Questions & Answers
The following 78 items are listed by date.
September 6, 2010 Activity/Process-Level Considerations – Application-Level Controls This section of Protiviti's “Guide to the Sarbanes-Oxley Act: IT Risks and Controls – Frequently Asked Questions" addresses activity and process-level considerations for application-level controls. Topics covered include: What are the application-level control considerations? How does the Section 404 compliance project team determine the critical applications for each key business process? And, how does the Section 404 compliance project team integrate the consideration of application level controls with business-process controls at the activity/process level? CONTENT AREA: Questions & Answers TOPICS: IT Audit, IT Controls, Sarbanes-Oxley Act, Application Development Security, Process-Level Control August 30, 2010 Activity/Process-Level Considerations – The Role of Application and Data-Owner Processes This section of Protiviti's “Guide to the Sarbanes-Oxley Act: IT Risks and Controls – Frequently Asked Questions" addresses activity and process-level considerations for application and data-owner processes. Topics covered include: Who are the application and data owners? What are the role and responsibilities of the application and data owners in relation to the IT organization? And, what process should the application and data owners have in place to facilitate compliance with Sections 404 and 302? CONTENT AREA: Questions & Answers TOPICS: IT Controls, Sarbanes-Oxley Act, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting, Access Control Systems August 23, 2010 Activity/Process-Level Considerations – General Control Issues This section of Protiviti's “Guide to the Sarbanes-Oxley Act: IT Risks and Controls – Frequently Asked Questions" addresses activity and process-level considerations for general controls. Topics covered include: What are “general IT controls?” What types of controls are “general IT controls?” And, what does the Section 404 compliance project team look for when evaluating security administration? CONTENT AREA: Questions & Answers TOPICS: IT Audit, IT Controls, Section 404 - Internal Control Reporting, Process-Level Control August 16, 2010 Entity-Level Considerations This section of Protiviti's “Guide to the Sarbanes-Oxley Act: IT Risks and Controls – Frequently Asked Questions" addresses entity-level considerations. Topics covered include: How does management consider the entity-level issues around IT risks and controls? Are there separate “entities” which just include IT operations or processes? And, what IT governance issues should be considered for purposes of complying with Sections 404 and 302 of Sarbanes-Oxley? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, IT Controls, Risk Management & Assessment, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting, Entity-Level Control August 9, 2010 IT Control Considerations in Relation to Business-Process Controls This section of Protiviti's “Guide to the Sarbanes-Oxley Act: IT Risks and Controls – Frequently Asked Questions" addresses IT control considerations in relation to business-process controls. Topics covered include: When should IT controls be considered during the overall Section 404 project? How does an ERP solution impact the evaluation of IT? And, how does a shared-service center impact the assessment of internal control? CONTENT AREA: Questions & Answers TOPICS: IT Audit, Sarbanes-Oxley Act, IT Controls, Section 404 - Internal Control Reporting, Outsourcing/Co-sourcing/Shared Services August 2, 2010 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley This section of Protiviti's “Guide to the Sarbanes-Oxley Act: IT Risks and Controls – Frequently Asked Questions" addresses having an overall IT risk and control approach when complying with Sarbanes-Oxley. Topics covered include: Why is it so important to consider IT when evaluating internal control over financial reporting? How should Section 404 compliance teams define “IT risks and controls”? And, what guidance does COSO provide with respect to IT controls? CONTENT AREA: Questions & Answers TOPICS: IT Audit, IT Controls, IT Infrastructure, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting July 26, 2010 Other Questions This section of Protiviti's “Guide to Enterprise Risk Management: Frequently Asked Questions" addresses other common questions about ERM. Topics covered include: Will implementation of the COSO Enterprise Risk Management – Integrated Framework prevent fraud? Have any of the companies that have publicly disclosed their ERM processes received any positive feedback from analysts? And, can all of the information about risk and risk management be classified as attorney-client privileged information, and therefore not be discovered? CONTENT AREA: Questions & Answers TOPICS: Risk Management & Assessment, COSO, Enterprise Risk Management, Laws & Regulations July 19, 2010 Relevance to Sarbanes-Oxley Compliance This section of Protiviti's “Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the relevance of Sarbanes-Oxley compliance. Topics covered include: Does the Sarbanes-Oxley Act of 2002 require companies to adopt ERM? Are there any other laws and regulations mandating ERM? Can ERM assist certifying officers with the discharge of their Section 302 certification and Section 404 assessment responsibilities? And, should management broaden the focus on compliance to managing business risk? