Date post: | 29-Dec-2015 |
Category: |
Documents |
Upload: | alan-waters |
View: | 221 times |
Download: | 0 times |
AUDIT
Seminar in Accounting & SocietySOX – Section 404 &Enterprise Risk ManagementMarch 30, 2010
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
2
Seminar in Accounting & SocietySOX Section 404 – March 30, 2010
Rick AndrewsPartner KPMG
Karen VangyiaPartner KPMG
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
3
Agenda
Introductions/BackgroundOverview – What is Sarbanes-Oxley?Impact of SOX Impact of AS5The Economy & Risk – What Happened?What’s Next?Enterprise Risk ManagementQuestions
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
4
About KPMG
KPMG LLP is a provider of audit, tax and advisory servicesKPMG LLP is #1 in the St. Louis market auditing 42% of St. Louis’ Top 50 Public CompaniesKPMG LLP is the U.S. member firm of the KPMG international network with a presence in ~ 150 countriesKPMG has been recognized as a great place to work by Fortune, Working Mother, the Human Rights Campaign, Business Week, The Women’s Alliance, the Black Collegian, Diversity Inc and others KPMG LLP consists of 21,000 partners and staff across the U.S. The St. Louis office is supported by approximately 250 employees serving in the capacity of client support delivery or client service support functions
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
5
What is Sarbanes-
Oxley? What is SOX 302?
What is SOX 404?
What is AS5?
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
6
Management’s Certifications
The CEO and CFO must personally certify to the:Accuracy of financial statements
Adequacy & effectiveness of disclosure controls and procedures (SOX 302)
Adequacy & effectiveness of internal controls over financial reporting (SOX 404)
Completeness of all disclosures that materially impact the financial statements or relate to frauds involving management with a significant role in internal controls over financial reporting
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
7
Impact of SOX on Stakeholders
SOX 404 & 302 had a significant impact on:Board of Directors’ responsibilities Management’s responsibilitiesInternal Audit Department resources and responsibilitiesCosts of compliance
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
8
Impact on Board of Directors
Increased liability & responsibility for Audit Committee membersQualifications for Audit Committee members more stringent (“financial expert” requirement)Director, Internal Audit reports directly to the Chairman of the Audit CommitteeWhistleblower Policy implemented with reports to the Audit Committee Chair
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
9
Impact on Board of Directors
As a result, the Audit Committee has:Increased focus on internal controls & audit results
Demanded swift remediation of internal control weaknesses
Supported the addition of Internal Audit resources to support compliance efforts
Initiated discussion over business risk management strategies across the organization
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
10
Impact on Management
Certifying officers (CEO & CFO) are personally liable for undisclosed issues and significant financial misstatements
Potential for large $$ penalties and prison sentences
Increased accountability to Board with respect to maintaining internal controls and SOX compliance processes
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
11
Impact on Management
As a result, Management has:Increased focus on internal controls & audit results
Demanded swift remediation of internal control weaknesses
Placed reliance on transparency of quarterly disclosure certification process
Continued to set a strong “Tone at the Top” with respect to establishment and adherence to policies & controls
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
12
Impact on the Audit Profession
“The Good”Stature of audit profession raisedBubble of demand for auditorsIncreased salaries
“The Bad”Balance of work shifted to routine detail testsMore challenging to find ways to provide value due to independence rules (external audit) & resource limitations (internal audit)
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
13
Benefits of SOX 404 & 302
Increased knowledge of internal controls throughout the organization
Ownership of internal controls embedded within the organization
More rapid remediation of significant control deficiencies
Increased transparency over events that may impact the financial statements and disclosures (SOX 302)
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
14
Impact of AS5
External audit no longer opines on management’s approach to forming their opinion on internal controls over financial reporting
Scales are balancing with more focus on a risk-based approach
Management has increased flexibility in developing its compliance plan
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
15
Global disruption of
economyMassive stock market decline
Bernie Madoff
Mortgage backed Securities
AIG bailout
Lehman
Bankruptcy
Bank
foreclosures
What Happened???
