presentation to isaca ifrs and gaap convergence: … · charles g. soranno. managing director....

Charles G. SorannoManaging Director

Presentation to ISACA:

IFRS and GAAP Convergence:Internal and Information Systems Audit Considerations

June 6, 2011

© 2011 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

Today’s Presentation

• IFRS and GAAP Convergence:– Reasons to Focus Now

• Applying the Six Elements of Infrastructure to IFRS and GAAPConvergence

• Internal and Information Systems Auditors:– What You Can and Should be Doing

2


Reasons to Focus Now: Key Points for IFRS Conversion and GAAP Convergence• Implementing changes to provide for sustained compliance with a

new standard: creating a path to the consistent application of judgment and the proper flow of data.

• Applying the lessons learned from SOX to IFRS: implementing a process rather than completing a project (and then re-completing that project annually).

• The need to re-define the role of the internal auditor and systems auditor: getting beyond the numbers and the theory.

• Navigating the path between fact and fiction: identifying the real (and substantial) challenges in adopting IFRS.

3


Reasons to Focus Now

“This isn’t happening any time soon –why even pay attention right now?”

4



Because it is happening.

• Outside the U.S., Conversion.• In the U.S.:

– Timeline for potential conversion, and– Convergence, one standard at a time.

5


Reasons to Focus Now:Global IFRS Trends• Every major non-U.S. capital market is moving to IFRS.• Over 100 countries around the world require or permit IFRS.

Top 10 global capital marketsUS US GAAP – moving toward IFRS

Japan Convergence to IFRS beginning 2011

UK IFRS

France IFRS

Canada Convergence to IFRS by 2011

Germany IFRS

Hong Kong HKFRS (equivalent to IFRS)

Spain IFRS

Switzerland IFRS or US GAAP

Australia AIFRS (equivalent to IFRS)

Other markets

Israel IFRS

India Planned IFRS adoption in 2011

S. Korea Planned IFRS adoption in 2011 (Early adoption permitted in 2009)

Brazil Planned IFRS adoption in 2010

Mexico Planned IFRS adoption in 2011 (Early adoption permitted in 2008)

6


Reasons to Focus Now: Update on SEC’s IFRS Timeline

In late February 2010, the SEC held an open meeting where they created a workplan for conversion/convergence which re-affirmed:• Their commitment to moving toward one high quality set of global financial standards.• The importance of the milestones previously articulated in their earlier discussions of

convergence and conversion. – The SEC added additional considerations around:

The impact to companies on contracts, agreements and other factors affected by a change.

The impact of potentially conflicting or complementary regulations and laws covered by other agencies (such as the IRS, institutional regulators, etc.).

Progress by the FASB and IASB on various convergence exercises underway (in key areas such as revenue recognition, income taxes, lease accounting, among others).

• Their intention is to meet in late 2011 to vote on whether or not to require IFRS for SEC registrants in the future.

The SEC, at this same meeting, also updated the timeline, stating that, now, the earliest date for adoption/conversion would be 2015 (as opposed to the previous 2014).

7


Reasons to Focus Now:SEC Work Plan – Key Areas for Consideration

A. Sufficient Development and Application of IFRS

B. The Independence of Standard Setting for the Benefit of Investors

C. Investor Understanding and Education Regarding IFRS

D. Examination of the U.S. Regulatory Environment that Would Be Affected by a Change in Accounting Standards

E. The Impact on Issuers

F. Human Capital Readiness

8


PROJECT GOAL EXPOSURE DRAFT DUE DATE COMMENTS DUE FINAL RULE DUE PRIORITY

LEVEL

Fair-valuemeasurement

Create a common definition and guidance for fair value June 2010 Sept 7, 2010 June 30, 2011 Highest

Statement of comprehensive

income

Improve transparency and comparability of income statements

June 2010 Sept 30, 2010 June 30, 2011 Highest

Financialinstruments*

Simplify existing rules and reconcile IFRS and GAAP’s differences June 2010 Sept 30, 2010 3rd / 4th Q 2011 Highest

Revenue recognition*

Strip out GAAP’s industry specific guidance and clarify when sellers can recognize revenue

June 2010 Oct 22, 2010 3rd / 4th Q 2011 Highest

Leases* Eliminate GAAP’s bright lines and capitalize all leases Aug 2010 TBD 3rd / 4th Q 2011 Highest

Consolidations* Finish the rulemakers’ work on consolidating off-balance-sheet vehicles Nov 2010 TBD 3rd Q 2011 Low

Financial-statement presentation*

Improve the organization of financial statements Feb 2011 TBD Dec 2011 Low

Financial instruments with characteristics of

equity*

Limit the classification of financial instruments as equity Feb 2011 TBD Dec 2011 Low

Derecognition*Develop a common standard for derecognizing financial assets and liabilities

TBD TBD TBD Low

*Schedule was amended.Source: Financial Accounting Standards Board, International Accounting Standards Board

IFRS / US GAAP Convergence Calendar

Revised schedule for major joint projects of FASB and the IASB

9



“This will be enormous, expensive and hard to control.”

