Professional Documents
Culture Documents
2017 IAWebinarSeries Course-2 ReducingTheBurdenOfSOXCompliance 042517
2017 IAWebinarSeries Course-2 ReducingTheBurdenOfSOXCompliance 042517
2017 IAWebinarSeries Course-2 ReducingTheBurdenOfSOXCompliance 042517
BURDEN OF SOX
COMPLIANCE
Technical Support | If you should have technical issues, please contact LearnLive:
Click on the Live Chat icon under the Support tab, OR call: 1-888-228-4088
Audio | Audio will be streamed through your computer speakers. If you experience
audio issues during today’s presentation, please dial into the teleconference:
1-855-233-5756, and use teleconference code: 226 838 6759 #
2
BEN TERMINI CPA,CISA,CFE
EAST REGION LEADER | RISK ADVISORY SERVICES
EDUCATION
B.S. in Accounting, Pace University
3
TODAY’S LEARNING OBJECTIVES
and
4
AGENDA
Client Perspective
5
STATE OF THE INDUSTRY
6
KEEPING PACE WITH REGULATORY CHANGE
PCAOB
Management Review
AS-5 Controls, System-
AS-2 Ongoing
Provides guidance to AS-12 generated reports
Rationalization
External Auditors and Completeness &
Accuracy Assertions
7
WHO HAS RESPONSIBILITY FOR INTERNAL
CONTROLS AND WHAT ARE THE REQUIREMENTS?
SEC
• 302 Management Certification
• 404(a) Management of internal controls
• 404(b) Management obtains independent audit of assessment
of controls
PCAOB
• AS5 External audit of management’s assessment of internal
controls
• AS12 Documentation of Management Review Controls,
Completeness and Accuracy considerations, and System
Generated Reports
COSO 2013 Framework
8
FILER COMPLIANCE REQUIREMENTS
9
RECENT REGULATORY CHANGES INCREASING
THE COST OF SOX COMPLIANCE
Increased Auditor Scrutiny:
10
BALANCING BETWEEN COST AND QUALITY
•Top Down focus on risk
• Full scope testing
HIGH • Narratives, flowcharts, risk and control matrices
• Operating effectiveness
• Detail documentation (MRCs and IPEs)
• Remediation
•302 certifications
• Risk assessment
• Targeted review of high risk processes
QUALITY
• Design assessment
COST
11
MOVING TO A 404(B) COMPLIANCE ENVIRONMENT
Impact on Management:
• Increased costs
• Enhanced documentation
• AS-12 compliance
12
CYBER SECURITY
Impact on Company:
13
TRANSITION CHALLENGES
14
MAXIMIZING VALUE UNDER A 404(B)
ENVIRONMENT / BEST PRACTICES
Eliminate the number of controls through
top-down, risk-based approach
Using the top-down approach to identify
direct entity-level controls
Maximize reliance by the external auditors on management testing
Executing controls flawlessly
Documenting the process and controls clearly and in detail
Completing a substantial portion of work, including testing all key
controls
15
CONTROL IMPROVEMENTS DERIVED
FROM SOX COMPLIANCE
70%
60%
50%
40%
30%
20%
10%
0%
Control High-Risk Routine Anti-Fraud Compensation
Environment Accounting Areas Accounting Processes Schemes
Controls
*
16
CLIENT INTERVIEW:
1. What are the most significant SOX challenges you see for your
company in the current year?
3. What are your top SOX priorities for this fiscal year?
17
QUESTIONS
BEN TERMINI
btermini@bdo.com
212-885-8124
18
CONCLUSION
THANK YOU FOR YOUR PARTICIPATION!
Exit | Please exit the interface by clicking the red “X” in the upper-
right-hand corner of your screen.
19