Sameer Pradhan Sameer Pradhan 1 SOX Compliance SOX Compliance
Jan 05, 2016
Sameer PradhanSameer Pradhan 11
SOX ComplianceSOX Compliance
Sameer PradhanSameer Pradhan 22
Internal AuditInternal Audit• CARO RequirementCARO Requirement• As per Sarbanes Oxley Act, 2002As per Sarbanes Oxley Act, 2002• Clause 49 of Listing AgreementClause 49 of Listing Agreement• SAS 70 ReportSAS 70 Report
Sameer PradhanSameer Pradhan 33
Internal AuditInternal Audit• CARO RequirementCARO Requirement
Requirement of CARO – Auditor’s Requirement of CARO – Auditor’s comment on internal auditcomment on internal audit
• Clause 49 of Listing AgreementClause 49 of Listing Agreement
- A- Applicable to listed companies in pplicable to listed companies in Indian Stock Exchange.Indian Stock Exchange.
• SAS 70 ReportSAS 70 Report
- Use of Service Organizations like - Use of Service Organizations like payroll - Hewitt, MF accounting – Syntel payroll - Hewitt, MF accounting – Syntel Outsourcing, etcOutsourcing, etc
Sameer PradhanSameer Pradhan 44
Internal AuditInternal AuditSarbanes Oxley Act, 2002Sarbanes Oxley Act, 2002• Applies to all companies listed in SECApplies to all companies listed in SEC• US based company and its US based company and its
subsidiaries, foreign companies like subsidiaries, foreign companies like Patni, TATA Motors ADR listed in Patni, TATA Motors ADR listed in NYSC.NYSC.
• Sec 404 – Internal control on Sec 404 – Internal control on Financial ReportingFinancial Reporting
• Certification by CEO/CFO on quarterly Certification by CEO/CFO on quarterly basis.basis.
Sameer PradhanSameer Pradhan 55
Internal AuditInternal AuditSarbanes Oxley Act, 2002Sarbanes Oxley Act, 2002
Senator Paul SarbanesSenator Paul SarbanesMike Oxley
Sameer PradhanSameer Pradhan 66
End in Mind…End in Mind… a statement a statement acknowledging your responsibility acknowledging your responsibility for establishing and for establishing and
maintaining adequate “internal control over financial reporting“maintaining adequate “internal control over financial reporting“ a statement a statement identifying the internal control framework identifying the internal control framework you used to you used to
conduct your evaluation of the effectiveness of internal control over conduct your evaluation of the effectiveness of internal control over financial reporting financial reporting
an an assessment of the effectiveness assessment of the effectiveness of your company's internal control of your company's internal control over financialover financial reporting reporting as of the end of your most recent fiscal year. as of the end of your most recent fiscal year. Assertion: Assertion: a statement as to whether or not your company's a statement as to whether or not your company's
internal control over financial reporting is effectiveinternal control over financial reporting is effective disclosure of any “material weaknesses“disclosure of any “material weaknesses“ in your company's internal in your company's internal
control over financial reporting. control over financial reporting. If there are any disclosed material weaknesses, then you are not If there are any disclosed material weaknesses, then you are not
permitted to conclude that your internal control over financial permitted to conclude that your internal control over financial reporting is effectivereporting is effective
a statement that your a statement that your independent auditors have issued a reportindependent auditors have issued a report on on your assessment of internal control over financial reportingyour assessment of internal control over financial reporting
Sameer PradhanSameer Pradhan 77
How to be there..,How to be there..,
FinancialFinancial Controls must be suitably designed using established Controls must be suitably designed using established criteria (COSO)criteria (COSO)
Control objectives and related financial controls are Control objectives and related financial controls are appropriately documentedappropriately documented
Documentation is auditableDocumentation is auditable
Key financial controls are identified (Assertions)Key financial controls are identified (Assertions)
Management perform the own tests of:Management perform the own tests of:
• the design of controls over financial reportingthe design of controls over financial reporting
• the effectiveness based on key financial controlsthe effectiveness based on key financial controls
Deficiencies are documented, disclosed and Deficiencies are documented, disclosed and addressed.addressed.
Sameer PradhanSameer Pradhan 88
Applying the COSO Applying the COSO FrameworkFramework
Control Environment Sets tone of organization-
influencing control consciousness of its people.
Factors include integrity, ethical values, competence, authority, responsibility.
