Sarbense Oxley

7/21/2019 Sarbense Oxley

1/90


2/90

2

Corporate Scandals


3/90

3

-

...

.

-

.

Sarbense-

Oxely Act (SOA)


4/90


5/90

5

2002/06/23

2002/07/30SEC.


6/90

6

1933

1960

19441944

1969

.


7/90

7

-2002

--

:

2002

.

1934

.

1166.


8/90


9/90

9

:PCAOB

.


10/90

10

:PCAOB

-101--102--103- -104-

-

105-

-106--107--108-

-

109-


11/90


12/90

12

::

.


13/90

13

::

201-

202-

203-

204-

205-

206-

207-

208-

209-


14/90


15/90

15

:

.


16/90

16

:

-301--302--303--304--

305-

-306--307-

-308-


17/90


18/90

18

:

.

.


19/90

19

:

401-402-403-404- 405-406-407- 408-

409-


20/90


21/90

21

:

( .

(

501-

((NSE((RSA


22/90


23/90

23

:

.

601-602- 603-

604-


24/90


25/90

25

:

.

701-

702-703-704-

705-


26/90


27/90

27

:

.

801:802:

803:

804:805- 806-

807-


28/90


29/90


30/90


31/90


32/90


33/90

33

:

.


34/90

34

:

1001-

1102-

1103-

1104-

1105-

1106-

1934

1107-


35/90


36/90

36


37/90

37


38/90

38

()


39/90

39

5

8

.

/


40/90

40

20

14/4/1384

.

.


41/90

SEC

SOX

SEC


42/90

42

-SEC

.


43/90


44/90

44

-

2002

.

:

.

.


45/90

45

1970

.

1970

.

.


46/90

46

.

.

1970

.


47/90


48/90

48

.

193419331929

.

1939.

.

.

103

18

.


49/90


50/90

50

....1933

.

2 3

1933

30 20

1934

3 1

1940


51/90

PCAOB

PCAOB


52/90

52

PCAOB

-

(PCAOB)

.

.

.

PCAOB


53/90

53

PCAOB

101

-

:

1933

.

.

5.

.

2

.

.

5

5

.


54/90

PCAOB


55/90

55

PCAOB

:

- -

-

--108

FASB


56/90


57/90

57

:

-

.

-

.

-

5.7

.


58/90

58

-

.


59/90

59

-

:

.


60/90


61/90

61

:

.

404


62/90

404-


63/90

63

404

.

:1

2

.

404

.


64/90

404-


65/90

65

-2004-

.

.

-

.


66/90

The Five Components underthe COSO Framework

COSO Framework


67/90

67

the COSO Framework

Control Activities

Policies/procedures that ensure

management directives are carried

out.

Range of activities including

approvals, authorizations,

verifications, recommendations,

performance reviews, asset

security and segregation of duties.

Monitoring

Assessment of a control systemsperformance over time.

Combination of ongoing andseparate evaluation.

Management and supervisoryactivities.

Internal audit activities.

Control Environment

Sets tone of organization-influencingcontrol consciousness of its people.

Factors include integrity, ethical values,competence, authority, responsibility.

Foundation for all other components ofcontrol.

Information and Communication

Pertinent information identified, capturedand communicated in a timely manner.

Access to internally and externallygenerated information.

Flow of information that allows forsuccessful control actions from

instructions on responsibilities tosummary of findings for managementaction.

Risk Assessment

Risk assessment is the

identification and analysis of

relevant risks to achieving the

entitys objectives-forming the

basis for determining control

activities.

Al l f ive com ponents must be in place

for a con trol to b e effect ive.

Intersection with Elements of aCompliance Program


68/90

68

Compliance Program

Federal SentencingGuidelines

Experience from other

industry sectors

OIG ComplianceProgram Guidance

Standards and Procedures

Oversight Responsibility

Education and Training

Lines of Communication

Monitoring and Auditing

Enforcement and Discipline

Response and Prevention



69/90

69

Compliance Program

Code of Conduct Commitment by seniormanagement

Distribution to applicableemployees and contractors

Updating to addressnew risks

Values approach

Records retention










70/90

70

Compliance Program

High-level involvement

Responsibility for developing,

operating, and monitoring the

compliance program

Direct access to Board and/orCEO

Updates to Board and/or CEO

Operational Committee









71/90



72/90

72

Compliance Program








Hotlines

Exit interviews

Periodic surveys

Supervisor accountability

Documentation of issuesidentified and resolved

Periodic reports on issueshandled

Non-retaliation policy



73/90

73

p g








Internal or external evaluatorsto perform regular reviews

Focus on high-risk areas

Validation of policies and

procedures Qualifications of reviewers

Corrective action in response toaudit results

Monitoring and reporting of

audit efforts



74/90

74

p g








Consequences of violating thelaw, the Code of Conduct, orpolicies and procedures

Violations reviewed andresolved on a case-by-case basis

Consistent disciplinary action

Confidentiality

Periodic reports of action taken



75/90

75

p g








Prompt investigations ofreasonable allegations ofsuspected noncompliance

Decisive steps to correctproblems identified

Reporting to Government whenappropriate under the advice oflegal counsel

Addressing DC&P Requirements


76/90

76

Internal

Accounting

Controls

Disclosure Requirements

FinancialReporting

ComplianceOperations

Internal Cont

Over Financi

Reporting

Disclosure

Controls

and

Procedures

Other aspectof Complianc

and Operatio

pertaining to

DC&P

LEGEND

Operationalizing the ControlStructure, Including the CertificationEffort


77/90

77

Effort

Emerging Model


78/90

78

Quality, compliance and business risks managed in a coordinated manner -

easier to see key interrelationships and interdependencies

Board

ChiefCompliance

Officer

Day-to-Day

Operations

Financial Risk

Regulatory Risk

Systems/IT Risks Operational Risks


79/90

79


80/90


81/90

81

...

.

.


82/90


83/90

83

!

(FASB)

SEC FASB

.


84/90

84

SEC(

)

.

.


85/90

85

.

1383

1372

.

.


86/90

86

1386

74

36

.

:


87/90

87

!!

!

:


88/90

88

.

:

Thank God shes finished!


89/90

Any question


90/90

90

Documents

Sarbense Oxley