Elegantsolutions. ca What You Didn’t Know You Don’t Know About Compliance And What it Means to You as a Project Manager August 17, 2006 Boyd Carter, PMP Elegantsolutions.ca “We have not designed the machines that are needed to build the machines that will be used to build the product that we are planning to take to market”. In other words: We don’t know what we
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Elegantsolutions.ca
What You Didn’t Know You Don’t Know About Compliance
And What it Means to You as a Project Manager
August 17, 2006
Boyd Carter, PMP
Elegantsolutions.ca
“We have not designed the machinesthat are needed to build the machinesthat will be used to build the productthat we are planning to take to market”.
Agenda What you know you don’t know about compliance What you didn’t know you don’t know about
compliance What it means to you as a project manager Resources for the Project Manager
High-level annotated Microsoft Project Plan Description of “must have” resource documents Links to the best online resources A copy of the presentation
What You Know You Don’t Know About Compliance (Cont.)
Details of the US Legislation Sarbanes-Oxley Act of 2002 (Public Law 107-204---July 30, 2002, 107th
Congress of the United States of America) Title I – Public Company Accounting Oversight Board
Section 102 – Registration with the Board (to prepare and/or issue Audit Reports) AS2 (Auditing Standard No. 2)
Title II – Auditor Independence Title III – Corporate Responsibility
Section 302 – Corporate Responsibility for Financial Reports Title IV – Enhanced Financial Disclosures
Section 404 – Management Assessment of Internal Controls Titles V – XI
V – Analysts Conflicts of Interest VI – Commission Resources and Authority VIII – Corporate and Criminal Fraud Accountability IX – White-collar Crime Penalty Enhancements X – Corporate Tax Returns XI – Corporate Fraud and Accountability
What You Know You Don’t Know About Compliance (Cont.)
Details of the Canadian Legislation Bill 198 – An Act to implement budget measures and other initiatives
of the Government, 3rd Session, 37th Legislature, Ontario, 2002 (and subsequent amendments) Part XXVII – Amends the Ontario Securities Act
Ontario Securities Commission – A Self-funded Crown Corporation and the Regulator of Ontario’s Capital Markets: Charter of Corporate Governance (The OSC administers the Securities Act Ontario and Commodity Futures Act, and is empowered to make legally binding rules. )
CSA – Canadian Securities Administrators is the council of Canada’s thirteen provincial and territorial securities regulatory authorities (SRAs). NI 52-108 – Auditor Oversight MI 52-109 – Certification of Disclosure… MI 52-110 – Audit Committees MI 52-111 – Reporting on Internal Control… (not implemented) CSA Notice 52-313 – Status of MI 52-111 (Decision to not implement) and
What You Know You Don’t Know About Compliance (Cont.)
About Assessments and Attestations SEC. 302. CORPORATE RESPONSIBILITY FOR FINANCIAL REPORTS.
(a) REGULATIONS REQUIRED.—The Commission shall, by rule, require, for each company filing periodic reports under section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m, 78o(d)), that the principal executive officer or officers and the principal financial officer or officers, or persons performing similar functions, certify in each annual or quarterly report filed or submitted under either such section of such Act…
(SOX) SEC. 404. MANAGEMENT ASSESSMENT OF INTERNAL CONTROLS. (a) RULES REQUIRED.—The Commission shall prescribe rules requiring each annual
report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) to contain an internal control report, which shall—
(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
(2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.
(b) INTERNAL CONTROL EVALUATION AND REPORTING.—With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.
Certifications typically take place after remediation is completed, but remediation could be cut off at a point in time and status certified at that point in time. (“Certification” is certification of status at a point in time, not certification of compliance.)
If remediation is required, action plans are executed and the control re-tested. The current state of remediation (and future activity, if required) is documented at the time of certification.
> Remediation
> Remediation Action Plans
Achieving Operational Effectiveness
Documented at this level are the processes of the company
Documented at this level are specific risks associated with the process
Documented at this level are specific controls associated with the mitigation of risk
> The company’s detailed processes
for achieving the Control Objectives
> Risk of Non-compliance N-C
> Company Controls
> Tests
Documented at this level are specific tests associated with the control
Control
Design
Control
Effectiveness
What You Didn’t Know You Don’t Know About Compliance- How to Develop a Control Design and Evaluate Control Effectiveness