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, Enterprise Risk Management, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting July 12, 2010 Building a Compelling Business Case This section of Protiviti's “Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about building a compelling business case. Topics covered include: How do we build a compelling business case for ERM? How do we select the appropriate capabilities for our ERM solution? And, what are the key success factors or measures of success when evaluating the effectiveness and impact of ERM implementation, i.e., how can we know whether an ERM approach has been successful? CONTENT AREA: Questions & Answers TOPICS: Audit Committee & Board, Enterprise Risk Management, Risk Management & Assessment, Project Management July 12, 2010 Making it Happen This section of Protiviti's “Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about making it happen. Topics covered include: What is journey management and why is it relevant to ERM implementation? What is program management and why is it relevant to ERM implementation? And, how can we quantitatively and qualitatively evaluate the benefits of implementing ERM in terms of improving performance? CONTENT AREA: Questions & Answers TOPICS: Audit Committee & Board, Risk Management & Assessment, Enterprise Risk Management, Project Management July 5, 2010 Taking it to the Next Level – Enhancing Capabilities This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about taking risk management to the next level and enhancing its capabilities. Topics covered include: What steps does management take to enhance risk management capabilities? How does management decide on the appropriate enhancement capabilities? And, what is a “portfolio view” of risks and how is it practically applied? CONTENT AREA: Questions & Answers TOPICS: Risk Management & Assessment, Enterprise Risk Management, Performance Management/Measurement June 28, 2010 Taking a Process View: Building Capabilities - Part B This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about taking a process view and building capabilities. Topics covered include: What are the elements of risk management infrastructure, why are they important and how are they considered? Is there a model to help us set our priorities when implementing ERM and monitor our progress as we improve our risk management capabilities? And, what are alternative techniques for measuring risk and when are they deployed? CONTENT AREA: Questions & Answers TOPICS: Risk Management & Assessment, Enterprise Risk Management, Performance Management/Measurement June 28, 2010 Taking a Process View: Building Capabilities - Part C This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about taking a process view and building capabilities. Topics covered include: How does ERM influence management reporting? What risk management software products are currently available to assist companies with implementing ERM? And, what are the synergies and differences between ERM and “quality initiatives”(e.g., Six Sigma, Lean, TQM, etc.)? CONTENT AREA: Questions & Answers TOPICS: Risk Management & Assessment, Enterprise Risk Management, Performance Management/Measurement June 21, 2010 Taking a Process View: Building Capabilities - Part A This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about taking a process view and building capabilities. Topics covered include: What steps does management take to build risk management capabilities? How does management decide on the appropriate risk management capabilities? And, how does management improve the organization’s risk assessments? CONTENT AREA: Questions & Answers TOPICS: Risk Management & Assessment, Performance Management/Measurement, Enterprise Risk Management June 14, 2010 Getting Started: Set the Foundation This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about getting started and setting the foundation. Topics covered include: What are the best steps to take when getting started? Is ERM another “project”? And, what are the specific things an organization should accomplish the first year? CONTENT AREA: Questions & Answers TOPICS: Corporate Governance, Audit Committee & Board, Risk Management & Assessment, Enterprise Risk Management, Project Management June 7, 2010 Conducting Risk Assessments This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about conducting risk assessments. Topics covered include: What is the relationship between risk assessment and risk management? What is the relationship between risk assessment and performance assessment? And, what is the appropriate level of depth when assessing risk? CONTENT AREA: Questions & Answers TOPICS: Risk Management & Assessment, COSO, Enterprise Risk Management, Project Management May 31, 2010 Risk Management Vision and Objectives This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the risk management vision and objectives. Topics covered include: How does management develop a shared vision for the role of risk management in the organization? What is the practical use of a shared vision? How does management define the entity’s risk management goals and objectives? And, what is “risk appetite” and how is it different from “risk thresholds,” “tolerances” or “limits?” CONTENT AREA: Questions & Answers TOPICS: Audit Committee & Board, Internal Audit, Risk Management & Assessment, Performance Management/Measurement, Enterprise Risk Management May 24, 2010 The Role of Internal Audit This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the role of internal audit. Topics covered include: What role does internal audit play in ERM implementation? Should internal audit lead the ERM effort? And, should internal audit integrate the COSO ERM framework into its work? CONTENT AREA: Questions & Answers TOPICS: Internal Audit, COSO, Enterprise Risk Management, Project Management May 17, 2010 The Risk Management Oversight Structure This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the risk management oversight structure. Topics covered include: What is the primary purpose of the risk management oversight structure? How are compensation issues considered when organizing the risk management oversight structure? And, is there a recommended organizational oversight structure? CONTENT AREA: Questions & Answers TOPICS: Compensation & Benefits, Corporate Governance, Audit Committee & Board, Risk Management & Assessment, Enterprise Risk Management May 10, 2010 The Role of the Chief Risk Officer