国外简约大气的模板.ppt

Importance of IT Controls to Sarbanes-Oxley The Importance of IT Controls to Sarbanes-Oxley Compliance.  Today’s Objectives Provide a high-level overview of Sarbanes-Oxley and the internal control certification requirements Discuss the importance of information technology in internal control over financial reporting Describe how the Sarbanes-Oxley section 404 rules impact information technology Provide an overview of the Cobit IT control framework Provide an example of a readiness program roadmap Summarize the importance and impact of IT controls to Sarbanes-Oxley compliance Setting the Stage Setting the Stage What is internal control? Internal control is broadly defined as a process, effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations Internal control is now the Law The Sarbanes-Oxley Act of 2002 was created to restore investor confidence in the public markets Section 404 of the Act requires management to establish and maintain internal control – and requires the independent auditors to evaluate Compliance deadline: Year-ends on or after November 15, 2004 Preparing for Sarbanes-Oxley compliance is a significant and challenging task There are many requirements, including the identification of significant financial statement accounts, processes and systems that support them and then documenting and testing them Overview of Internal Control Certification Requirements Section 302 Certification Overview CEO and CFO to make specific certifications as of the end of each quarterly and annual reporting period, including: Report contains no untrue statements Report is fairly presented in all material respects Responsibility for design and maintenance of disclosure controls and procedures as well as inte