Sameer Pradhan 1 SOX Compliance. Sameer Pradhan 2 Internal Audit CARO RequirementCARO Requirement As per Sarbanes Oxley Act, 2002As per Sarbanes Oxley

Sameer PradhanSameer Pradhan 11

SOX ComplianceSOX Compliance


Internal AuditInternal Audit• CARO RequirementCARO Requirement• As per Sarbanes Oxley Act, 2002As per Sarbanes Oxley Act, 2002• Clause 49 of Listing AgreementClause 49 of Listing Agreement• SAS 70 ReportSAS 70 Report


Internal AuditInternal Audit• CARO RequirementCARO Requirement

Requirement of CARO – Auditor’s Requirement of CARO – Auditor’s comment on internal auditcomment on internal audit

• Clause 49 of Listing AgreementClause 49 of Listing Agreement

- A- Applicable to listed companies in pplicable to listed companies in Indian Stock Exchange.Indian Stock Exchange.

• SAS 70 ReportSAS 70 Report

- Use of Service Organizations like - Use of Service Organizations like payroll - Hewitt, MF accounting – Syntel payroll - Hewitt, MF accounting – Syntel Outsourcing, etcOutsourcing, etc


Internal AuditInternal AuditSarbanes Oxley Act, 2002Sarbanes Oxley Act, 2002• Applies to all companies listed in SECApplies to all companies listed in SEC• US based company and its US based company and its

subsidiaries, foreign companies like subsidiaries, foreign companies like Patni, TATA Motors ADR listed in Patni, TATA Motors ADR listed in NYSC.NYSC.

• Sec 404 – Internal control on Sec 404 – Internal control on Financial ReportingFinancial Reporting

• Certification by CEO/CFO on quarterly Certification by CEO/CFO on quarterly basis.basis.


Internal AuditInternal AuditSarbanes Oxley Act, 2002Sarbanes Oxley Act, 2002

Senator Paul SarbanesSenator Paul SarbanesMike Oxley


End in Mind…End in Mind… a statement a statement acknowledging your responsibility acknowledging your responsibility for establishing and for establishing and

maintaining adequate “internal control over financial reporting“maintaining adequate “internal control over financial reporting“ a statement a statement identifying the internal control framework identifying the internal control framework you used to you used to

conduct your evaluation of the effectiveness of internal control over conduct your evaluation of the effectiveness of internal control over financial reporting financial reporting

an an assessment of the effectiveness assessment of the effectiveness of your company's internal control of your company's internal control over financialover financial reporting reporting as of the end of your most recent fiscal year. as of the end of your most recent fiscal year. Assertion: Assertion: a statement as to whether or not your company's a statement as to whether or not your company's

internal control over financial reporting is effectiveinternal control over financial reporting is effective disclosure of any “material weaknesses“disclosure of any “material weaknesses“ in your company's internal in your company's internal

control over financial reporting. control over financial reporting. If there are any disclosed material weaknesses, then you are not If there are any disclosed material weaknesses, then you are not

permitted to conclude that your internal control over financial permitted to conclude that your internal control over financial reporting is effectivereporting is effective

a statement that your a statement that your independent auditors have issued a reportindependent auditors have issued a report on on your assessment of internal control over financial reportingyour assessment of internal control over financial reporting


How to be there..,How to be there..,

FinancialFinancial Controls must be suitably designed using established Controls must be suitably designed using established criteria (COSO)criteria (COSO)

Control objectives and related financial controls are Control objectives and related financial controls are appropriately documentedappropriately documented

Documentation is auditableDocumentation is auditable

Key financial controls are identified (Assertions)Key financial controls are identified (Assertions)

Management perform the own tests of:Management perform the own tests of:

• the design of controls over financial reportingthe design of controls over financial reporting

• the effectiveness based on key financial controlsthe effectiveness based on key financial controls

Deficiencies are documented, disclosed and Deficiencies are documented, disclosed and addressed.addressed.


Applying the COSO Applying the COSO FrameworkFramework

Control Environment Sets tone of organization-

influencing control consciousness of its people.

Factors include integrity, ethical values, competence, authority, responsibility.