This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the role of the chief risk officer (CRO). Topics covered include: Should our organization have a chief risk officer (CRO) and, if so, what is his or her role? What are the skill sets of the CRO? And, to whom does the CRO report? CONTENT AREA: Questions & Answers TOPICS: Audit Committee & Board, Risk Management & Assessment, Enterprise Risk Management May 3, 2010 Technology Enabling Effective Spreadsheet Risk Management Awareness This section of Protiviti's " Spreadsheet Risk Management: Frequently Asked Questions" addresses common questions about technology enabling effective spreadsheet risk management awareness. Topics covered include: Do technology solutions to help with spreadsheet risk management exist? If technology solutions are implemented, will they impact all spreadsheets operating within the organization? And, are there performance or usability issues that need to be considered when implementing spreadsheet control solutions? CONTENT AREA: Questions & Answers TOPICS: Technology, IT Audit, IT Controls May 3, 2010 The Role of the Director This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the role of the director. Topics covered include: How are ERM and governance related? Why should directors be concerned about whether their companies implement ERM? How should the audit committee view ERM? And, how should the board exercise oversight of ERM implementation? CONTENT AREA: Questions & Answers TOPICS: Corporate Governance, Audit Committee & Board, Risk Management & Assessment, Enterprise Risk Management April 26, 2010 IFRS in Japan This section of Protiviti's "Guide to International Financial Reporting Standards" addresses common questions concerning the impact and implications of the International Financial Reporting Standards (IFRS) in Japan. Topics covered include: Is adoption of IFRS required or permitted in Japan? How will IFRS affect the statutory filings and consolidation reporting package for my company’s international reporting units, including its subsidiaries and affiliates? And, where can I find information on the differences between current Japanese GAAP and IFRS? CONTENT AREA: Questions & Answers TOPICS: Financial Reporting, Cross Border & Non-US Issues, Japan, Change Management, IFRS April 26, 2010 The Role of Executive Management This section of Protiviti's " Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the role of executive management. Topics covered include: Must the CEO be fully engaged in the ERM process or system for it to be successful, or can he or she delegate it to someone else? How will senior management benefit from supporting ERM implementation? And, how should executive management evaluate ERM? CONTENT AREA: Questions & Answers TOPICS: Audit Committee & Board, Technology, Enterprise Risk Management April 19, 2010 Resources Awareness This section of Protiviti's " Spreadsheet Risk Management: Frequently Asked Questions" addresses common questions about resources and awareness. Topics covered include: What are the key spreadsheet risk management capabilities that should exist in any organization? To what degree should the organization expect to be sourcing third-party skills? Should the organization be employing specific spreadsheet support teams? And, should formal processes exist to ensure that the organization consistently manages spreadsheet risk? CONTENT AREA: Questions & Answers TOPICS: IT Controls, IT Audit, Risk Management & Assessment, Training & Development April 12, 2010 IFRS in Canada This section of Protiviti's "Guide to International Financial Reporting Standards" addresses common questions concerning the impact and implications of the International Financial Reporting Standards (IFRS) in Canada. Topics covered include: What are the timelines for conversion to IFRS in Canada? Will the adoption of IFRS be required for organizations that are not publicly accountable enterprises (PAEs)? And, as a private company looking to be acquired by a public company, should we consider converting to IFRS? CONTENT AREA: Questions & Answers TOPICS: Financial Reporting, Cross Border & Non-US Issues, Canada, IFRS April 12, 2010 The COSO Enterprise Risk Management – Integrated Framework This section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the COSO ERM framework. Topics covered include: What is the COSO Enterprise Risk Management – Integrated Framework? Does the new COSO framework broaden the focus of ERM beyond the traditional risk management model’s focus on insurable risk? If so, how? And, what are the deliverables when the COSO ERM framework is implemented? CONTENT AREA: Questions & Answers TOPICS: Corporate Governance, Risk Management & Assessment, COSO, Enterprise Risk Management April 5, 2010 The Fundamentals This first section of Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the fundamentals of enterprise risk management (ERM). Topics covered are: Why implement ERM? How does the scope of ERM compare to existing risk management approaches? And, what is the value proposition for implementing ERM? CONTENT AREA: Questions & Answers TOPICS: Corporate Governance, Audit Committee & Board, Risk Management & Assessment, Governance Risk & Compliance, Enterprise Risk Management April 5, 2010 Training and Awareness This section of Protiviti's "Spreadsheet Risk Management: Frequently Asked Questions" addresses common questions about spreadsheet risk indicators and reporting. Topics covered are: Are there any tried and tested approaches to making spreadsheet owners aware of the potential risk? Are there differing levels of training required for spreadsheet owners? And, is the intranet an effective tool for ensuring awareness of spreadsheet risk within the organization? CONTENT AREA: Questions & Answers TOPICS: IT Controls, IT Audit, Risk Management & Assessment March 29, 2010 IFRS in the United States This section of Protiviti's "Guide to International Financial Reporting Standards" addresses