ertified Internal ontrol Specialist (IS) Intensive ourse

INTERNAL CONTROL INSTITUTE BRASIL

2020

Certified Internal Control Specialist (CICS) Intensive Course

Skill Seven – Check lists Eduardo Person Pardini

C R O S S O V E R C O N S U L T I N G & A U D I T I N G

Curso EAD

1

2020 Copyright © Internal Control Institute Edition III v 1 Proibida a reprodução do material deste material sem previa autorização da Crossover Consulting & Auditing

INDICE

1.1 Checklist 1 – Intent for corporate accounting and reporting practices..........................03

1.2 Checklist 2 – Intent to making corporate officer more accountable for their acts….06

1.3 Checklist 3 – Intent to enhancing the system of control and disclosure weakness...08

1.4 Checklist 4 – Intent to encouraging and supporting whistleblowers………………………10

1.5 Checklist 5 – Intent to ensuring need evidence is retained………………………………........11

1.6 Checklist 6 – Intent to increasing the oversight responsibility of the board…………..12

1.7 Checklist 7 – Intent to enhancing the independence of the external auditor.............14

1.8 Figure 9 – Template for summarizing results for 7 compliance checklist………............16

EDIÇÃO 1 – SÃO PAULO – BRASIL - 2020

PUBLICAÇÃO: Crossover Consulting & Auditing

Resumo traduzido do CBOK Edição IIIv1

É permitida a reprodução total ou parcial desta obra, por qualquer meio eletrônico, inclusive por processos

xerográficos desde que seja indicada a fonte e o autor. Na dúvida consulte-nos através do e-mail:

[email protected]

2


Skill Category 7

7.0 Internal Control Measurement and reporting

Resumo Versão em Português

7.0 Controles internos – Medição e Relatórios

Modelos de Questionários para avaliação da conformidade com a Lei Sarabanes-

Oxley – Complemento da categoria de conhecimento 7

Neste anexo encontram-se questionários (check-List) para auxiliar na avaliação da

conformidade da empresa com a Lei Sarbanes-Oxley.

Observem que estes questionários devem ser revisados e ajustados para a aplicação em

sua corporação, pois são somente uma sugestão para aplicação.

3


Work Checklist 1 – Compliance Checklist for Meeting the Sarbanes – Oxley

Intent for Corporate Accounting and Reporting Practices

Checklist #

Number Item Response Yes No

Comments Number

1

Has the corporation prepared for regular

and more detailed reviews of its filings with the

SEC?

2

Does a knowledgeable group, such as internal

audit, review the filling to the SEC for erroneous omissions?

3 Is there a process in place to ensure timely and

accurate disclosure of information designated by

the SEC to be disclosed, on a timely and accurate

basis?

4 Is there a process in place, such as one operated

by internal audit or the organization's legal

counsel, to assure that none of the company’s

accountants are practicing in violation of any SEC

order?

5 Is there a process in place to monitor when

securities analyst recommends the corporation’s

stock that there is no conflict of interest on the part

of the security analyst in making that

recommendation?

6 Are the senior corporate officers and the board of

directors aware of the increased criminal penalties

for serious fraud incorporated into the Sarbanes –

Oxley Act?

7 If there has been significant volatility in the

corporation’s stock price, can the corporation

explain that volatility to the SEC?

8 Does someone review the proforma financial

information to assure that it does not contain any

un-true statements, or state a fact that may cause

misunderstanding of the financial information

contained in the proforma statements?

9 Has the company reconciled all proforma reports

to the results of corporate performance as

calculated under general accepted accounting

principles

10 Has the company reconciled all proforma reports

to the results of corporate performance as

calculated under general accepted accounting

principles?

11 Are all financial reports prepared in accordance

with general accepted accounting principles?

4



Comments Number

12

Has any material variance in financial reports

from general accepted accounting principles been identified for disclosure?

13

Do the corporation’s financial reports disclose all

adjustments proposed by the independent

auditors, and indicate which have been

incorporated, and which have

not been incorporated?

