1、SOX 404 Introduction,Mar. 21, 2007 Beijing, PRC,Contents,Background of SOX 404 KICs SOX Testing Process Key Controls of Each Cycles Summary of SOX Deficiencies,SOX Comes From,The Enron Collapse In November 2001, admitted accounting errors that inflated earnings by almost $600 million over 4 years St
2、ock plummeted from a high of $75 to less than $1 CFO ousted and indicted on 78 counts of securities, wire and mail fraud, money laundering and conspiring to inflate profitWorldCom Scandal Admitted accounting fraud that inflated profits by $3.8 billion from January 2001 to March 2002 (14 months) Stoc
3、k dived from a high of $60 to less than $1 Former CFO and ex-Controller arrested and face prison terms of up to 65 years if convicted,Sarbanes Oxley 404,Two person: US Senator Paul Sarbanes US Congressman Michael Oxley Suggest a Legislation : Sarbanes Oxley (Section 401-404)SOX 404 Require an intern
4、al control report for financial reporting.,Overview of SOX 404 Legislation,Each annual report to contain an internal control report, which:states the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and conta
5、ins an assessment, as of the end of the most recent fiscal year, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.The auditor will attest to, and report on, the assessment made by management. What is known is that Altria/Kraft management mus
6、t make an assessment of the internal controls for financial reporting. PricewaterhouseCoopers must issue an attestation opinion on the design and effectiveness of those financial internal controls.,Overview of SOX S404 Legislation,The SEC has indicated that it will review compliance with S404 at lea
7、st every three years. Any such review is likely to be detailed and extensive.Our experience of working with the SEC and the current interpretations of the rules indicate that the SEC will expect:From management: Clear documentation of financial processes, procedures, and controls Evidence that manag
8、ement have evaluated the adequacy of the design and the effectiveness of operation of the procedures and controls Evidence that the audit committee and/or disclosure committee have taken a keen interest in the effectiveness of controlsFrom the auditor: Evidence that the auditor has adequately evalua
9、ted managements assertion of the design and operation of financial controls,SOX 404 in Kraft,A CountriesSelf-testing by internal controls teamAuditor review and report by PwCB CountriesSelf-testing by internal controls team and report to KIC(Kraft China)C CountriesQuestionnaire required,Section 404
10、Project Structure,Subsequent to the initial scoping programme and risk assessment, the following process outlines the framework for assessing internal controls:(1) Map financial statement line items to cycles/processes(2) Document each existing process (detailed flowcharts & narratives) (3) Identify
11、 controls in place and assess the adequacy of design (4) Test controls for effectiveness (annually) (5) Highlight issues in the control structure (6) Assess impact of missing controls (7) Fill issues in internal controls (8) Re-evaluate the process with each organisational change,KICs SOX Testing Pr
12、ocess,Treasury Financial Reporting Fixed Assets Production Inventory Revenue & Account Receivable Procurement & Account Payment MarketingMarketing & Trade Marketing,SOX Controls,ControlsKey controls (identified by KIC)Supportive controlsOther controlsControls focus on:Documents EffectiveOperation Ef
13、fective,Control Activities & Objectives,Control activities are manual or automated activities that typically operate at a detailed business process (cycle or transaction) level and are designed to ensure the integrity of the accounting records. Control activities, which can be preventative or detect
14、ive in nature, directly support the control objectives of:Completeness Accuracy Validity Restricted access,Control Objectives,Completeness All recorded transactions are accepted by the system (once and only once) Duplicate postings are rejected by the system Any transactions that are rejected are ad
15、dressed and fixedAccuracy Key data elements for transactions (including standing data) recorded and input to the computer are correct Changes to standing data are accurately input and updated,Control Objectives,Validity Transactions, including changes to standing data, are authorized Transactions, i
16、ncluding standing data, are not fictitious and relate to the clientRestricted Access Protect against unauthorized amendments of data Ensure confidentiality of data Protect physical assets (such as cash and inventory) and electronic assets,Transactions Treasury,Approve of open, close and change of a
