Definition of "Risk Assessment"
What is Risk Assessment?
Every entity faces a variety of risks from external and internal sources that must be assessed. Risk assessment is the identification and analysis of relevant risks and their impact on the achievement of the company’s objectives. Management must form a basis for determining how risk should be managed. Because economic, industry, regulatory, and operating conditions will continue to change, management will need to employ mechanisms that enable management to identify and address the special risks that result from such change.
Someone asked what the different sections of the Sarbanes Oxley Act were.. here they are:
Sarbanes Oxley Act of 2002TITLE I — PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD
Sec. 101. Establishment; administrative provisions.
Sec. 102. Registration with the Board.
Sec. 103. Auditing, quality control, and independence standards and rules.
Sec. 104. Inspections of registered public accounting firms.
Sec. 105. Investigations and disciplinary proceedings.
Sec. 106. Foreign public accounting firms.
Sec. 107. Commission oversight of the Board.
Sec. 108. Accounting standards.
Sec. 109. Funding.TITLE II — AUDITOR INDEPENDENCE
Sec. 201. Services outside the scope of practice of auditors.
Sec. 202. Preapproval requirements.
Sec. 203. Audit partner rotation.
Sec. 204. Auditor reports to audit committees.
Sec. 205. Conforming amendments.
Sec. 206. Conflicts of interest.
Sec. 207. Study of mandatory rotation of registered public accounting firms.
Sec. 208. Commission authority.
Sec. 209. Considerations by appropriate State regulatory authorities.TITLE III — CORPORATE RESPONSIBILITY
Sec. 301. Public company audit committees.
Sec. 302. Corporate responsibility for financial reports.
Sec. 303. Improper influence on conduct of audits.
Sec. 304. Forfeiture of certain bonuses and profits.
Sec. 305. Officer and director bars and penalties.
Sec. 306. Insider trades during pension fund blackout periods.
Sec. 307. Rules of professional responsibility for attorneys.
Sec. 308. Fair funds for investors.TITLE IV — ENHANCED FINANCIAL DISCLOSURES
Sec. 401. Disclosures in periodic reports.
Sec. 402. Enhanced conflict of interest provisions.
Sec. 403. Disclosures of transactions involving management and principal stockholders.
Sec. 404. Management assessment of internal controls.
Sec. 405. Exemption.
Sec. 406. Code of ethics for senior financial officers.
Sec. 407. Disclosure of audit committee financial expert.
Sec. 408. Enhanced review of periodic disclosures by issuers.
Sec. 409. Real time issuer disclosures.TITLE V — ANALYST CONFLICTS OF INTEREST
Sec. 501. Treatment of securities analysts by registered securities associations and national securities exchanges.TITLE VI — COMMISSION RESOURCES AND AUTHORITY
Sec. 601. Authorization of appropriations.
Sec. 602. Appearance and practice before the Commission.
Sec. 603. Federal court authority to impose penny stock bars.
Sec. 604. Qualifications of associated persons of brokers and dealers.TITLE VII — STUDIES AND REPORTS
Sec. 701. GAO study and report regarding consolidation of public accounting firms.
Sec. 702. Commission study and report regarding credit rating agencies.
Sec. 703. Study and report on violators and violations
Sec. 704. Study of enforcement actions.
Sec. 705. Study of investment banks.TITLE VIII — CORPORATE AND CRIMINAL FRAUD ACCOUNTABILITY
Sec. 801. Short title.
Sec. 802. Criminal penalties for altering documents.
Sec. 803. Debts nondischargeable if incurred in violation of securities fraud laws.
Sec. 804. Statute of limitations for securities fraud.
Sec. 805. Review of Federal Sentencing Guidelines for obstruction of justice and extensive criminal fraud.
Sec. 806. Protection for employees of publicly traded companies who provide evidence of fraud.
Sec. 807. Criminal penalties for defrauding shareholders of publicly traded companies.TITLE IX — WHITE-COLLAR CRIME PENALTY ENHANCEMENTS
Sec. 901. Short title.
Sec. 902. Attempts and conspiracies to commit criminal fraud offenses.
Sec. 903. Criminal penalties for mail and wire fraud.