14

Do all annual and quarterly reports disclose all

material off balance sheet transactions,

arrangements, obligations, (including intention

obligations), and other relationships that may

have a material effect on the company?

15 Are the financial reports of the company written

in a manner that they are readily understandable

by an individual without financial expertise?

16

Do the internal auditors believe that all financial

information and statements issued by the

corporation present fairly the financial condition

of the corporation?

5


7.4.3 Questionário de avaliação para a lei Sarbanes-Oxley

O primeiro questionário que você irá encontrar no anexo não versão em inglês é o que

endereça a avaliação para os objetivos de intenção da lei SOX quanto à contabilidade

corporativa e práticas de relatório. Ele contém dois tipos de itens, o primeiro relacionado

com a atividade da lei considerando sua condição binária, e a segunda relacionada em

atender a intenção da lei.

Para alcançar uma resposta “sim” com relação aos itens da lei, este deve ser objetivamente

atendido. Exemplo: se algum documento deve ser retido por sete anos, a resposta sim

deve representar que o documento está ou estará retido por este tempo de forma

objetiva.

Para receber a resposta sim na avaliação dos objetivos de intenção da lei, o processo de

retenção ou guarda do documento deve existir, através de um processo formal de

identificação do documento, sem que esta função fique a cargo de uma pessoa lembrar se

deve ser guardado ou não.

Geralmente uma resposta “sim” no questionário requer que o processo tenha atendido os

seguintes critérios:

• O processo deve ser documentado

• O processo deve ser entendido e disseminado por todas as pessoas responsáveis

para executar o processo

• O processo tem que ser executado como documentado

• O resultado do processo deve ser visto como correto atendimento da intenção da

lei

• Existe um espaço no questionário para que se necessário, fazer alguns comentários

para esclarecer as respostas, principalmente as respostas negativas, ou aquelas que

mereceram uma investigação.

6


Checklist 2 - Compliance Checklist for meeting the Sarbanes-Oxley intent of

making corporate officers more accountable for their acts

Number Item Response

Yes No Comment Number

1

Do the officers and directors of the corporation

know that if they take any action to fraudulently

influence, coerce, manipulate, or mislead the

auditors they are in violation of the Sarbanes –

Oxley Act?

2

Is there a process in place to ensure that

executive’s bonuses and profit sharing must be

restated if the financial statements of the

organization are restated?

3

Is there a process in place to prohibit the

purchase or sale of corporate stock by officers

and directors during pension plan blackout

periods?

4

Is the process adequate that the CEO and CFO

use to assure the completeness and fairness of

the annual and quarterly financial reports of the

corporation?

5

Is there a process to provide sufficient

information to the CEO and CFO to certify the

adequacy of the corporation system of internal

controls?

6

Is there a process in place to monitor financial

operations to ensure that all material exceptions

are identified and disclosed?

7 Is there a process in place to ensure that all

material exceptions are identified and

disclosed?

8 Do the internal auditors maintain records of

frauds involving management or other

employees?

9

If so, are those frauds disclosed to the

independent auditors, and audit committee of

the board?

10

Do the internal auditors maintain a log of

significant changes to the corporation’s system

of internal controls?

7



Comment Number

11

If so, are those changes disclosed to the

independent auditors and the audit committee of

the board of directors?

12

Does the corporation have a code of ethics

governing the ethics of the corporation’s senior officers?

13

If so, is there a process that assures

compliance, and if compliance is not met,

discloses noncompliance?

14

Does the CEO sign the corporation’s tax returns,

so that if there are a securities or corporate fraud,

the CEO will be held accountable under the

rules of the internal revenue service?

15

Does the corporation have a policy and process

that prohibits loans to senior corporate officers and directors?

TOTAL NUMBER OF RESPONSES

PERCENT OF YES RESPONSES

8


Checklist 3 – Compliance Checklist for meeting the Sarbanes-Oxley Act intent of enhancing the

system of internal controls and disclosing weaknesses

Number Item Response Yes – No

Comments Number

1

Does the corporation have a single definition

of their “system of internal control” and if

so, is it used through the corporation?