17、bank account and authorize short and long-term debt. Reconcile and review bank, investment, debt account, other statements and accounts Analyses and review of interest expense/income Segregation of duties,Transactions Financial Reporting,Review and approve manual journal entries and supporting docum
18、entation Analyze suspense, clearing and inter-company accounts Analyze income statement Reconcile and analyze major balance sheet accounts The consolidated balance sheet, statement of earnings, cash flow and related supporting schedules and/or footnote disclosures are prepared and reconciled Prepare
19、 and review Internal management representation letters Access to information systems is restricted to appropriate personnel.,Transactions Fixed Assets,Authorize expenditures Process and record capital acquisitions Assign useful life and depreciate fixed assets Record fixed asset disposals Perform im
20、pairment analysis Safeguard fixed asset Reconciliation of fixed assets register to general ledger Local GAAP computations,Transactions Production & Inventory,Record inventory received Develop standard and/or maintain updated costs for raw material inventory Develop standard and/or maintain updated c
21、osts for semi-finished goods or finished goods inventory Calculate and record inventory allowances and reserves Cost of sales recording on the sale of goods Record inventory movements Reconcile inventory subsidiary records to general ledger Physical inventory and/or test counts Safeguard inventory,T
22、ransactions Procurement & Payables,Approve vendors and maintain vendor master file Create purchase orders Receive goods Approve and process invoices for inventory purchases Approve and process invoices for non-inventory purchases (services, rent, etc.) Record accruals for receipts not yet invoiced R
23、eview and summarize invoices and accruals Process and record returns and adjustments Authorize and make payments,Transactions Revenue & Receivables,Process customer orders Obtain credit approval Establish price/terms for approved customers Record invoice upon shipment of goods Summarize invoices in
24、the general ledger Record cash receipts against receivables Calculate and record bad debt provision Trade deals accrual Controls over master file data (New customer, Existing customer and Price master files),Transactions Marketing & Promotion,Authorize and record marketing programs (media advertisin
25、g, market research, consumer and other promotional programs) Calculate and record program expenses and liability Process and record adjustments Authorize and make payments Reconcile detailed program activity to general ledger,Methods for testing controls,Definitions Inquiry : ask about the controlOb
26、servation : observe the control being performedExamination : verify the existence and accuracy of the controlRe-performance : independently perform the control oneself,Evaluating control testing results,No or negligible exceptions = significant reliance 0 exceptions for items (Pass test)exceptions f
27、ound- 1 exception - double the test sample size No more exceptions found ( its a error & Pass test) 2 or more exceptions found (raise issues) 2 or more exceptions found (raise issues),What to do if we find issues,Step 1: Understand qualitative aspects Nature and cause Types of misstatements resultin
28、g and their materiality Relationship to other audit areas Step 2: Decide toDesign a corrective action plan and re-test the control after implementation.In next year, must test corrected control to verify effectiveness and accuracy. As appropriate, recommendations for improvement,SOX Testing in PRC,S
29、OX Testing OverviewYear Cycle Tested Deficiency Reported2004 Revenue, Marketing and Fixed Assets 24 2005 Treasury, Marketing 16 2006 Treasury, Marketing and Fixed Assets 6, with 1 repeat issue,Kraft (China) SOX Deficiencies - TA,TA04 The personnel who initiate a wire transfer cannot also release the
30、 wire transfer.,Kraft (China) SOX Deficiencies - FA,FA05 The construction-in-process (CIP) activity (including actual versus authorized expenditures) and balance is reviewed periodically for proper accounting. Assets are capitalized in the appropriate time periods using the appropriate assetFA09 The
31、 detail asset class activity is periodically reviewed by authorized personnel for assets placed in service. Asset classes and depreciation rules used to capitalize assets are reviewed as to appropriateness.,Kraft (China) SOX Deficiencies - Marketing,MC08 Periodically, actual versus estimated spendin
32、g reports are prepared and reviewed. Periodically, the advertising accrual is reviewed (versus budget and actual production) by appropriate personnel for completeness, accuracy and validity.MT02 Program/contract system changes are verified after input, via comparison to authorized program/contract documentation MT03 Prior to payment or issuance of credit, appropriate personnel verify that trade incentives are earned by the customer.,Thank You!,