Foundation for all other components of control.
Risk Assessment Risk assessment is the
identification and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities.
Monitoring Assessment of a control
system’s performance over time.
Combination of ongoing and separate evaluation.
Management and supervisory activities.
Internal audit activities.
Control Activities Policies/procedures that
ensure management directives are carried out.
Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties.
Information & Communication
Pertinent information identified, captured and communicated in a timely manner.
Access to internal and externally generated information.
Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action.
Sameer PradhanSameer Pradhan 99
ControlsControls Preventative and Detective ControlsPreventative and Detective Controls
Manual and Automated ControlsManual and Automated Controls
Business Performance Review / Monitoring Business Performance Review / Monitoring Controls Controls
General Computer Controls (IT Level Controls)General Computer Controls (IT Level Controls)
Application Controls (Transaction Level Controls in Application Controls (Transaction Level Controls in Computer System)Computer System)
Sameer PradhanSameer Pradhan 1010
Control objectives for Transaction Control objectives for Transaction ProcessingProcessing
Completeness of records (C) - controls over completeness are designed to Completeness of records (C) - controls over completeness are designed to ensure that:ensure that: All transactions are recorded once and only once.All transactions are recorded once and only once. All transactions are recorded in the correct period and in the correct All transactions are recorded in the correct period and in the correct
legal entity.legal entity. Accuracy of records (A) - controls over accuracy are designed to ensure Accuracy of records (A) - controls over accuracy are designed to ensure
that:that: All transactions are accurately recorded in the general ledger, including All transactions are accurately recorded in the general ledger, including
correct classification to ensure compliance with disclosure correct classification to ensure compliance with disclosure requirements.requirements.
Assets and liabilities are recorded at an appropriate value.Assets and liabilities are recorded at an appropriate value. Changes to standing data are accurately input.Changes to standing data are accurately input.
Validity of records (V) - controls over validity are designed to ensure that:Validity of records (V) - controls over validity are designed to ensure that: Transactions are authorized.Transactions are authorized. Transactions are genuine and they relate to Company.Transactions are genuine and they relate to Company. Changes to standing data are authorized.Changes to standing data are authorized.
Restricted access to assets and records (R) - controls to restricted access Restricted access to assets and records (R) - controls to restricted access are designed to ensure that:are designed to ensure that: There is appropriate segregation of duties with respect to key controls.There is appropriate segregation of duties with respect to key controls. Physical assets (e.g. gold bullion) are appropriately safeguarded.Physical assets (e.g. gold bullion) are appropriately safeguarded.
Sameer PradhanSameer Pradhan 1111
Financial Reporting - Financial Reporting - AssertionsAssertions
Existence or OccurrenceExistence or Occurrence Assets or liability exist at a given date (FG)Assets or liability exist at a given date (FG) Transaction occurred during a given period (Sales)Transaction occurred during a given period (Sales)
CompletenessCompleteness All financial transactions are included for reporting (Purchases)All financial transactions are included for reporting (Purchases)
Valuation or AllocationValuation or Allocation All amounts represented at appropriate amount (Accounts All amounts represented at appropriate amount (Accounts
receivable)receivable)
Rights and ObligationsRights and Obligations Assets and Liabilities represents rights and obligations (Lease Assets and Liabilities represents rights and obligations (Lease
capitalized)capitalized)
Presentation & DisclosurePresentation & Disclosure Properly classified and disclosed (Long term liabilities)Properly classified and disclosed (Long term liabilities)
Sameer PradhanSameer Pradhan 1212
Documentation standardsDocumentation standards Management must document the design of controls related to all Management must document the design of controls related to all
relevant assertions for all significant financial statement accountsrelevant assertions for all significant financial statement accounts Documentation must encompass the entire process of:Documentation must encompass the entire process of:
initiatinginitiating authorisingauthorising recordingrecording processingprocessing reporting individual transactionsreporting individual transactions
The required documentation might take various forms: flowcharts, The required documentation might take various forms: flowcharts, policy manuals, accounting manuals, narrative memoranda, policy manuals, accounting manuals, narrative memoranda, decision tables, procedural write-ups or completed questionnairesdecision tables, procedural write-ups or completed questionnaires