2

Does the corporation’s internal auditing

function have a responsibility to review the

adequacy of the system of internal controls?

3

Does the corporation have a policy or

statement defining management’s

responsibility for establishing and

maintaining internal controls and

procedures for financial reporting?

4

Does executive management have a process

that they follow to determine whether or not

the system of internal controls is effective?

(I.e. the process management uses to

evaluate the financial reporting controls and

procedures).

5

Does the corporation's firm of independent

auditors attest to and report on,

management’s evaluation of the internal

controls and procedures for financial

reporting?

6

Is executive management’s attestation

regarding the effectiveness of the

corporation’s internal control and

procedures for financial reporting

consistent with the assessments and

conclusions drawn by the internal auditing

function?

7


for identifying, reporting, and disclosing

weaknesses in the corporation’s system of

internal control?

8


for identifying and disclosing any

significant changes in the system of internal

controls?

9

Does executive management receive from

both the internal auditors and independent

auditors any material weakness they believe

exist in the system of internal controls?

10

Does executive management have a

measure that they use for determining when

a weakness in the system of internal

controls is considered material?

9


11

Does executive management have a measure

for determining when any change to the

system of internal controls is a material

change to the

system?

12

Does the internal auditing function believe

that management has made all of the

disclosures required under the Sarbanes-

Oxley Act?

13

Does the corporation maintain the

necessary procedures for gathering,

analyzing and disclosing all information

that is required to be disclosed by the

Sarbanes-Oxley Act?

14

Does the corporation compare its internal

control framework against the COSO

internal control framework and identify

differences for potential disclosure and

internal control improvements?

15

If the corporation desires to be ISO 9001 or

14001 compliant, do they coordinate the

control assessment required to be ISO

compliant with procedures used to assess the

effectiveness of the organizations system of

internal controls?



10


Checklist 4 – Sarbanes-Oxley Checklist on encouraging and supporting whistleblowers

Number Item Response

Yes/No Comments Number

1 Does the corporation have a

policy regarding whistleblowers?

2

Has the corporation assigned a single

individual or group responsibility for

assuring compliance to the whistle

blowing provisions of the Sarbanes –

Oxley Act?

3

Does the corporation have a process for

recording whistleblowers complaints /

charges against the organization?

4

Has the organization legal counsel

provided guidance on how to

differentiate disgruntled employees,

from employees who have a legitimate

concern about the organizations

operations?

5

Is there a process to ensure that

whistleblowers will be tracked and

monitored to ensure that they are not

discriminated against?

6 Is there a process to ensure that

contactors, suppliers, agents, and so

forth will be tracked and monitored to

ensure that they are not discriminated

against?

7 Does the organization have a process,

which will reward employees for whistle

blowing if the reported violations turn out

to be true?

8 Does whistle blowing include

information reported to shareholders and

the financial community that may be

misleading investors and stockholders?

9 Does whistle blowing include calling to

the attention of management accounting

and financial reporting errors?

10 Does whistle blowing include reporting

pressure placed on management to

withhold information from independent

auditors?

11 Has someone in the organization

developed a formal system for recording

and monitoring

whistleblower complaints?



11


Checklist 5 - Sarbanes-Oxley assessment checklist on ensuring needed evidence is retained.

Number

Item Response Yes/No

Comments

1

Have the independent auditors stated that they will retain audit

workpapers in accordance with the provision of the Sarbanes – Oxley Act?

2

Will the internal audit function retain working papers in accordance with

the provisions of the Sarbanes – Oxley Act?

3

Do corporate workpapers that might record, document the intent to

impede, obstruct, or influence any existing or contemplated federal

investigation be retained in accordance with the provision of the

Sarbanes – Oxley Act?

4 Have the internal auditors asked the corporate legal counsel to review

their work paper retention policy to get a legal opinion if they are in

compliance with provision of the Sarbanes – Oxley Act?