Wall St VS. Main St
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
16
What’s Next? The Economy, Risk & SOX 404
Companies are dealing with issues that are still evolving!As a result of the global economic disruption and the turmoil in the financial markets, companies are dealing with certain accounting and reporting issues for the first time in decades, and for some, the first time EVER
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
17
What’s Next? The Economy, Risk & SOX 404
Anticipate increased focus on Enterprise Risk Management (ERM) and integration of related control structure into organizations
Boards and management are being asked why they did not foresee the potential impact of major risksDebt ratings agencies (Standard & Poor’s) are starting to ask about ERM
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
18
ENTERPRISE RISK MANAGEMENT
JourneyERM
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
19
The Meaning of Risk is Changing
Prior Thinking Current Thinking
A way of preserving value by avoiding risk
A way of creating sustainable value by embracing risk
Focus on what has happened
Focus on what could happen
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
20
What is Risk Management?
What is Risk?“the chance of something that will have an impact on objectives. It is measured in terms of consequences and likelihood.”
What is Risk Management?“the culture, processes and
structures that are directed towards the effective
management of potential opportunities and adverse
effects”
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
21
Source: COSO Enterprise Risk Management – Integrated Framework (September 2004)
Enterprise Risk Management Defined
“Enterprise risk management isa process, effected by an entity’s board of directors, management and other personnel,applied in strategy setting and across the enterprise,designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
22
ERM Drivers?
External triggersShare shocker: Surprises that lead to a falling or poor-performing share priceBorn in the U.S.A.: Sarbanes-Oxley controls reporting is time-consuming and must deliver back more than just complianceCapital concerns: Credit-rating agencies taking an interest in governance and risk management capabilitiesRules and more rules: New trends in the regulatory environment at home and abroad (e.g., Euro-SOX)Listing pressure: Demerger or listing on a new exchange that requires additional governance and compliance processesLosing face: An event that could put the company’s reputation at significant risk of damage
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
23
ERM Drivers? (continued)
Internal triggersMusical chairs A new CEO or Chair of the Board/Audit Committee who is open to fresh approachesFlex from the center Concerns at HQ about the level of control they have over a diverse businessExpansionists The company is growing quickly and struggling to maintain control over operationsA risky business Major changes in business direction or the dynamics of an industryTicking off Ongoing Audit Committee or major shareholder complaining about a lack of internal controlKeeping up with the TrendsExecutive management wants to maintain parity with the practices of their peers
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
24
21%
20%
8%
4%
48%
76%
53%
50%
29%
24%
0% 20% 40% 60% 80% 100%
Other
No/little change
Improved equity value or reduced debt costs
Reduced earnings volatility due to hedging
Improved earnings or shareholder value
Reduced infrastructure, operating, or resource costs
Improved decision-making
Improved operations
Improved regulatory compliance
Improved risk awareness and collaboration
What value has Enterprise-wide risk management created?
Source: KPMG, LLP: ERM in the US – A 2006 Report Card 265 US Company Responses
Where Are Global Companies Heading with ERM? Expected Potential Benefits/Outcomes
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
25
Accountability Pyramid
The BusinessHelp manage the risks
Risk Management OversightFacilitate the process
The Board Provide Governance
Helps enable direct objective comparison of risks
Risks can be
monitored and
reportedLimits/KRI’s and accountabilities are
setPolicies and procedures defined and implemented
Risk Policy and Appetite
Key Systems/Processes
Cle
ar a
nd
unam
bigu
ous
com
mun
icat
ion
of the
risk
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
26
Creating Process
Building and maintaining a dynamic risk management framework and process to achieve sustainability
Creating Content
Identifying, evaluating and prioritizing enterprise risks
KPMG ERM Framework
Risk Governance
Risk Assessment
Risk Quantification & Aggregation
Risk Monitoring and Reporting
Risk & Control Optimization
FrameworkElement
Description
Establishment of approach for developing, supporting, and embedding the risk
strategy and accountabilities
Identifying, assessing, and categorizing risks across the enterprise
Measurement, analysis, and consolidation of enterprise risks
Reporting, monitoring, and assurance activities to provide insights into risk management
strengths and weaknesses
Using risk and control information to help improve performance
Likelihood
Co
nse
qu
ence
Insignificant
Minor
Moderate
Major
Catastrophic
Remote Unlikely Possible Likely Almost certain
15
16
53
10 134
11
12
1
14
7
17
8
9
6 Top Risks (those that threaten)
1. Strategic Priorities
2. Business Model3. Corporate
Existence
Create Content
Create Process
ERM Content and Process
©2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
27
Questions???
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.