common questions concerning the impact and implications of the International Financial Reporting Standards (IFRS) conversion process. Topics covered are: When is the adoption of IFRS required in the United States and by what companies? Will the adoption of IFRS be required for nonpublic companies? And, is early adoption of IFRS allowed? CONTENT AREA: Questions & Answers TOPICS: Accounting/Finance, Financial Reporting, Change Management, IFRS March 29, 2010 Spreadsheet Risk Indicators and Reporting This section of Protiviti's "Spreadsheet Risk Management: Frequently Asked Questions" addresses common questions about spreadsheet risk indicators and reporting. Topics covered are: Are there generally accepted key indicators of spreadsheet risk or measures that should be applied? What information is provided to the executive/risk committees regarding spreadsheet risk? And, how can we ensure management and spreadsheet owners take on more accountability for the risk associated with the spreadsheets that they own? CONTENT AREA: Questions & Answers TOPICS: IT Controls, Audit Committee & Board, IT Audit, Risk Management & Assessment March 22, 2010 U.S. and Foreign Nonaccelerated Filers and Foreign Locations This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on U.S. and foreign nonaccelerated filers and foreign locations. Topics covered are: Is Section 404 applied differently to smaller companies? Based on experiences to date by U.S. and foreign filers, what are the lessons for companies who have just begun their compliance efforts? And, when evaluating the severity of control deficiencies, how do foreign private issuers apply the reference to “interim financial statements” included in the definition of a material weakness? CONTENT AREA: Questions & Answers TOPICS: Financial Reporting, Taxation, Cross Border & Non-US Issues, Sarbanes-Oxley Act, External Auditor, Section 404 - Internal Control Reporting, IFRS March 15, 2010 Gaining Assurance Over Critical Spreadsheets This section of Protiviti's " Spreadsheet Risk Management: Frequently Asked Questions," addresses common questions about gaining assurance over critical spreadsheets. Topics covered are: How can the organization ensure that spreadsheet owners are appropriately managing spreadsheet risk? Is it possible to rely on the spreadsheet risk management process to provide assurance over the critical spreadsheets? And, how often should spreadsheets or the spreadsheet control environment be evaluated? CONTENT AREA: Questions & Answers TOPICS: IT Audit, IT Controls, Process-Level Control, Risk-management frameworks, Sarbanes-Oxley Act, Spreadsheet Risk March 15, 2010 Private Companies and Initial Public Offerings This section of Protiviti's "Guide to The Sarbanes-Oxley Act," addresses common questions focused on private companies and initial public offerings. Topics covered are: Any advice for a privately held company that intends to either undertake an IPO or sell to a public company during the next two to three years? If a private company has plans to go public sometime in the future, with plans to file an S-1 three years from now (which would require three years of audited financial statements), would three years of internal control attestation reports by its public accountants be required as well? And, should a privately held company implement provisions of Sarbanes-Oxley? CONTENT AREA: Questions & Answers TOPICS: Initial Public Offering, Internal Controls, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting March 1, 2010 Accelerated Filing Requirements This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on accelerated filing requirements. Topics covered are: For purposes of applying the SEC’s market capitalization test, what is meant by “public float”? When determining the applicability of the accelerated filing requirements under the SEC’s Section 404 rules, when is the measurement date for purposes of quantifying a company’s “market capitalization”? And, if a company is below the market capitalization threshold now, but subsequently exceeds the threshold, when must it begin to comply with the accelerated filing deadlines? CONTENT AREA: Questions & Answers TOPICS: Financial Reporting, Sarbanes-Oxley Act, Internal Controls, Section 404 - Internal Control Reporting February 22, 2010 Assessing Spreadsheet Controls and Current Risk Exposure This section of Protiviti's "Spreadsheet Risk Management: Frequently Asked Questions" addresses common questions about assessing spreadsheet controls and current risk exposure. Topics covered are: Do we need to assess the controls in operation across all our spreadsheets? How do we consistently assess controls across spreadsheets? And, who is responsible for accepting the residual risk that exists within a spreadsheet? CONTENT AREA: Questions & Answers TOPICS: Internal Controls, IT Audit, IT Controls, Risk Management & Assessment, Spreadsheet Risk February 22, 2010 Impact on Sections 302 and 906 This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on the impact of Section 404 rules on Sections 302 and 906. Topics covered are: Why do companies report control deficiencies that are not material weaknesses? What are the common types of control deficiencies being reported by public companies? And, if a significant change occurred in the second fiscal quarter but before the filing of the first fiscal quarter Form 10-Q, is there a requirement to disclose the subsequent event in the first fiscal quarter Form 10-Q? CONTENT AREA: Questions & Answers TOPICS: Audit Committee & Board, Sarbanes-Oxley Act, Reporting/Disclosure, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting February 15, 2010 Implementing a Spreadsheet Control Framework This section of Protiviti's "Spreadsheet Risk Management: Frequently Asked Questions" addresses common questions focused on implementing a spreadsheet control framework. Topics covered include: What is a spreadsheet control framework and why is it important? What are the typical