Foundation for all other components of control.

Risk Assessment Risk assessment is the

identification and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities.

Monitoring Assessment of a control

system’s performance over time.

Combination of ongoing and separate evaluation.

Management and supervisory activities.

Internal audit activities.

Control Activities Policies/procedures that

ensure management directives are carried out.

Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties.

Information & Communication

Pertinent information identified, captured and communicated in a timely manner.

Access to internal and externally generated information.

Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action.


ControlsControls Preventative and Detective ControlsPreventative and Detective Controls

Manual and Automated ControlsManual and Automated Controls

Business Performance Review / Monitoring Business Performance Review / Monitoring Controls Controls

General Computer Controls (IT Level Controls)General Computer Controls (IT Level Controls)

Application Controls (Transaction Level Controls in Application Controls (Transaction Level Controls in Computer System)Computer System)


Control objectives for Transaction Control objectives for Transaction ProcessingProcessing

Completeness of records (C) - controls over completeness are designed to Completeness of records (C) - controls over completeness are designed to ensure that:ensure that: All transactions are recorded once and only once.All transactions are recorded once and only once. All transactions are recorded in the correct period and in the correct All transactions are recorded in the correct period and in the correct

legal entity.legal entity. Accuracy of records (A) - controls over accuracy are designed to ensure Accuracy of records (A) - controls over accuracy are designed to ensure

that:that: All transactions are accurately recorded in the general ledger, including All transactions are accurately recorded in the general ledger, including

correct classification to ensure compliance with disclosure correct classification to ensure compliance with disclosure requirements.requirements.

Assets and liabilities are recorded at an appropriate value.Assets and liabilities are recorded at an appropriate value. Changes to standing data are accurately input.Changes to standing data are accurately input.

Validity of records (V) - controls over validity are designed to ensure that:Validity of records (V) - controls over validity are designed to ensure that: Transactions are authorized.Transactions are authorized. Transactions are genuine and they relate to Company.Transactions are genuine and they relate to Company. Changes to standing data are authorized.Changes to standing data are authorized.

Restricted access to assets and records (R) - controls to restricted access Restricted access to assets and records (R) - controls to restricted access are designed to ensure that:are designed to ensure that: There is appropriate segregation of duties with respect to key controls.There is appropriate segregation of duties with respect to key controls. Physical assets (e.g. gold bullion) are appropriately safeguarded.Physical assets (e.g. gold bullion) are appropriately safeguarded.


Financial Reporting - Financial Reporting - AssertionsAssertions

Existence or OccurrenceExistence or Occurrence Assets or liability exist at a given date (FG)Assets or liability exist at a given date (FG) Transaction occurred during a given period (Sales)Transaction occurred during a given period (Sales)

CompletenessCompleteness All financial transactions are included for reporting (Purchases)All financial transactions are included for reporting (Purchases)

Valuation or AllocationValuation or Allocation All amounts represented at appropriate amount (Accounts All amounts represented at appropriate amount (Accounts

receivable)receivable)

Rights and ObligationsRights and Obligations Assets and Liabilities represents rights and obligations (Lease Assets and Liabilities represents rights and obligations (Lease

capitalized)capitalized)

Presentation & DisclosurePresentation & Disclosure Properly classified and disclosed (Long term liabilities)Properly classified and disclosed (Long term liabilities)


Documentation standardsDocumentation standards Management must document the design of controls related to all Management must document the design of controls related to all

relevant assertions for all significant financial statement accountsrelevant assertions for all significant financial statement accounts Documentation must encompass the entire process of:Documentation must encompass the entire process of:

initiatinginitiating authorisingauthorising recordingrecording processingprocessing reporting individual transactionsreporting individual transactions

The required documentation might take various forms: flowcharts, The required documentation might take various forms: flowcharts, policy manuals, accounting manuals, narrative memoranda, policy manuals, accounting manuals, narrative memoranda, decision tables, procedural write-ups or completed questionnairesdecision tables, procedural write-ups or completed questionnaires

Flowcharts, supplemented by narrative descriptions, are Flowcharts, supplemented by narrative descriptions, are frequently the most effective form of control documentationfrequently the most effective form of control documentation


