Top Banner
Vijay V Vijayakumar
15

Vijay V Vijayakumar. SOX Act Difference between IT Management and IT Governance Internal Controls Frameworks for Implementing SOX COSO - Committee.

Dec 29, 2015

Download

Documents

Sabina Harris
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Vijay V Vijayakumar

Page 2: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

SOX Act Difference between IT Management and IT Governance Internal Controls Frameworks for Implementing SOX

COSO - Committee of Sponsoring Organizations of Treadway Commission

COBIT - Control Objectives for Information and related Technology

Comparison of COSO and COBIT Issues

Page 3: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Need ◦ Wide Spread Malpractices in financial accounting of Public Corporations

e.g. Enron◦ Cost investors billions of dollars◦ Sarbanes-Oxley Act(SOX) was passed in 2002 to prevent such

occurrences◦ All public corporations have to comply with SOX

Intent◦ To protect investors by improving the accuracy and reliability of

corporate disclosures made pursuant to the securities laws, and for other purposes.

◦ Create new standards for corporate accountability as well as new penalties for acts of wrongdoing.

Impact: More focus on IT Governance(Internal Controls), transparency in business practices, more responsibility and accountability on Top Management.

Page 4: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

• 6 Areas of Importance Auditor Oversight Auditor Independence Corporate Responsibility Financial Disclosures Analyst conflicts of interest civil and criminal penalties for fraud and document

destruction

Page 5: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Auditor Oversight◦ common source of error.◦ No getting away from errors whether done intentional or

unintentional by the auditor

Auditor Independence ◦ More independence to auditors

Corporate responsibility – requires CEOs and CFOs to certify that reports have been

reviewed and to the best of their knowledge. CEO’s must evaluate internal controls before every

reporting

Page 6: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Financial Disclosures: All disclosures should be attested by top management. All events that might have impact on financial conditions

must be reported as soon as 48 hrs Analyst conflicts of interest : Manipulation is under scrutiny of top management thereby

reducing analyst conflicts of interest. Civil and criminal penalties : fine of up to $1,000,000, or imprisonment for not more

than 10 years, or both

IT Governance can be helpful in placing internal controls and thereby comply with SOX Act

Page 7: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

IT Management: ◦ Narrow focus◦ ensures supply of IT services for normal operation.

IT Governance: ◦ includes IT Management◦ to plan how the organization could meet its goals through

optimal use of IT resources.

Page 8: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

What are Internal Controls?

policies, procedures, practices, and organizational structures put in place to reduce risks

Are put in place all through the organization to reduce risks involved in various stages of operation

Objectives: economy and efficiency of operations reliability of financial and management reports compliance with laws and regulations

Page 9: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Unified approach for evaluation of Internal Control System Focuses on processes and people Has 5 control components that assures sound business

practices: ◦ Control Environment: management defines and communicates policies and

procedures to employees◦ Risk Management: Should be able to identify and analyze risks involved in

business.◦ Control Activities: Processes like approval, authorization, verification. Covers

entire organization.

Page 10: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

◦ Information and Communication: Information should be able to make its way to the

appropriate person in a timely way through proper communication channels.

◦ Monitoring: Controls checked for proper functioning periodically .

Remedies made known to auditors and action taken.

Latest Version includes Objective setting, event identification and risk response

Page 11: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Framework consistent with COSO. Rich, robust and most widely used 4 domains , 34 control objectives Latest version is 4.1 Aligns IT with business objectives, quality standards,

monetary controls and security needs

Page 12: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Planning and Organization : Assess how IT will be able to meet business needs

Acquisition and Implementation : IT solutions have to be developed or acquired to meet objectives

Delivery and Support : Continuous delivery and support of systems

Monitoring: monitors all IT process for quality and compliance with control requirement

Page 13: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

COSO is useful for management while COBIT is useful for IT management, users, and auditors.

COSO is focused on effectiveness, efficiency of operations, reliable financial reporting, and compliance with laws and regulations

COBIT is used to support business requirements and the associated IT resources and processes

COSO is the model of choice for The Security and Exchange Commission

Page 14: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Cost of Compliance: Average industry spending per year – $6 billion. Not suitable for small corporations.

Continuous checking of Internal Controls Maintaining Data Integrity Security Communication and Integrity

Page 15: Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

http://en.wikipedia.org/wiki/COBIT#COBIT_structure

http://www.sox-online.com