key components of a spreadsheet control framework? When is a spreadsheet not fit for purpose? CONTENT AREA: Questions & Answers TOPICS: IT Audit, IT Controls, IT Strategy, Risk Management & Assessment, Spreadsheet Risk February 15, 2010 Role of the Audit Committee This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on the role of the audit committee. Topics covered are: With respect to the financial reporting process and internal control over financial reporting, what is expected of the audit committee? How and when should the audit committee be involved in management’s evaluation process and in the independent public accountant’s attestation process? And, what questions are audit committees asking with respect to the Section 404 evaluation during the first year of compliance? CONTENT AREA: Questions & Answers TOPICS: Audit Committee & Board, Sarbanes-Oxley Act, External Auditor, Section 404 - Internal Control Reporting February 8, 2010 Creating a Library of Critical Spreadsheets This section of Protiviti's " Spreadsheet Risk Management: Frequently Asked Questions" addresses common questions assessing spreadsheet controls and current risk exposure. Topics covered include: How do we start to identify the potentially critical spreadsheets? Which parts of the organization can have the greatest dependency on critical spreadsheets? And, how can we ensure that we identify all potentially critical spreadsheets? CONTENT AREA: Questions & Answers TOPICS: IT Audit, IT Controls, IT Infrastructure, Risk Management & Assessment, Spreadsheet Risk February 8, 2010 Role of the Independent Public Accountant This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on the role of the independent public accountant. Topics covered are: When and how should the independent public accountant be involved during management’s annual assessment process? Can the independent public accountant perform any testing on behalf of the audit client? And, can the external auditor use the work of the internal audit function and others for purposes of performing an audit of internal control over financial reporting? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, External Auditor, Internal Audit, Section 404 - Internal Control Reporting, SAS 70 February 1, 2010 Impact and Implications of IFRS Conversion This section of Protiviti's "Guide to International Financial Reporting Standards" addresses common questions concerning the impact and implications of the International Financial Reporting Standards (IFRS) conversion process. Topics covered are: Will IFRS reduce the current level of complexity that exists in financial reporting? Will IFRS improve the transparency of financial reporting? And, how will IFRS affect my organization’s business policies and procedures? CONTENT AREA: Questions & Answers TOPICS: Financial Reporting, Audit Committee & Board, External Auditor, Change Management, IFRS February 1, 2010 Role of Internal Audit This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on the role of internal audit. Topics covered are: How should internal audit avoid any conflict-of-interest issues as it plays a value-added role with respect to the Section 404 certification process? What is the role of internal audit in the evaluation process? And, what changes in internal audit can be expected as a result of Section 404? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, Internal Audit, Section 404 - Internal Control Reporting, Internal Controls January 25, 2010 Executive Ownership and Governance This section of Protiviti's "Spreadsheet Risk Management: Frequently Asked Questions" addresses spreadsheet risk management roles and responsibilities. Topics covered are: Who is accountable for effective spreadsheet risk management? How can executives define and communicate spreadsheet risk management requirements? And, what should be the role of internal audit? CONTENT AREA: Questions & Answers TOPICS: IT Audit, IT Controls, IT Strategy, Risk Management & Assessment, Spreadsheet Risk January 25, 2010 Role of Management This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on the role of management. Topics covered are: What is the role of the disclosure committee, Section 404 compliance project sponsor, Section 404 compliance project steering committee, and other executives? Who signs off on internal control over financial reporting? And, can management rely solely on self-assessments of process owners for purposes of their evaluation of design and operating effectiveness? CONTENT AREA: Questions & Answers TOPICS: Corporate Governance, Audit Committee & Board, Self-Assessment, Sarbanes-Oxley Act, Reporting/Disclosure, Section 404 - Internal Control Reporting January 4, 2010 An Introduction to Spreadsheet Risk Management This section of Protiviti's " Spreadsheet Risk Management: Frequently Asked Questions" addresses common questions introducing you to spreadsheet risk management. Topics covered are: Why are spreadsheets so prevalent today? What is spreadsheet risk management? And, why do spreadsheets present a risk? CONTENT AREA: Questions & Answers TOPICS: IT Audit, IT Controls, IT Strategy, Risk Management & Assessment, Spreadsheet Risk January 4, 2010 Moving Beyond the Initial Year Assessment This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on moving beyond the initial year assessment. Topics covered are: What are the elements of an effective Sarbanes-Oxley Section 404 compliance structure after the initial annual assessment is completed? How do companies “find the value” from Section 404 going forward? And, after the first year of compliance, what happens to Section 404 compliance costs? CONTENT AREA: Questions & Answers TOPICS: Self-Assessment, Sarbanes-Oxley Act, Internal Controls, Section 404 - Internal Control Reporting, Performance Management/Measurement December 21, 2009 Overview of IFRS and Conversion This section of Protiviti's "Guide to International Financial Reporting Standards" addresses common questions