10



It Could Be ….The timing, extent and cost of an IFRS conversion – or of IFRSconvergence, depends on:• Where you are now• How you want to approach the conversion• What else you had planned – especially in planned systems

conversions and upgrades

11



In Short…

… it’s biggerand

more effortthan you think

… or not.

12


Reasons to Focus Now:Possible Strategies

Strategies Approach“Top-Down” Develop global IFRS Accounting Policies at Corporate and push

down to accounting centers and operating units• Advantages:

– “Clean slate”– More options– Analysis and decision-making by Corporate

• Disadvantages:– Timing / Resourcing

Hybrid Inventory existing accounting policies and resources, and determine how to ensure IFRS compliance and consistency across locations

“Bottom-Up” • Start with existing U.S. and/or local GAAP and tweak for IFRS

• Advantages:– May be easier

• Disadvantages:– Potential diversity in application– Less options

13



“If and when this does happen, all of ouraccounting rules, policies, procedures and

controls will have to change.”

14



They Might….That depends on:• Your business lines and industry• Your geographical reach and current practices• Your scoping decisions at the outset of a conversion

15


Reasons to Focus Now: IFRS Levels of Effort – Early ScopingDecisions Set the Stage

Bottom Up

Top Down

“Tweak” “Do Over”

16


Reasons to Focus Now: Comparing IFRS and U.S. GAAP

IFRS US GAAP

17

http://images.google.com/imgres?imgurl=http://the-binding-machine.info/images/binders/binders_250x251.jpg&imgrefurl=http://the-binding-machine.info/&usg=__eGJ3hpc5NYpa_V2v-rHfk5QdUu4=&h=251&w=250&sz=11&hl=en&start=5&um=1&tbnid=zv5suhyIEreteM:&tbnh=111&tbnw=111&prev=/images?q=binders&um=1&hl=en&rlz=1T4GGLL_en&sa=N�

http://images.google.com/imgres?imgurl=http://the-binding-machine.info/images/binders/binders_250x251.jpg&imgrefurl=http://the-binding-machine.info/&usg=__eGJ3hpc5NYpa_V2v-rHfk5QdUu4=&h=251&w=250&sz=11&hl=en&start=5&um=1&tbnid=zv5suhyIEreteM:&tbnh=111&tbnw=111&prev=/images?q=binders&um=1&hl=en&rlz=1T4GGLL_en&sa=N�


Reasons to Focus Now:IFRS Accounting – Some of the Major Changes With Systems Impact

• Derivatives – “short cut method”• Revenue Recognition – specificity of guidance• Impairments – Calculation methodologies, measurement, level of

assessment, reversals• Earnings Per Share – Level of detail, calculation of weighted

average shares• Development Costs• Fixed Assets – Component Depreciation• Leases – New “balance sheet” accounting, impact to lease admin

systems

18



“There are no protocols in place - no precedents - for a change of this magnitude.”

19



Actually, there are:• Lessons learned from U.S. GAAP changes in the past few years• Lessons learned from IFRS experiences overseas• Project management and organization – lessons learned from

U.S. SOX 404 efforts• Lessons learned by IT organizations resulting from major ERP

implementations in recent years

20


Reasons to Focus Now:Lessons Learned from U.S. GAAP Changes

• Systems can enable compliance and change – The opposite is also true

• Integrated sub ledgers and data flow are a best practice• Segregational duties (inside and outside of the IT environment) may

need to change• Resist urge to “spreadsheet” account for your systemic changes

21


Lessons Learned about Systems from IFRS Conversions in Europe

• Top level sponsorship is a must

• It is not just Finance nor just Financial reporting

• Thorough and complete scoping and planning is half the work

• Be prepared for changes along the way

• Be prepared for management decision making along the way

• General GAAP comparison won’t do, the devil is in the details

• Data quality and sourcing is key

• Documentation discipline is a “must have”

• Distribute and share knowledge to avoid “key person” exposure

• Post implementation review

22


Lessons Learned from IFRS in Europe:Phases of Information Systems ChangeMost (if not all) of the European organizations went through three major phases to make the required changes to their information systems:

1. Assessment

– Understand the impact of IFRS on Information Systems and define the related change strategy.

2. Detailed Analysis

– Translate IFRS rules into the models and concepts (solution design) understandable by the business systems.

3. Solution Development

– Change existing and/or implement new business systems based on the solution designed in the previous phase.

23


Reasons to Focus Now: Lessons Learned – US SOX 404

• The importance of planning and scoping the effort

• Checkpoints and interaction with External Auditors

• Audit Committee involvement in key decisions

• Budgeting for cost and logistics of:

– Internal and external resources

– IT infrastructure

– “Do-over's”

24


Reasons to Focus Now:Lessons Learned by I.T. Organizations – ERP Implementations

• Defining the coding block and hierarchy(ies) of data

– Opportunity to design a new, more efficient Chart of Accounts.

