Post on 04-Feb-2018
7/21/2019 Sarbense Oxley
1/90
7/21/2019 Sarbense Oxley
2/90
2
Corporate Scandals
7/21/2019 Sarbense Oxley
3/90
3
-
...
.
-
.
Sarbense-
Oxely Act (SOA)
7/21/2019 Sarbense Oxley
4/90
7/21/2019 Sarbense Oxley
5/90
5
2002/06/23
2002/07/30SEC.
7/21/2019 Sarbense Oxley
6/90
6
1933
1960
19441944
1969
.
7/21/2019 Sarbense Oxley
7/90
7
-2002
--
:
2002
.
1934
.
1166.
7/21/2019 Sarbense Oxley
8/90
7/21/2019 Sarbense Oxley
9/90
9
:PCAOB
.
7/21/2019 Sarbense Oxley
10/90
10
:PCAOB
-101--102--103- -104-
-
105-
-106--107--108-
-
109-
7/21/2019 Sarbense Oxley
11/90
7/21/2019 Sarbense Oxley
12/90
12
::
.
7/21/2019 Sarbense Oxley
13/90
13
::
201-
202-
203-
204-
205-
206-
207-
208-
209-
7/21/2019 Sarbense Oxley
14/90
7/21/2019 Sarbense Oxley
15/90
15
:
.
7/21/2019 Sarbense Oxley
16/90
16
:
-301--302--303--304--
305-
-306--307-
-308-
7/21/2019 Sarbense Oxley
17/90
7/21/2019 Sarbense Oxley
18/90
18
:
.
.
7/21/2019 Sarbense Oxley
19/90
19
:
401-402-403-404- 405-406-407- 408-
409-
7/21/2019 Sarbense Oxley
20/90
7/21/2019 Sarbense Oxley
21/90
21
:
( .
(
501-
((NSE((RSA
7/21/2019 Sarbense Oxley
22/90
7/21/2019 Sarbense Oxley
23/90
23
:
.
601-602- 603-
604-
7/21/2019 Sarbense Oxley
24/90
7/21/2019 Sarbense Oxley
25/90
25
:
.
701-
702-703-704-
705-
7/21/2019 Sarbense Oxley
26/90
7/21/2019 Sarbense Oxley
27/90
27
:
.
801:802:
803:
804:805- 806-
807-
7/21/2019 Sarbense Oxley
28/90
7/21/2019 Sarbense Oxley
29/90
7/21/2019 Sarbense Oxley
30/90
7/21/2019 Sarbense Oxley
31/90
7/21/2019 Sarbense Oxley
32/90
7/21/2019 Sarbense Oxley
33/90
33
:
.
7/21/2019 Sarbense Oxley
34/90
34
:
1001-
1102-
1103-
1104-
1105-
1106-
1934
1107-
7/21/2019 Sarbense Oxley
35/90
7/21/2019 Sarbense Oxley
36/90
36
7/21/2019 Sarbense Oxley
37/90
37
7/21/2019 Sarbense Oxley
38/90
38
()
7/21/2019 Sarbense Oxley
39/90
39
5
8
.
/
7/21/2019 Sarbense Oxley
40/90
40
20
14/4/1384
.
.
7/21/2019 Sarbense Oxley
41/90
SEC
SOX
SEC
7/21/2019 Sarbense Oxley
42/90
42
-SEC
.
7/21/2019 Sarbense Oxley
43/90
7/21/2019 Sarbense Oxley
44/90
44
-
2002
.
:
.
.
7/21/2019 Sarbense Oxley
45/90
45
1970
.
1970
.
.
7/21/2019 Sarbense Oxley
46/90
46
.
.
1970
.
7/21/2019 Sarbense Oxley
47/90
7/21/2019 Sarbense Oxley
48/90
48
.
193419331929
.
1939.
.
.
103
18
.
7/21/2019 Sarbense Oxley
49/90
7/21/2019 Sarbense Oxley
50/90
50
....1933
.
2 3
1933
30 20
1934
3 1
1940
7/21/2019 Sarbense Oxley
51/90
PCAOB
PCAOB
7/21/2019 Sarbense Oxley
52/90
52
PCAOB
-
(PCAOB)
.
.
.
PCAOB
7/21/2019 Sarbense Oxley
53/90
53
PCAOB
101
-
:
1933
.
.
5.
.
2
.
.
5
5
.
7/21/2019 Sarbense Oxley
54/90
PCAOB
7/21/2019 Sarbense Oxley
55/90
55
PCAOB
:
- -
-
--108
FASB
7/21/2019 Sarbense Oxley
56/90
7/21/2019 Sarbense Oxley
57/90
57
:
-
.
-
.
-
5.7
.
7/21/2019 Sarbense Oxley
58/90
58
-
.
7/21/2019 Sarbense Oxley
59/90
59
-
:
.
7/21/2019 Sarbense Oxley
60/90
7/21/2019 Sarbense Oxley
61/90
61
:
.
404
7/21/2019 Sarbense Oxley
62/90
404-
7/21/2019 Sarbense Oxley
63/90
63
404
.
:1
2
.
404
.
7/21/2019 Sarbense Oxley
64/90
404-
7/21/2019 Sarbense Oxley
65/90
65
-2004-
.
.
-
.
7/21/2019 Sarbense Oxley
66/90
The Five Components underthe COSO Framework
COSO Framework
7/21/2019 Sarbense Oxley
67/90
67
the COSO Framework
Control Activities
Policies/procedures that ensure
management directives are carried
out.
Range of activities including
approvals, authorizations,
verifications, recommendations,
performance reviews, asset
security and segregation of duties.