concerning International Financial Reporting Standards (IFRS) and the related conversion process. Topics covered are: Is IFRS, as issued by the IASB, the same for all companies and industries in all countries? What is the role of the audit committee in implementing IFRS? And, what major activities and steps should be considered when developing a conversion project plan? CONTENT AREA: Questions & Answers TOPICS: Financial Reporting, Audit Committee & Board, Risk Management & Assessment, Change Management, IFRS, Project Management December 21, 2009 Reporting This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on reporting Sarbanes-Oxley results. Topics covered are: How should management formulate conclusions with respect to internal control over financial reporting? Must management disclose improvements of internal controls? And, can the results of the assessment of internal control over financial reporting affect the company’s executive certifications under Sections 302 and 906? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, Internal Controls, Reporting/Disclosure, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting December 14, 2009 Special Circumstances and Situations This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning special circumstances and situations when complying with the Sarbanes-Oxley Act. Topics covered include: How are material acquisitions occurring during the fiscal year handled for purposes of determining the scope of the Section 404 assessment? How are divestitures of significant entities (or net assets) and discontinued operations considered for purposes of evaluating internal control over financial reporting? And, is monitoring of debt compliance within the scope of Section 404 compliance? CONTENT AREA: Questions & Answers TOPICS: Financial Reporting, Investments & Foreign Exchange, Sarbanes-Oxley Act, Internal Controls, Section 404 - Internal Control Reporting December 7, 2009 Remediation This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the remediation of control deficiencies. Topics covered are: If control deficiencies or gaps are identified, how should we remediate them? How soon before the end of the fiscal year must the deficiency be corrected? And, since this Section 404 project requires a point-in-time review, how long do remediated controls need to be in place and in operation to be considered effective? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, Internal Controls, Section 404 - Internal Control Reporting, Entity-Level Control, Process-Level Control November 30, 2009 Validation of Operating Effectiveness (“Testing of Controls”) - Part B This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning validating the operating effectiveness of internal controls. Some topics covered are: Why are control descriptions important and how does management know they are adequate? How is monitoring evaluated? And, how much testing should management perform relative to the testing that the external auditor performs? CONTENT AREA: Questions & Answers TOPICS: Internal Audit, Audit Testing, Sarbanes-Oxley Act, External Auditor, Section 404 - Internal Control Reporting, Process-Level Control November 23, 2009 Validation of Operating Effectiveness (“Testing of Controls”) - Part A This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning validating the operating effectiveness of internal controls. Some topics covered are: Who is responsible for validating operating effectiveness? What is “testing of controls”? And, how does management determine the appropriate sampling method? CONTENT AREA: Questions & Answers TOPICS: Internal Audit, Audit Testing, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting, Process-Level Control November 9, 2009 Identifying, Documenting and Assessing Controls (Part C) This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning identifying, documenting and assessing internal controls. Some topics covered are: How should control gaps be identified and summarized? How does a company define a “significant deficiency” in internal control? And, how does a company define a “material weakness” in internal control? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, Reporting/Disclosure, Section 404 - Internal Control Reporting, Entity-Level Control, Process-Level Control November 2, 2009 Identifying, Documenting and Assessing Controls
(Part B) This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning identifying, documenting and assessing internal controls. Some topics covered are: How are processes and transaction flows documented? What is the external auditor looking for with respect to the period-end financial reporting process (close the books)? And, what level of assurance must management attain when reaching a conclusion on the design and operating effectiveness of internal controls? CONTENT AREA: Questions & Answers TOPICS: Close the Books, Sarbanes-Oxley Act, Risk Management & Assessment, Internal Controls, Process-Level Control, GRC October 26, 2009 Identifying, Documenting and Assessing Controls
(Part A) This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning identifying, documenting and assessing internal controls. Some topics covered are: How and why are entity-level controls assessed? How are IT risks and controls considered? Do SAS 70 reports apply to processes other than IT and to specialists? And, what are walkthroughs, why are they necessary and how should the Section 404 compliance team prepare for them? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, Risk Management & Assessment, COSO, Entity-Level Control, Process-Level Control, SAS 70, GRC October 19, 2009 Integrating Fraud Considerations Into the Assessment This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning integrating fraud considerations into the Section 404 assessment. Some topics covered are: What is the scope of an anti-fraud program and controls? How are fraud risks assessed? And, how should management get started with integrating fraud considerations into the Section 404 assessment? