RevSOX Overview
RevSOX Overview
Primer
Copyright@LynnFountain2015
Sarbanes-Oxley
Copyright@LynnFountain2015
SOX Legislation
• The bill contains eleven sections.
• Sarbanes–Oxley was named after
sponsors U.S. Senator Paul Sarbanes (D-‐
MD) and U.S. Representative Michael
Oxley (R-‐OH).
• Significant opinion exists on the costs/
benefits with significant differences in
conclusions.
• Section 404 of the act is often singled
out for analysis.
Copyright@LynnFountain2015
Sarbanes-Oxley Act of 2002
• Title I: Establishment of Public Company
Accounting Oversight Board (PCAOB)
– Auditing, quality control, independence
standards; registered public
Accounting firm inspections,
investigations/ disciplinary proceedings.
• Title II: Auditor Independence
– Includes: services outside scope of
practice, pre-approval requirements,
audit partner rotation, reports to
audit committees, conflicts of interest.
Copyright@LynnFountain2015
Sarbanes-‐Oxley Act 2002
• Title III: Corporate Responsibility
– Section 302: Corporate responsibility
for financial reports. (ICFR)
– Other: Public company AC, insider trades,
forfeiture of certain bonuses and profits.
• Title IV: Enhanced Financial Disclosures
– Section 404: Management assessment of
internal controls.
– Other: code of ethics for senior financial
officers, enhanced review of periodic
disclosures, enhanced conflict of interest
provisions; audit committee financial expert.
Copyright@LynnFountain2015
Sarbanes-‐Oxley Act 2002
• Title V – Analyst conflicts of interest
• Title VI – Commission resources and authority (Federal Trade
Commission)
• Title VII – Studies and Reports
• Report on violators and violations, enforcement actions.
Copyright@LynnFountain2015
Sarbanes-‐Oxley Act 2002
• Title VIII – Corporate and criminal fraud
accountability
– Section 805 : Review for obstruction of
justice and criminal fraud
– Section 806: Protection for employees of
publicly traded companies who provide
evidence of fraud (whistleblower
hotline)
– Section 807: Criminal penalties for
defrauding shareholders of publicly
traded companies.
Copyright@LynnFountain2015
Sarbanes-Oxley Act 2002
• Title IX: White Collar crime penalty
enhancements.
– Section 902: Conspiracies to commit
criminal fraud offenses.
• Title X: Corporate Tax Returns
– Signing of corporate tax returns by
CEO.
• Title XI: Corporate Fraud
and Accountability
– Increased criminal penalties under SEC
Act of ‘34; record tampering.
Copyright@LynnFountain2015
Initial Challenges
• Legislation Interpretation.
• Terms and definitions.
• Understanding COSO.
• Developing an approach.
– Testing
– Resources
– Coordinating with external audit
• Training/knowledge/understanding.
• Buy-‐in.
SOX Jeopardy…..What is?
Copyright@LynnFountain2015
Legislation
• May 05’ PCAOB directives:
– Top-down/risk based
approach.
– Focus on entity-level
controls.
– Scope & extent of testing:
discouraged “minutia of
detail”.
– Reliance on work of others.
– Adequacy of internal audit.
Copyright@LynnFountain2015
Legislation
• Spring 06’ PCAOB directives:
– Reduce the cost of compliance
– Make AS2 more flexible and
scalable
– Focus on disclosures around
ICFR:
• Compensation disclosures
• Stock Options backdating
– Turn up volume on what is
really important.
Copyright@LynnFountain2015
Legislation
May 07 – SEC Guidance
• Clarified Material Weakness definition:
“having a reasonable possibility of
leading to a material misstatement that
will not be prevented or detected on a
timely basis.
• Eliminated requirement for auditors to
attest to management’s process of
evaluating internal controls.
Copyright@LynnFountain2015
Legislation
May 07 – PCAOB AS5
• Clarified need for top down
approach and focus on entity-level
controls.
• Emphasis placed on identification
of fraud risk assessment and
potential for management fraud.
• Eliminated the requirement for the
auditor to assess and give an
opinion on management’s
evaluation process.
Copyright@LynnFountain2015
Accounting Sequence of Events
Risk
Assessment Define priority accounts to be reviewed
Iden9fy significant accts./ disclosures and relevant assertions
Document
Document transaction flows that materially impact
processes financial statement elements
Copyright@LynnFountain2015
Where’s Waldo
COSO 2013
Copyright@LynnFountain2015
SOX 404 and COSO
The annual report must idenI fy:
• Responsibility/a+est a Ion of
internal controls
• Control framework
COSO CONTROL FRAMEWORK
• Control Environment: Mangement’s assessment must be
supported with su fficient evidence and
• Risk Assessment documenta7on
• Control AcI viI es
• Informa I on & Communica I on
• Monitoring
COSO Components
Control Environment
• Establishes “tone at the top”
• Refers to the overall opera I ng
environment including ethics, values,
management opera I ng style, commitment
to competence.
Risk Assessment
• IdenI fi es management ability to
set strategic and business objecI ves
• Evaluates components that contribute to
risk within the organizaI on.
Copyright@LynnFountain2015
COSO Components
Control Ac9vi9es
• Basic process in an organizaI on (e.g.
payroll, A/P, HR, Accounting).
• Evaluates manner in which each
process funcI ons to ensure proper
controls in place.
Copyright@LynnFountain2015
COSO Components
Informa9on/Communica9on
• Management’s ability to obtain the
appropriate informa I on regarding
acI viI es.
• Much of this a+ribute I es to IT
informa I on, but it also relates to
management’s ability to communicate
informa I on.
Monitoring
• Processes in place to monitor and control
deficiencies.
Copyright@LynnFountain2015
SOX Primer Overview
Copyright@LynnFountain2015