5 Does the internal audit function have a program to instruct its audit staff

regarding the retention of interim and final working papers?

6 Does the auditor in charge of reviewing work papers also review to ensure

the retention of work papers needed under the provision of the Sarbanes – Oxley Act?

7 Does the internal audit director believe that the corporation has retained

all of the evidence that might be needed by federal prosecutors to

prosecute for security fraud?

8 If so, in cases where security fraud has been discovered, are those

working papers retained in accordance with the extended statute of

limitations for securities fraud provided under the Sarbanes-Oxley Act?

(I.e. two years after the violation was discovered, or five years after the

violation whichever occurs first).

9 Does the internal legal counsel have a policy to ensure that attorneys will

report evidence of a material violation of the securities law or breach of

judiciary duty to a higher authority?

10 Has the corporation external legal counsel certified that they intend to

follow section 307 of the Sarbanes – Oxley Act?

11 Does the corporations legal counsel have a definition of what they

believe is a material violation of the securities law or breach of fiduciary

duty sufficient for an attorney to report it to a higher level?

12 Does internal auditing monitor the pronouncements of the Public

Company Accounting Oversight Board to determine if they have adopted

or amended audit standards?

13 If so, is internal auditing in compliance with the standards adopted or

amended by the board?

Total Number of Responses

Percent of Yes Responses

12


Checklist 6 – Sarbanes-Oxley Checklist for increasing the oversight responsibility of the Board of

Directors and the Audit Committee

Number Item Response Yes/No

Comments Number

1

Is the CEO, controller, CFO, or any person serving

in the equivalent position been employed by the

independent accounting firm conducting the

corporate audit within a 1-year period prior to the

start of the audit?

2

If so, has that information been provided to the audit

committee so that it can take the appropriate action?

Does the audit committee hire the independent

public accountants?

Does the audit committee determine or agree to the

compensation to be paid to the independent auditors?

Does the audit committee have an oversight process

to ensure the independent auditors do the work as

specified in the engagement letter?

Is the chairperson of the audit committee an

independent director?

Is the audit committee comprised of all independent

directors?

Are the members of the audit committee precluded

from accepting any consulting, advisory, or other

compensation from the corporation other than

director’s fees?

Are all the members of the audit committee prohibited

from being affiliated with any of the subsidiaries of

the corporation?

Are members of the audit committee prohibited from

being affiliated with major suppliers to the

corporation?

Does the audit committee have a process for

receiving, maintaining a log of, and resolving

complaints regarding the corporations accounting,

internal accounting controls, or auditing matters?

If so, does the audit committee have a policy of

assuring that submission of those complaints by

employees will be assured adequate protection?

Does the corporation have a policy that prohibits the

corporation from extending credit or making loans to

any director or executive officers?

Does the corporation have a policy that requires

directors and officers the file notice of designated

transaction of any class of equity securities if they

are the owner of more than 10% of that class of

equity security?

Does the audit committee have at least one financial

expert on the committee?

13


If so, does that individual understand generally

accepted accounting principles and financial

statements?

If so, does that individual have experience in the

preparation or auditing of financial statements of

comparable companies, and the applications of such

principles in connection with the accounting for

estimates, accruals, and reserves?

If so, does that individual have experience with

internal accounting controls?

If so, does that individual have an understanding of audit committee functions?

Does the company investigate whether members of

the board of directors’ immediate family have any

financial relationship with the corporation? (Does

the corporation define who immediate family

members of a director are?)

Does the corporation have guidelines for

determining which types of relationships directors or

their immediate family members may have with a

corporation that are both acceptable and prohibited?

Does the corporation have guidelines regarding

investments made by a director’s primary business

affiliation in transactions in which the corporation is

involved as a principle or sponsor?



14


Checklist 7 – Sarbanes-Oxley Checklist on enhancing the independence of independent auditors

Number Item Response Yes/No

Comments Number

1 Is the independent audit firm doing the audit registered

with the oversight board?

2

If any part of the audit is being performed by a non-U.S.

independent auditing firm; is that firm registered with the oversight board?

