1 / 23

Sarbanes-Oxley Act of 2002

Sarbanes-Oxley Act of 2002. Presentation to the Hampton Roads Chapter of APICS. February 21, 2006 Susan West Manager, Accounting Newport News Sector Northrop Grumman Corporation. Agenda. Background Requirements of the Sarbanes-Oxley Act Compliance Methodology Industry Reaction

iguthrie
Download Presentation

Sarbanes-Oxley Act of 2002

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Sarbanes-Oxley Act of 2002 Presentation to the Hampton Roads Chapter of APICS February 21, 2006 Susan West Manager, Accounting Newport News Sector Northrop Grumman Corporation HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  2. Agenda • Background • Requirements of the Sarbanes-Oxley Act • Compliance Methodology • Industry Reaction • Where do we go from here? • Questions? HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  3. Background – Why was the Act passed? • Financial scandals at Enron, WorldCom, and others • Desire to restore investor confidence and increase the transparency of the financial statements of publicly traded companies • Desire to protect investors by improving the accuracy and reliability of corporate disclosures HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  4. Sarbanes-Oxley Act of 2002 • Section 302 requires certifications of each quarterly and annual report by the CEO and CFO • Section 404 requires an annual internal control report by management stating the responsibility of management for establishing and maintaining adequate internal control for financial reporting, and providing an assessment of the effectiveness of the internal control structure and procedures for financial reporting • The external auditor is required to attest to and report on management's assessment pursuant to standards developed by the Public Company Accounting Oversight Board (PCAOB) HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  5. Compliance Methodology – What is an Internal Control? The COSO (Committee of Sponsoring Organizations of the Treadway Commission) report, Internal Controls – Integrated Framework, defines internal control as a process, • Effected by the entity’s board of directors, management, and other personnel. • Designed to provide reasonable assurance regarding the achievement of objectives in the following three categories: • Effectiveness and efficiency of operations, • Reliability of financial reporting, and • Compliance with laws and regulations. HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  6. Compliance Methodology –The SOX Project Management Office • The Enterprise PMO established at Corporate to oversee the company’s efforts to ensure compliance with Section 404 • Sector PMOs were established to ensure focused effort and cooperation • Both the Enterprise PMO and the Sector PMO have responsibility for executing the Section 404 project and must ensure the availability of appropriate resources, monitor and report progress to senior management, coordinate resolution of issues, and coordinate with external auditors HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  7. CEO Ron Sugar Compliance Methodology –The SOX Project Management Office CFO Wes Bush Project Owners Project Sponsors Corporate Policy Council Corporate Policy Council Sector CFOs Corporate Treasurer Corporate Secretary Corporate VP Tax Corporate HR Representative SO 404 Steering Committee Chair Kenneth Heintz Project Team Project Management Office (PMO) Lead - Michael Hardesty Sector Project Teams Corporate & Sector PMOS Corporate Office Electronic Systems Integrated Systems Information Technology Mission Systems Space Technology Newport News Ship Systems PMO PMO PMO PMO PMO PMO PMO PMO HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  8. Compliance Methodology – Significant Accounts Significant account selection based upon • Quantitative criteria • the amount of the account balance at year end • Qualitative criteria • Potential for material errors • Size and composition • Susceptibility to manipulation or loss • High transaction volume • Transaction complexity • Subjectivity in determining balance • Nature of the account HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  9. Compliance Methodology –Significant Processes • Need to identify and understand the transaction flows and business processes which generate the significant account balances – these are the significant processes • Routine, non-routine, and estimation processes and transactions • IT processes • Financial statement close process • Financial statement presentation and disclosure HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  10. Compliance Methodology – Risks and Controls Risks - What Can Go Wrong? • Ask where in the processing of transactions can errors occur that would be material? Identify the Mitigating Controls • Controls that provide reasonable assurance that errors of significance do not arise and remain undetected • Effective Controls provide reasonable assurance that stated objectives are met or that process risks are reduced to an acceptable level HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  11. Compliance Methodology – Completing SOX Documentation • Appropriate SOX documentation is in the form of a narrative and is supported by policies, procedures, and