT Governance Institute – IT Control Objectives for Sarbanes-Oxley, April 2004

Significant Accounts in the Financial Statements

Significant Accounts in Financial Statements

Balance

Income

Balance

Income

SCFP

Notes

Other

SCFP

Notes

Other

Sheet

Statement

Sheet

Business Processes / Classes of Transactions

Business Processes / Classes of Transactions

Process A

Process B

Process C

Process A

Process B

Process C

Financial Applications

Application A

Application B

Application B

IT Infrastructure Services

Database

Operating System

Network


Questions1

QUESTIONS?


  • Login