Confirms that the documentation prepared by the Confirms that the documentation prepared by the company reflects its company reflects its actualactual processes processes

Confirm that controls described in the Confirm that controls described in the documentation are actually those applied “in the documentation are actually those applied “in the field”field”

Confirm that, Confirm that, at leastat least, all key controls have been , all key controls have been documented appropriately (completeness of the documented appropriately (completeness of the process documented)process documented)

Objectives of a walkthroughObjectives of a walkthrough

Walkthroughs should confirm that the documentation is appropriate

to develop the testing plan


Gaps in ControlsGaps in Controls Processes not adequately documented (scope and quality)Processes not adequately documented (scope and quality)

Controls not implementedControls not implemented

Controls poorly designedControls poorly designed

Controls not working effectivelyControls not working effectively

Control-related roles not assignedControl-related roles not assigned

Non-existence of policiesNon-existence of policies

Gaps identified during documentation process – Will be Gaps identified during documentation process – Will be shared on confirmation during walk-through processshared on confirmation during walk-through process


Process identified for documentationProcess identified for documentation

Purchase of Materials and Accounts PayablePurchase of Materials and Accounts Payable Production AccountingProduction Accounting Stock AccountingStock Accounting Sales Accounting and Accounts ReceivablesSales Accounting and Accounts Receivables Treasury and Banking TransactionsTreasury and Banking Transactions General AccountingGeneral Accounting Fixed AssetsFixed Assets

ScopeScopeScopeScope


Master maintenance – BOM & SuppliersMaster maintenance – BOM & Suppliers Issue of purchase ordersIssue of purchase orders ReceivablesReceivables GAR and Inventory VerificationGAR and Inventory Verification Raising debit notes on creditors Raising debit notes on creditors Accounting for creditorsAccounting for creditors Payment processingPayment processing

Purchase of Materials and Accounts Purchase of Materials and Accounts PayablePayablePurchase of Materials and Accounts Purchase of Materials and Accounts PayablePayable


Material IssuesMaterial Issues Production accounting – back flashingProduction accounting – back flashing Costing and standard updationCosting and standard updation

Production AccountingProduction AccountingProduction AccountingProduction Accounting


Physical VerificationPhysical Verification Stock valuationStock valuation 3P Management3P Management

Stock AccountingStock AccountingStock AccountingStock Accounting


Master maintenance Master maintenance Receiving and accepting sales ordersReceiving and accepting sales orders Dispatching Dispatching Accounting sales and debtors Accounting sales and debtors Provision for debtorsProvision for debtors

Sales Accounting to ReceivablesSales Accounting to Receivables Sales Accounting to ReceivablesSales Accounting to Receivables


Payment and receipt of moneyPayment and receipt of money Schedule of authoritySchedule of authority Banking of receiptsBanking of receipts Accounting for FOREX conversion and forward Accounting for FOREX conversion and forward

coverscovers Export Packing credit managementExport Packing credit management Bank Recos.Bank Recos.

Treasury and banking transactions Treasury and banking transactions Treasury and banking transactions Treasury and banking transactions


Inter Unit TransferInter Unit Transfer Cut offs and period end/ consolidationCut offs and period end/ consolidation Journal entriesJournal entries Restructuring provisions Restructuring provisions

General Accounting General Accounting General Accounting General Accounting


Capital Proposal approval and capital advances Capital Proposal approval and capital advances accountingaccounting

Receiving and accounting for capital WIPReceiving and accounting for capital WIP Additions to Fixed Assets and deletion from Fixed Additions to Fixed Assets and deletion from Fixed

AssetsAssets Depreciation AccountingDepreciation Accounting Impairment provisionsImpairment provisions Physical verificationPhysical verification

Fixed AssetsFixed AssetsFixed AssetsFixed Assets


THANK YOUTHANK YOU

Documents

Sameer Pradhan 1 SOX Compliance. Sameer Pradhan 2 Internal Audit CARO RequirementCARO Requirement As per Sarbanes Oxley Act, 2002As per Sarbanes Oxley