PDF Risk Assessment - Does Your Approach Need a Refresh?
Risk Assessment ? Does Your Approach Need a Refresh?
Presented by: Jason Greenlee, Audit Senior Manager Deloitte & Touche LLP
March 15, 2018
Objectives
Discuss and assess factors that may indicate your risk assessment activities may require a refresh
Share leading practices to transform the risk assessment program from a reactive to a proactive approach
Discuss how an effective risk assessment serves to achieve the desired objective of providing reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external reporting purposes in accordance with generally accepted accounting principles (GAAP).
2
Copyright ? 2017 Deloitte Development LLC. All rights reserved.
Agenda ? Risk assessment refresh
01
MODULE
02
MODULE
03
MODULE
04
MODULE
05
MODULE
06
MODULE
07
MODULE
3
? Regulatory requirements ? Data on material weakness
? Timing ? Participants ? COSO Linkage to risk assessment ? Risk assessment process
? Leading practices to help avoid common risk assessment pitfalls
? Innovation when performing risk assessments
? Desired outcome of an effective risk assessment
? Resources
Copyright ? 2017 Deloitte Development LLC. All rights reserved.
Module 1 ? Risk Assessments
? Regulatory requirements ? Focus area by regulators ? Maturity model ? Cost of a less mature internal control over financial
reporting (ICFR) program ? Opportunities ? Data on material weaknesses
Regulatory requirements
Management
Auditor
SOX Act Section 404(a) requires management of issuers that meet certain criteria (established by SEC rulemaking) to perform an annual assessment of the effectiveness of ICFR as of the entity's year-end date and to present its assertion as to the effectiveness of the entity's internal control over financial reporting in the annual Form 10-K filing (referred to as "management's assessment").
Sarbanes-Oxley Act Section 404(b) requires the auditors of certain entities subject to Section 404(a) to annually attest to, and report on, management's assessment in accordance with
the standards of the PCAOB (i.e., perform an audit of ICFR). The PCAOB standards are relevant to
auditors, as these standards set forth the requirements that need to be addressed by auditors as they conduct integrated audit.
404
Framework
SEC Rules 13a-15(c) and 15d15(c) states that the framework must be a suitable, recognized control framework that is established by a body or a group that has followed due-process procedures, including broad distribution of the framework for public comment
5
PCAOB AS5 requires that the auditor use the same suitable, recognized framework to perform the audit as management uses for it's annual evaluation of the effectiveness of the company's ICFR.
Copyright ? 2017 Deloitte Development LLC. All rights reserved.
Regulatory requirements
2013 COSO Framework
? The COSO 2013 Internal Control ? Integrated Framework is the framework used by management to perform its assessment
? While the 5 components operating together in an integrated manner, principles 6 ? 11 are most relevant to the risk assessment.
Control environment
1. Demonstrates commitment to integrity and ethical values
2. Exercises oversight responsibilities
3. Establishes structure, authority, and responsibility
4. Demonstrates commitment to competence
5. Enforces accountability
Risk assessment
6. Specifies suitable objectives
7. Identifies and analyzes risk
8. Assesses fraud risk
9. Identifies and analyzes significant change
Control activities
Information and communication
10. Selects and develops control activities
11. Selects and develops general controls over technology
12. Deploys through policies and procedures
13. Uses relevant, quality information
14. Communicates internally
15. Communicates externally
Monitoring activities
16. Conducts ongoing and/or separate evaluations
17. Evaluates and communicates deficiencies
6
Copyright ? 2017 Deloitte Development LLC. All rights reserved.
Focus area by regulators
Increased focus by the SEC & PCAOB on ICFR
? ICFR continues to be a key focus for financial regulators, preparers, auditors, and audit committees
? Wesley Bricker, chief accountant in the SEC's Office of the Chief Accountant and others offered their views on the importance of internal controls
"We are routinely reminded through our interactions with investors that they continue to believe that strong and effective internal controls and audits are an important component of the ability of companies to communicate credible financial reporting information in order to raise the capital needed to operate, grow and compete....it is hard to think of an area more important than ICFR to our mission of providing high-quality financial information that investors can rely on. If left unidentified or unaddressed, ICFR deficiencies can lead to lower-quality financial reporting and ultimately higher financial reporting restatement rates and higher cost of capital."
Wesley R. Bricker, Chief Accountant, on December 5, 2016 in keynote address before the 2016 AICPA Conference on Current SEC and PCAOB Developments.
7
Copyright ? 2017 Deloitte Development LLC. All rights reserved.
Focus area by regulators
Common theme and differences between management and auditor
Potential Efficiencies
Close to full agreement on controls
RISK ASSESSMENT
(RA)
PLAN FOR ICFR
Communication
Causes for differences
Judgments
Frequent discussions on RA and
impact to audit of ICFR
Understand reasoning when
there are differences in risk assessments or in
the selection of controls to test
Materiality
Differences in ROMMS
8
Copyright ? 2017 Deloitte Development LLC. All rights reserved.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- pdf miami dade county department of regulatory and economic
- pdf 33752 federal register vol 79 no 113 thursday june 12
- pdf impacts of federal tax credit extensions on renewable
- pdf december 2015
- pdf consumer comment and complaint in response to ftc final order
- pdf season annual report phoenix symphony
- pdf minutes of the regular meeting
- pdf state agency action report on application for certificate of need
- pdf dennis stokes crpc crossbridge wealth
- pdf case 14 10833 css doc 1260 filed 05 18 16 page 1 of 292
Related searches
- risk assessment for p2p payments
- risk assessment examples for banks
- nist risk assessment template
- nist cybersecurity risk assessment template
- nist risk assessment template xls
- nist risk assessment model
- nist risk assessment questionnaire
- nist csf risk assessment template
- nist risk assessment checklist
- nist risk assessment pdf
- risk assessment steps nist
- nfpa 99 risk assessment template