3

Is the audit committee aware of the Sarbanes – Oxley

provisions regarding the independent auditors workpapers;

second partner review and approval of audit reports; and

internal control assessment rules?

4

If so, does the audit committee formally ask the

independent auditors to confirm that those procedures

were followed?

5 Does the audit committee engage the firm of independent

auditors?

6

Does the audit committee have a process for providing

oversight of the work performed by the independent

auditors?

7 Does the audit committee specify the formula for

compensating the firm of independent auditors?

8 If so, does someone assure that they are compensated in

accordance with that formula?

9 Are the independent auditors prohibited from performing

all of the following non-audit services: a) expert services

unrelated to the audit b) accounting services such as

preparation of financial statements, c) appraisal or

evaluation services, d) internal audit outsourcing services,

e) actuarial services, f) legal services, g) investment

advice, h) investment banking services, I) performing or

assisting in performing management functions? (There is

an exception that allows independent auditors to do non-

audit services if they account for less than 5% of the fees

paid by the corporation to the independent

auditors.

10 If the independent auditors engage in allowable non-audit

services such as tax preparation, have those services been

approved in advance by the audit committee?

11 Is there a process for assuring that the independent auditors

do not perform prohibited non-audit services?

12 Is there a process to assure that the independent auditor’s

partner in charge will be rotated off the audit after

performing the audit 5 consecutive years?

13 If the audit committee pre-approves non-audit services, do

they disclose that decision to investors in periodic reports?

15


14 Does the independent audit firm have a policy that prohibits

assigning staff to the corporation’s audit if that staff member

or immediate family has a vested interest in the ongoing

success of the corporation?

15 If employees of the independent auditors are hired by the

corporation, are they prohibited from participating in the

decision to select an independent audit firm for at least 1

year after they are hired?

16 Is there a list or inventory maintained of individuals who are

recognized as outstanding performers?

17 If so, are those measures of exceptional performance (e.g.

meeting sales quotas, rapid increases in profit, and so

forth) investigated to assure they are not manipulating

financial records for their own benefit?



7.5 Resumo dos resultados da avaliação de conformidade das intenções Sarbanes-Oxley

Uma análise rápida da Avaliação de conformidade das intenções Sarbanes-Oxley pode ser

facilmente preparada executando as três etapas a seguir:

• Etapa 1) Totalize o número de respostas "sim" em cada lista de verificação Sarbanes-

Oxley (ou seja, sete listas de verificação).

• Etapa 2) Calcule a porcentagem de respostas sim em relação ao total de itens nas sete

listas de verificação.

• Etapa 3) Poste porcentagens nos documentos de avaliação de conformidade da Lei

Sarbanes - Oxley, resumindo os resultados da avaliação.

Quando os três itens acima estiverem completos, o documento de trabalho terá sete barras

mostrando a porcentagem de respostas sim. Com base no objetivo de intenção descrito nesta

seção, qualquer uma ou todas as análises a seguir podem ser feitas.

• Objetivo com a maior conformidade.

• Objetivo com o mínimo de conformidade.

• Um programa de melhoria pode ser desenvolvido para se concentrar no objetivo

pretendido com o mínimo de conformidade, usando os itens "sem resposta" como

base para a melhoria.

16


Figure 9 - Sarbanes – Oxley Act Compliance Assessment Work Paper

Summarizing the Results from the Seven Compliance Checklists

100%

75%

50%

25%

0%

Percent of

“yes”

responses to

Public

Trust in

Accounting

Corporate

Executive

Accountability

Internal

Control

System

Whistle

Blowers

Retaining

Evidence

Board

Oversight

Independent

Auditors

the Audit Sarbanes – Oxley Act Intent Objectives

Checklists

Note: (Figure 9) The percentage should be posted as a bar (bar graph).

EPP agosto 2020

ertified Internal ontrol Specialist (IS) Intensive ourse

Documents

Transcript of ertified Internal ontrol Specialist (IS) Intensive ourse