Sec. 904. Criminal penalties for violations of the Employee Retirement Income Security Act of 1974.
Sec. 905. Amendment to sentencing guidelines relating to certain white-collar offenses.
Sec. 906. Corporate responsibility for financial reports.TITLE X — CORPORATE TAX RETURNS
Sec. 1001. Sense of the Senate regarding the signing of corporate tax returns by chief executive officers.TITLE XI — CORPORATE FRAUD AND ACCOUNTABILITY
Sec. 1101. Short title.
Sec. 1102. Tampering with a record or otherwise impeding an official proceeding.
Sec. 1103. Temporary freeze authority for the Securities and Exchange Commission.
Sec. 1104. Amendment to the Federal Sentencing Guidelines.
Sec. 1105. Authority of the Commission to prohibit persons from serving as officers or directors.
Sec. 1106. Increased criminal penalties under Securities Exchange Act of 1934.
Sec. 1107. Retaliation against informants
More on Section 302 - Corporate Responsibility for Financial ReportingMore background on the Sarbanes-Oxley Act
Here is the direct excerpt from the Sarbanes-Oxley Act of 2002 report:A.
Regulations Required. The Commission shall, by rule, require, for each company filing periodic reports under section 13(a) or 15(d) of the Securities Exchange Act of 1934, that the principal executive officer or officers and the principal financial officer or officers, or persons performing similar functions, certify in each annual or quarterly report filed or submitted under either such section of such Act that-- 1.
the signing officer has reviewed the report;2.
based on the officer's knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which such statements were made, not misleading; 3.
based on such officer's knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition and results of operations of the issuer as of, and for, the periods presented in the report; 4.
the signing officers-- A.
are responsible for establishing and maintaining internal controls; B.
have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared; C.
have evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report; and D.
have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date; 5.
the signing officers have disclosed to the issuer's auditors and the audit committee of the board of directors (or persons fulfilling the equivalent function)-- A.
all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer's ability to record, process, summarize, and report financial data and have identified for the issuer's auditors any material weaknesses in internal controls; and B
. any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer's internal controls; and 6.
the signing officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.B.
Foreign Reincorporations Have No Effect. Nothing in this section 302 shall be interpreted or applied in any way to allow any issuer to lessen the legal force of the statement required under this section 302, by an issuer having reincorporated or having engaged in any other transaction that resulted in the transfer of the corporate domicile or offices of the issuer from inside the United States to outside of the United States.
As requested:Here is a SEC Press release regarding Auditor Independence:
SEC Staff Responds to Frequently Asked Questions Regarding Auditor Independence
FOR IMMEDIATE RELEASE2003-94
Washington, D.C., Aug. 13, 2003 — The Securities and Exchange Commission's Office of the Chief Accountant today provided its responses to 35 frequently asked questions regarding the application of the Commission's rules on auditor independence. On Jan. 28, 2003, the SEC released new regulations strengthening the Commission's existing requirements regarding auditor independence. See Release No. 33-8183
The staff's responses are intended to assist registrants and their audit committees, audit firms, and other market participants in the understanding of and compliance with the new regulations. The document includes the staff's responses to questions in the general areas of:
*partner rotation and transition questions
*other audit partner and partner rotation matters
*audit committee pre-approval
*audit committee communications
*"cooling off" period
*broker-dealers and investment advisers
The staff's responses can be found on the Commission's Web site at http://www.sec.gov/info/accountants/ocafaqaudind080703.htm
Some Disclosure Requirements of the SARBANES-OXLEY Act:
* Auditors and Management must annually assess their company’s internal controls and related disclosures.
* Additional disclosure of off-balance sheet financing and financial contingencies is now required.
* The presentation of pro forma information is now required.
* Disclosure under Section 16 of the Exchange Act of insider stock transactions has been accelerated to two business days.
* Disclosure of certain information will now be required in “real time.”
What is CoBIT? This is one of the most used standards for defining and documenting Internal Controls. It stands for Control Objectives for Information and Related Technologies. It has six main components which we will definitely describe in the future in depth. They six components are; Executive Summary, Framework, Control Objective, Control Practice, Management Guidelines and Audit Guidelines.