1 / 27

AUDIT

Seminar in Accounting & Society SOX – Section 404 & Enterprise Risk Management. March 30, 2010. AUDIT. Seminar in Accounting & Society SOX Section 404 – March 30, 2010. Rick Andrews Partner KPMG Karen Vangyia Partner KPMG. Agenda. Introductions/Background

kylee-shaw
Download Presentation

AUDIT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Seminar in Accounting & SocietySOX – Section 404 & Enterprise Risk Management March 30, 2010 AUDIT

  2. Seminar in Accounting & SocietySOX Section 404 – March 30, 2010 Rick Andrews Partner KPMG Karen Vangyia Partner KPMG

  3. Agenda Introductions/Background Overview – What is Sarbanes-Oxley? Impact of SOX Impact of AS5 The Economy & Risk – What Happened? What’s Next? Enterprise Risk Management Questions

  4. About KPMG KPMG LLP is a provider of audit, tax and advisory services KPMG LLP is #1 in the St. Louis market auditing 42% of St. Louis’ Top 50 Public Companies KPMG LLP is the U.S. member firm of the KPMG international network with a presence in ~ 150 countries KPMG has been recognized as a great place to work by Fortune, Working Mother, the Human Rights Campaign, Business Week, The Women’s Alliance, the Black Collegian, Diversity Inc and others KPMG LLP consists of 21,000 partners and staff across the U.S. The St. Louis office is supported by approximately 250 employees serving in the capacity of client support delivery or client service support functions

  5. What is Sarbanes-Oxley? What is SOX 302? What is SOX 404? What is AS5?

  6. Management’s Certifications The CEO and CFO must personally certify to the: Accuracy of financial statements Adequacy & effectiveness of disclosure controls and procedures (SOX 302) Adequacy & effectiveness of internal controls over financial reporting (SOX 404) Completeness of all disclosures that materially impact the financial statements or relate to frauds involving management with a significant role in internal controls over financial reporting

  7. Impact of SOX on Stakeholders SOX 404 & 302 had a significant impact on: Board of Directors’ responsibilities Management’s responsibilities Internal Audit Department resources and responsibilities Costs of compliance

  8. Impact on Board of Directors Increased liability & responsibility for Audit Committee members Qualifications for Audit Committee members more stringent (“financial expert” requirement) Director, Internal Audit reports directly to the Chairman of the Audit Committee Whistleblower Policy implemented with reports to the Audit Committee Chair

  9. Impact on Board of Directors As a result, the Audit Committee has: Increased focus on internal controls & audit results Demanded swift remediation of internal control weaknesses Supported the addition of Internal Audit resources to support compliance efforts Initiated discussion over business riskmanagement strategies across the organization

  10. Impact on Management Certifying officers (CEO & CFO) are personally liable for undisclosed issues and significant financial misstatements Potential for large $$ penalties and prison sentences Increased accountability to Board with respect to maintaining internal controls and SOX compliance processes

  11. Impact on Management As a result, Management has: Increased focus on internal controls & audit results Demanded swift remediation of internal control weaknesses Placed reliance on transparency of quarterly disclosure certification process Continued to set a strong “Tone at the Top” with respect to establishment and adherence to policies & controls

  12. Impact on the Audit Profession “The Good” Stature of audit profession raised Bubble of demand for auditors Increased salaries “The Bad” Balance of work shifted to routine detail tests More challenging to find ways to provide value due to independence rules (external audit) & resource limitations (internal audit)

  13. Benefits of SOX 404 & 302 Increased knowledge of internal controls throughout the organization Ownership of internal controls embedded within the organization More rapid remediation of significant control deficiencies Increased transparency over events that may impact the financial statements and disclosures (SOX 302)

  14. Impact of AS5 External audit no longer opines on management’s approach to forming their opinion on internal controls over financial reporting Scales are balancing with more focus on a risk-based approach Management has increased flexibility in developing its compliance plan

  15. Lehman Bankruptcy What Happened??? Global disruption of economy Massive stock market decline AIG bailout Bank foreclosures Bernie Madoff Mortgage backed Securities Wall St VS. Main St

  16. What’s Next? The Economy, Risk & SOX 404 Companies are dealing with issues that are still evolving! As a result of the global economic disruption and the turmoil in the financial markets, companies are dealing with certain accounting and reporting issues for the first time in decades, and for some, the first time EVER