flowcharts • Narratives are completed for each significant business process or sub process • Narratives must contain detailed descriptions of the business process including transaction flows and control activities HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  12. Compliance Methodology – Changes in Business Processes • When systems or business processes change prior to year end, those changes must be incorporated in documentation and any new controls need to be assessed • Identify and document changes to internal control over financial reporting • Test the new controls for effectiveness • Timing of process changes must allow for development of required sample size HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  13. Compliance Methodology – Testing (Evaluating and Monitoring the Effectiveness of Controls) • Management must test the controls in order to evaluate and draw a conclusion as to their effectiveness • Internal Audit conducts SOX testing on behalf of management • SOX testing must be structured such that the auditor can determine whether the controls operated as management asserts and resulted in the timely correction of any errors • At the conclusion of testing, the auditor must identify and communicate any issues or exceptions HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  14. Compliance Methodology –Electronic Data Compilation & Storage • Use of Risk Navigator software to document assessment activities: • Store documentation supporting compliance • Capture electronic certifications HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  15. SOX Compliance – Cradle to Grave Significant Account A C C O U N T S R E C E I V A B L E Significant Processes Process Owners Prepare Process Narratives Billings Next Slide • Focus on key controls • Identify manual vs. automated controls • Identify frequency of controls • One account can be affected by many processes • Billings is only one of the significant processes that impact the Accounts Receivable account • Treasury’s Accounts Receivable and Cash Receipts & Disbursements processes would also be documented and tested HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  16. SOX Compliance – Cradle to Grave, continued Sector PMO / Internal Audit / Process Owner Sector PMO / Internal Audit Process Owners Develop process test plan to include sample sizes for each test to be conducted and formal audit program Loads Process Narrative, Risks, and Controls to Risk Navigator Hold entrance conference with Process Owner From Previous Slide • Assistant Controller • Manager of Billings • Focus on key controls • Maximize testing of automated controls Internal Audit Internal Audit Document test results in work papers Execute test plan for Process Next Slide • Typically the duration of the testing phase is 4 to 5 weeks • Flash Reports are issued for findings HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  17. SOX Compliance – Cradle to Grave, continued Sector PMO / Internal Audit / Process Owner Process Owner Identifies Corrective Action Plan to mitigate findings Hold Exit Conference and discuss findings From Previous Slide • Evaluate finding for classification as a material weakness, significant deficiency or deficiency • Clearly state whether controls are operating effectively • The Process Owner’s Action Plan is a written formal commitment with firm dates Internal Audit Process Owner Implements Corrective Action Plan Re-tests to validate Corrective Action Plan • If previous findings are found to have not been mitigated, they may now be classified as a significant deficiency • Adhering to the Action Plan previously submitted to the PMO and Internal Audit HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  18. Industry Reaction • Lots of new business • Now regulated Public Accounting Public Companies • Costly to comply • Distraction from running the business • Not enough focus on fraud risk HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  19. Industry Reaction Benefits to Public Companies ~ • Segregation of Duties strengthened • System access more tightly controlled • Increased focus on account reconciliations • Heightened awareness of internal controls • More formalized controls over non-routine transactions and the Financial Reporting Process • Less reliance on external auditors for technical matters • Opportunity to evaluate best practices HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  20. Where do we go from here? Let’s focus on … Fraud Risk HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  21. Public Service Announcement from Your Company’s SOX personnel … Compliance with the Sarbanes-Oxley Act makes good business sense, minimizes organizational risks, and is required by law. HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  22. Another Public Service Announcement from Your Company’s SOX personnel … EVERYONE in the organization is responsible for effective internal control. HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

  23. Sarbanes-Oxley Act of 2002 Presentation to the Hampton Roads Chapter of APICS February 21, 2006 Susan West Manager, Accounting Newport News Sector Northrop Grumman Corporation HEADER / FOOTER INFORMATION (ADD PROPER CLASSIFICATION)

More Related