Flowcharts, supplemented by narrative descriptions, are Flowcharts, supplemented by narrative descriptions, are frequently the most effective form of control documentationfrequently the most effective form of control documentation
Sameer PradhanSameer Pradhan 1313
Confirms that the documentation prepared by the Confirms that the documentation prepared by the company reflects its company reflects its actualactual processes processes
Confirm that controls described in the Confirm that controls described in the documentation are actually those applied “in the documentation are actually those applied “in the field”field”
Confirm that, Confirm that, at leastat least, all key controls have been , all key controls have been documented appropriately (completeness of the documented appropriately (completeness of the process documented)process documented)
Objectives of a walkthroughObjectives of a walkthrough
Walkthroughs should confirm that the documentation is appropriate
to develop the testing plan
Sameer PradhanSameer Pradhan 1414
Gaps in ControlsGaps in Controls Processes not adequately documented (scope and quality)Processes not adequately documented (scope and quality)
Controls not implementedControls not implemented
Controls poorly designedControls poorly designed
Controls not working effectivelyControls not working effectively
Control-related roles not assignedControl-related roles not assigned
Non-existence of policiesNon-existence of policies
Gaps identified during documentation process – Will be Gaps identified during documentation process – Will be shared on confirmation during walk-through processshared on confirmation during walk-through process
Sameer PradhanSameer Pradhan 1515
Process identified for documentationProcess identified for documentation
Purchase of Materials and Accounts PayablePurchase of Materials and Accounts Payable Production AccountingProduction Accounting Stock AccountingStock Accounting Sales Accounting and Accounts ReceivablesSales Accounting and Accounts Receivables Treasury and Banking TransactionsTreasury and Banking Transactions General AccountingGeneral Accounting Fixed AssetsFixed Assets
ScopeScopeScopeScope
Sameer PradhanSameer Pradhan 1616
Master maintenance – BOM & SuppliersMaster maintenance – BOM & Suppliers Issue of purchase ordersIssue of purchase orders ReceivablesReceivables GAR and Inventory VerificationGAR and Inventory Verification Raising debit notes on creditors Raising debit notes on creditors Accounting for creditorsAccounting for creditors Payment processingPayment processing
Purchase of Materials and Accounts Purchase of Materials and Accounts PayablePayablePurchase of Materials and Accounts Purchase of Materials and Accounts PayablePayable
Sameer PradhanSameer Pradhan 1717
Material IssuesMaterial Issues Production accounting – back flashingProduction accounting – back flashing Costing and standard updationCosting and standard updation
Production AccountingProduction AccountingProduction AccountingProduction Accounting
Sameer PradhanSameer Pradhan 1818
Physical VerificationPhysical Verification Stock valuationStock valuation 3P Management3P Management
Stock AccountingStock AccountingStock AccountingStock Accounting
Sameer PradhanSameer Pradhan 1919
Master maintenance Master maintenance Receiving and accepting sales ordersReceiving and accepting sales orders Dispatching Dispatching Accounting sales and debtors Accounting sales and debtors Provision for debtorsProvision for debtors
Sales Accounting to ReceivablesSales Accounting to Receivables Sales Accounting to ReceivablesSales Accounting to Receivables
Sameer PradhanSameer Pradhan 2020
Payment and receipt of moneyPayment and receipt of money Schedule of authoritySchedule of authority Banking of receiptsBanking of receipts Accounting for FOREX conversion and forward Accounting for FOREX conversion and forward
coverscovers Export Packing credit managementExport Packing credit management Bank Recos.Bank Recos.
Treasury and banking transactions Treasury and banking transactions Treasury and banking transactions Treasury and banking transactions
Sameer PradhanSameer Pradhan 2121
Inter Unit TransferInter Unit Transfer Cut offs and period end/ consolidationCut offs and period end/ consolidation Journal entriesJournal entries Restructuring provisions Restructuring provisions
General Accounting General Accounting General Accounting General Accounting
Sameer PradhanSameer Pradhan 2222
Capital Proposal approval and capital advances Capital Proposal approval and capital advances accountingaccounting
Receiving and accounting for capital WIPReceiving and accounting for capital WIP Additions to Fixed Assets and deletion from Fixed Additions to Fixed Assets and deletion from Fixed
AssetsAssets Depreciation AccountingDepreciation Accounting Impairment provisionsImpairment provisions Physical verificationPhysical verification
Fixed AssetsFixed AssetsFixed AssetsFixed Assets
Sameer PradhanSameer Pradhan 2323
THANK YOUTHANK YOU