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, Risk Management & Assessment, Section 404 - Internal Control Reporting, Ethics, Fraud, Internal Controls, GRC October 5, 2009 Summarizing Risks and Developing Control Objectives This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning summarizing risks and developing control objectives. Some topics covered are: Why identify risks? How are risks identified? What are control objectives and how do they relate to risks? And, how are control objectives defined? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, Risk Management & Assessment, Section 404 - Internal Control Reporting, COSO, Internal Controls, GRC September 28, 2009 Identifying Reporting Requirements and Relevant Processes This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the identification of Sarbanes-Oxley reporting requirements and relevant processes. Some topics covered are: How does management deploy a top-down, risk-based approach to determine the extent to which internal controls should be documented and validated? How are the critical processes identified? And, what role do process owners play? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, Reporting/Disclosure, Risk Management & Assessment, Section 404 - Internal Control Reporting, Internal Controls, GRC September 21, 2009 Getting Started With Section 404 Compliance This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning getting started with Section 404 compliance. Some topics covered are: What are “control units,” and why are they important? How should companies validate their assessments of internal controls? And, will companies need to add internal resources to comply with Section 404 and 302? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting, Internal Controls, Project Management September 14, 2009 The COSO Internal Control – Integrated Framework This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the COSO Internal Control – Integrated Framework. Some topics covered are: What is COSO? How is the framework applied at the entity level/process level during the Section 404 assessment process? And, will the COSO framework on ERM affect the Section 404 assessment? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, Section 404 - Internal Control Reporting, COSO, Entity-Level Control, Process-Level Control September 7, 2009 What Is Meant by “Internal Control Over Financial Reporting” and “Disclosure Controls and Procedures”? This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning internal control over financial reporting and disclosure controls and procedures. Some topics covered are: What are examples of disclosure controls and procedures that generate required disclosures? How is internal control over financial reporting distinguished from disclosure controls and procedures? And, are there examples of internal control over financial reporting that fall outside the realm of disclosure controls and procedures? CONTENT AREA: Questions & Answers TOPICS: Financial Reporting, Sarbanes-Oxley Act, PCAOB, Reporting/Disclosure, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting August 31, 2009 When Is Section 404 Effective for Different Companies? This section of Protiviti's "Guide to the Sarbanes-Oxley Act" addresses common questions concerning when Sarbanes-Oxley Section 404 is effective for different companies. Some topics covered are: When do companies have to comply with the Section 404 requirements? When is the internal control report due? And, is a quarterly assessment required of internal control over financial reporting? CONTENT AREA: Questions & Answers TOPICS: Financial Reporting, Sarbanes-Oxley Act, PCAOB, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting August 24, 2009 What Is Section 404 and How Does It Relate to Sections 302 and 906? This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the Sarbanes-Oxley Section 404 requirements. Some topics covered are: What does Section 404 require companies to do annually? How are the requirements under Section 404 and the requirements under Sections 302 and 906 of the Sarbanes-Oxley Act related? And, how does the Section 404 assessment enhance the Section 302 executive certification process? CONTENT AREA: Questions & Answers TOPICS: Audit Committee & Board, Sarbanes-Oxley Act, Reporting/Disclosure, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting August 17, 2009 Applicability of Section 404 Requirements This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses commonly asked questions concerning the Sarbanes-Oxley Section 404 requirements. Some topics covered are: Which companies are subject to the requirements of Section 404? Are foreign companies subject to the requirements of Section 404? And, does Section 404 apply to the MD&A disclosures? CONTENT AREA: Questions & Answers TOPICS: Financial Reporting, Nonprofit Industry, Financial Services Industry, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting August 10, 2009 The NYSE Internal Audit Requirement This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning the New York Stock Exchange (NYSE) requirement that listed companies have an internal audit function. Some topics covered are: What do the NYSE rules require? Does the rule require a written internal audit charter? And, does the NYSE rule require that The IIA Standards be followed? CONTENT AREA: Questions & Answers TOPICS: Audit Committee & Board, Audit Planning, Corporate Governance, GRC, Initial Public Offering, Internal Audit, Internal Audit Administration, Laws & Regulations July 27, 2009 External Auditor Considerations This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning the use of external auditors. Some of the topics covered are: Can we use our external auditors to perform internal audit work? And, do all internal audit reports need to be reviewed by the external auditor? CONTENT AREA: Questions & Answers TOPICS: Corporate Governance, Audit Committee & Board, Internal Audit, Audit Reporting, Quality Assessment Review, Sarbanes-Oxley Act, External Auditor, Internal Controls, GRC July 20, 2009 Management and Audit Committee Considerations This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning management and oversight of the audit function. Some of the