  17. What’s Next? The Economy, Risk & SOX 404 Anticipate increased focus on Enterprise Risk Management (ERM) and integration of related control structure into organizations Boards and management are being asked why they did not foresee the potential impact of major risks Debt ratings agencies (Standard & Poor’s) are starting to ask about ERM

  18. ERM Journey ENTERPRISE RISK MANAGEMENT

  19. The Meaning of Risk is Changing Prior Thinking Current Thinking A way of preservingvalue by avoiding risk A way of creating sustainable value by embracing risk Focus on what has happened Focus on what could happen

  20. What is Risk Management? What is Risk? “the chance of something that will have an impact on objectives. It is measured in terms of consequences and likelihood.” What is Risk Management? “the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects”

  21. Enterprise Risk Management Defined “Enterprise risk management is • a process, • effected by an entity’s board of directors, management and other personnel, • applied in strategy setting and across the enterprise, • designed to identify potential events that may affect the entity, and • manage risks to be within its risk appetite, • to provide reasonable assurance regarding the achievement of entity objectives.” Source: COSO Enterprise Risk Management – Integrated Framework (September 2004)

  22. ERM Drivers? • External triggers • Share shocker: Surprises that lead to a falling or poor-performing share price • Born in the U.S.A.: Sarbanes-Oxley controls reporting is time-consuming and must deliver back more than just compliance • Capital concerns: Credit-rating agencies taking an interest in governance and risk management capabilities • Rules and more rules: New trends in the regulatory environment at home and abroad (e.g., Euro-SOX) • Listing pressure: Demerger or listing on a new exchange that requires additional governance and compliance processes • Losing face: An event that could put the company’s reputation at significant risk of damage

  23. ERM Drivers? (continued) • Internal triggers • Musical chairs A new CEO or Chair of the Board/Audit Committee who is open to fresh approaches • Flex from the centerConcerns at HQ about the level of control they have over a diverse business • ExpansionistsThe company is growing quickly and struggling to maintain control over operations • A risky businessMajor changes in business direction or the dynamics of an industry • Ticking offOngoing Audit Committee or major shareholder complaining about a lack of internal control • Keeping up with the TrendsExecutive management wants to maintain parity with the practices of their peers

  24. Improved risk awareness and collaboration 76% Improved regulatory compliance 53% 50% Improved operations Improved decision-making 48% 29% Reduced infrastructure, operating, or resource costs Improved earnings or shareholder value 24% 21% Reduced earnings volatility due to hedging Improved equity value or reduced debt costs 20% No/little change 8% Other 4% 0% 20% 40% 60% 80% 100% Where Are Global Companies Heading with ERM? Expected Potential Benefits/Outcomes What value has Enterprise-wide risk management created? Source: KPMG, LLP: ERM in the US – A 2006 Report Card 265 US Company Responses

  25. Accountability Pyramid The Board Provide Governance Risk Policy and Appetite Clear and unambiguous communication of the risk Risks can be monitored and reported Risk Management Oversight Facilitate the process Limits/KRI’s and accountabilities are set Policies and procedures defined and implemented The Business Help manage the risks Key Systems/Processes Helps enable direct objective comparison of risks

  26. ERM Content and Process KPMG ERM Framework • Top Risks (those that threaten) • Strategic Priorities • Business Model • Corporate Existence 6 Catastrophic FrameworkElement Description 1 3 Major 5 Risk Governance Establishment of approach for developing, supporting, and embedding the risk strategy and accountabilities Consequence 8 7 Moderate 9 12 15 10 13 Risk Assessment Identifying, assessing, and categorizing risks across the enterprise Minor 4 14 16 17 11 Insignificant Unlikely Risk Quantification & Aggregation Measurement, analysis, and consolidation of enterprise risks Remote Possible Likely Almost certain Likelihood Risk Monitoring and Reporting Reporting, monitoring, and assurance activities to provide insights into risk management strengths and weaknesses Create Content Risk & Control Optimization Using risk and control information to help improve performance Creating Content Identifying, evaluating and prioritizing enterprise risks Create Process Creating Process Building and maintaining a dynamic risk management framework and process to achieve sustainability

  27. Questions??? The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

More Related