Monitoring
Assessment of a control systemsperformance over time.
Combination of ongoing andseparate evaluation.
Management and supervisoryactivities.
Internal audit activities.
Control Environment
Sets tone of organization-influencingcontrol consciousness of its people.
Factors include integrity, ethical values,competence, authority, responsibility.
Foundation for all other components ofcontrol.
Information and Communication
Pertinent information identified, capturedand communicated in a timely manner.
Access to internally and externallygenerated information.
Flow of information that allows forsuccessful control actions from
instructions on responsibilities tosummary of findings for managementaction.
Risk Assessment
Risk assessment is the
identification and analysis of
relevant risks to achieving the
entitys objectives-forming the
basis for determining control
activities.
Al l f ive com ponents must be in place
for a con trol to b e effect ive.
Intersection with Elements of aCompliance Program
7/21/2019 Sarbense Oxley
68/90
68
Compliance Program
Federal SentencingGuidelines
Experience from other
industry sectors
OIG ComplianceProgram Guidance
Standards and Procedures
Oversight Responsibility
Education and Training
Lines of Communication
Monitoring and Auditing
Enforcement and Discipline
Response and Prevention
Intersection with Elements of aCompliance Program
7/21/2019 Sarbense Oxley
69/90
69
Compliance Program
Code of Conduct Commitment by seniormanagement
Distribution to applicableemployees and contractors
Updating to addressnew risks
Values approach
Records retention
Standards and Procedures
Oversight Responsibility
Education and Training
Lines of Communication
Monitoring and Auditing
Enforcement and Discipline
Response and Prevention
Intersection with Elements of aCompliance Program
7/21/2019 Sarbense Oxley
70/90
70
Compliance Program
High-level involvement
Responsibility for developing,
operating, and monitoring the
compliance program
Direct access to Board and/orCEO
Updates to Board and/or CEO
Operational Committee
Standards and Procedures
Oversight Responsibility
Education and Training
Lines of Communication
Monitoring and Auditing
Enforcement and Discipline
Response and Prevention
7/21/2019 Sarbense Oxley
71/90
Intersection with Elements of aCompliance Program
7/21/2019 Sarbense Oxley
72/90
72
Compliance Program
Standards and Procedures
Oversight Responsibility
Education and Training
Lines of Communication
Monitoring and Auditing
Enforcement and Discipline
Response and Prevention
Hotlines
Exit interviews
Periodic surveys
Supervisor accountability
Documentation of issuesidentified and resolved
Periodic reports on issueshandled
Non-retaliation policy
Intersection with Elements of aCompliance Program
7/21/2019 Sarbense Oxley
73/90
73
p g
Standards and Procedures
Oversight Responsibility
Education and Training
Lines of Communication
Monitoring and Auditing
Enforcement and Discipline
Response and Prevention
Internal or external evaluatorsto perform regular reviews
Focus on high-risk areas
Validation of policies and
procedures Qualifications of reviewers
Corrective action in response toaudit results
Monitoring and reporting of
audit efforts
Intersection with Elements of aCompliance Program
7/21/2019 Sarbense Oxley
74/90
74
p g
Standards and Procedures
Oversight Responsibility
Education and Training
Lines of Communication
Monitoring and Auditing
Enforcement and Discipline
Response and Prevention
Consequences of violating thelaw, the Code of Conduct, orpolicies and procedures
Violations reviewed andresolved on a case-by-case basis
Consistent disciplinary action
Confidentiality
Periodic reports of action taken
Intersection with Elements of aCompliance Program
7/21/2019 Sarbense Oxley
75/90
75
p g
Standards and Procedures
Oversight Responsibility
Education and Training
Lines of Communication
Monitoring and Auditing
Enforcement and Discipline
Response and Prevention
Prompt investigations ofreasonable allegations ofsuspected noncompliance
Decisive steps to correctproblems identified
Reporting to Government whenappropriate under the advice oflegal counsel
Addressing DC&P Requirements
7/21/2019 Sarbense Oxley
76/90
76
Internal
Accounting
Controls
Disclosure Requirements
FinancialReporting
ComplianceOperations
Internal Cont
Over Financi
Reporting
Disclosure
Controls
and
Procedures
Other aspectof Complianc
and Operatio
pertaining to
DC&P
LEGEND
Operationalizing the ControlStructure, Including the CertificationEffort
7/21/2019 Sarbense Oxley
77/90
77
Effort
Emerging Model
7/21/2019 Sarbense Oxley
78/90
78
Quality, compliance and business risks managed in a coordinated manner -
easier to see key interrelationships and interdependencies
Board
ChiefCompliance
Officer
Day-to-Day
Operations
Financial Risk
Regulatory Risk
Systems/IT Risks Operational Risks
7/21/2019 Sarbense Oxley
79/90
79
7/21/2019 Sarbense Oxley
80/90
7/21/2019 Sarbense Oxley
81/90
81
...
.
.
7/21/2019 Sarbense Oxley
82/90
7/21/2019 Sarbense Oxley
83/90
83
!
(FASB)
SEC FASB
.
7/21/2019 Sarbense Oxley
84/90
84
SEC(
)
.
.
7/21/2019 Sarbense Oxley
85/90
85
.
1383
1372
.
.
7/21/2019 Sarbense Oxley
86/90
86
1386
74
36
.
:
7/21/2019 Sarbense Oxley
87/90
87
!!
!
:
7/21/2019 Sarbense Oxley
88/90
88
.
:
Thank God shes finished!
7/21/2019 Sarbense Oxley
89/90
Any question
7/21/2019 Sarbense Oxley
90/90
90