topics covered are: How can management utilize internal audit most effectively? What is an audit committee’s role with respect to an internal audit function? What
should internal audit report to the audit committee? And, what is the role of the audit committee in evaluating the role of the external auditor? CONTENT AREA: Questions & Answers TOPICS: Corporate Governance, Audit Committee & Board, Internal Audit, External Auditor, GRC July 6, 2009 Internal Audit’s Role in Sarbanes-Oxley Compliance This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning IA’s role in Sarbanes-Oxley activities. Some of the topics covered are: Should internal auditors play a role? Is it important for an internal audit function to adhere to The IIA Standards as it relates to Sarbanes-Oxley? And, can external auditors rely on the work of internal auditors relating to Section 404 compliance? CONTENT AREA: Questions & Answers TOPICS: Sarbanes-Oxley Act, External Auditor, Internal Audit, PCAOB, Reporting/Disclosure, Section 404 - Internal Control Reporting June 22, 2009 Performing a Quality Assessment Review This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning performing a quality assessment review (QAR). Some of the topics covered are: Should internal audit conduct a QAR periodically? How does completing a QAR strengthen the value internal audit brings to the organization? What types of assessments are available to comply with QAR requirements? CONTENT AREA: Questions & Answers TOPICS: Internal Audit, Audit Committee & Board, Quality Assessment Review, Self-Assessment, Performance Management/Measurement June 15, 2009 The Process of Internal Auditing This third section of Protiviti's "Guide to Internal Audit" addresses commonly asked questions concerning the process of internal auditing. Some of the topics covered are: How is internal audit work actually performed? What types of IT audit skills should be included in an internal audit department? What is control self-assessment? And, are internal auditors required to follow COSO? CONTENT AREA: Questions & Answers TOPICS: Software, Internal Audit, IT Audit, COSO, Enterprise Risk Management, Self-Assessment, GRC June 8, 2009 Starting an Internal Audit Function This second section of Protiviti's "Guide to Internal Audit" addresses common questions concerning starting an internal audit function. Some of the topics covered are: How should an internal audit function be staffed? Who should the head of internal audit report to? And, what are the pros and cons of outsourcing/co-sourcing internal audit? CONTENT AREA: Questions & Answers TOPICS: Internal Audit, Audit Committee & Board, Audit Planning, Internal Audit Administration, Outsourcing/Co-sourcing/Shared Services June 1, 2009 The Internal Audit Profession This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning the Internal Audit Profession. It defines internal auditing, addresses certification and CPE requirements, IIA Standards, internal auditors’ responsibility for fraud, the relation between internal and external auditors and more. These questions come from part one of this second edition publication. CONTENT AREA: Questions & Answers TOPICS: Internal Audit, Internal Audit Administration, External Auditor, Ethics, Fraud, Training & Development Q&A Sections From Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions” This page contains links to the Q&A sections published on KnowledgeLeader from Protiviti's "Guide to Enterprise Risk Management: Frequently Asked Questions” CONTENT AREA: Questions & Answers TOPICS: Corporate Governance, Enterprise Risk Management, Internal Audit, Risk Management & Assessment, Audit Committee & Board, Audit Testing, Basel, Financial and Credit Risk, GRC Q&A Sections From Protiviti's "Guide to The Sarbanes-Oxley Act: Internal Control Reporting Requirements” This page contains links to the Q&A sections published on KnowledgeLeader from Protiviti's "Guide to The Sarbanes-Oxley Act: Internal Control Reporting Requirements” CONTENT AREA: Questions & Answers TOPICS: Corporate Governance, Internal Audit, Internal Controls, Sarbanes-Oxley Act, Audit Committee & Board, Enterprise Risk Management, Financial Reporting, Section 404 - Internal Control Reporting, PCAOB, Reporting/Disclosure, GRC Q&A Sections From Protiviti's "Guide to The Sarbanes-Oxley Act: IT Risks and Controls” This page contains links to the Q&A sections published on KnowledgeLeader from Protiviti's "Guide to The Sarbanes-Oxley Act: IT Risks and Controls” CONTENT AREA: Questions & Answers TOPICS: Audit Committee & Board, Corporate Governance, Enterprise Risk Management, Financial Reporting, GRC, Internal Audit, Internal Controls, IT Audit, IT Controls, PCAOB, Reporting/Disclosure, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting Q&A Sections From Protiviti's "Guide to The Sarbanes-Oxley Act: Managing Application Risks and Controls” This page contains links to the Q&A sections published on KnowledgeLeader from Protiviti's "Guide to The Sarbanes-Oxley Act: Managing Application Risks and Controls” CONTENT AREA: Questions & Answers TOPICS: Audit Committee & Board, Corporate Governance, Enterprise Risk Management, Financial Reporting, GRC, Internal Audit, Internal Controls, IT Audit, IT Controls, PCAOB, Reporting/Disclosure, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting Q&A Sections From Protiviti's "Spreadsheet Risk Management: Frequently Asked Questions” This page contains links to the Q&A sections published on KnowledgeLeader from Protiviti's "Spreadsheet Risk Management: Frequently Asked Questions” CONTENT AREA: Questions & Answers TOPICS: Risk Management & Assessment
|