• Integrated ledger-to-G/L reporting

• Dual reporting capabilities

• Multi-currency capabilities

• Configurable Controls and GRC technology – from a global perspective

• Redesign Security to make sure access to sensitive transactions and SODs are controlled

25



“This hasn’t got anything to do withInternal Audit and Information Systems Audit right now

– it’s a finance project.”

26


Actually no….

This needs to be a priority for Internal Audit and I.S. Audit planning and agenda-setting:

• It is more than “just a finance project”

• It affects all aspects of the business and finance control structure, including significant IT implications

• It needs to be part of the IA/ISA focus from start to finish, and ongoing post-implementation

• It affects the skills and people you will need to execute an audit plan

Internal Auditors and Information Systems Auditors have a big role to play

27


Strategies & Policies:• A critical first step is the determination of accounting policies under IFRS:

– Understand the new standards– Differences between IFRS and current accounting policies will need to be identified ⇒

perform a technical accounting diagnostic– IFRS 1 conversion considerations– Modeling and pro-forma analysis– Decisions and accounting policy determination

• Accounting policies (and other policies) will need to be revised to reflect changes to IFRS.

• Consistency of IFRS across all business units in multiple countries is required.Internal Auditors and Information Systems Auditors need to acquire and maintain skills in reviewing policies – policies which may have an entirely different “look and feel” under IFRS than they did under U.S. GAAP.

Internal and Information Systems Audit Considerations

Strategies & Policies

Processes & Workflows

People & Capabilities

Communication, Awareness &

Training

Data, Information &

Reporting

Systems & Technology Enablement

… but conversion impacts more than just accounting policies …

28


Processes & Workflows:• Business processes in affected areas will need to be revised to support accounting

policies, valuation of assets and liabilities and disclosure/reporting needs under IFRS.• Internal controls will need to be reviewed and redesigned for new processes.• Internal control documentation supporting SOX will need to be reviewed and updated

to avoid gaps.• Manage the conversion process and cost … focus on the change management

process, and make changes dynamically.Internal Auditors and Information Systems Auditors will need to plan and execute a plan which takes the time and effort for the business units to update documentation into account. Test plans may need to change based on changes to policies and workflows.





Training

Data, Information &

Reporting


29

Impact of IFRS Conversion on the Six Elements of Infrastructure:

Conversion Considerations


People & Capabilities:• War for Talent – the company needs to :

– Hire or retain “qualified” personnel (accounting and IT personnel, consulting and external resources).

– Appoint a team to champion, handle and manage the conversion.– Build capabilities, including those outside of the accounting and financial reporting

areas.– Review and update employee performance measures linked to financial reporting.

Internal Audit and Information Systems Audit groups will need to access or “borrow” people with requisite skills in order to execute their plans and test “judgment” and “consistency” vs. “compliance” and “here.”







Training

Data, Information &

Reporting


30






Training

Data, Information &

Reporting


31



Communication, Awareness & Training:• Communicate and manage the change internally and externally.

– Internal: Education and training, including those outside the accounting and financial reporting areas. Prepare senior management and the Board of Directors for the new basis of accounting. Educate users on changes to reports and how to understand and interpret information and

reports.– External: External communications to manage expectations. Prepare external stakeholders and the marketplace (including analysts) for the new basis of

accounting and reporting.Internal Auditors and Information Systems Auditors will need to plan and execute in a way that enables timely communication of issues with an IFRS conversion for internal and external timelines.


Data, Information & Reporting:• Identify data sources to meet requirements and accommodate valuations, accounting,

reporting and disclosures under IFRS.• Assess impact of IFRS on KPIs and internal management reporting and analysis.• Identify reports (system generated and manually created) which are impacted by the

conversion to IFRS and the changes needed to the reports.• Educate users on changes to reports and how to understand and interpret the new

presentations.Internal Auditors and Information Systems Auditors will need to build plans which respond to changes in the design and testing needs which come from changing sources of data and information flows.





Training

Data, Information &

Reporting


32




Systems & Technology Enablement:• Evaluate if current financial reporting and other applications can accommodate

valuations, accounting and reporting under IFRS.• Can software applications be converted or will new applications be needed.• Are vendors providing support and upgrades.• What is the cost and timeframe needed to convert software applications.• Will the use of spreadsheets be required and how will they be controlled to ensure the

integrity of financial reporting.Internal Audit and Information Systems Audit groups will need to be able to react to changes in the extent to which data passes through systems or human hands, and pay special attention to IT change management protocols in the year(s) of conversion.





Training

Data, Information &

Reporting


33




(see note) 30-Jun-10ASSETSCash & Deposits 224,335 Bank time deposit & restricted cash 25,206

Trade Receivables 325,883 Deferred taxes – Current 21,544 Inventories 14,373 Property 181,800 Less: Accum. Depreciation (517,347)Net Property 324,453 Intangible Assets 1,268,133 Less: Accum. Amortization (494,300)

P&LProduct Revenues 3,374,231 COGS 839,934 R&D Gross 186,743 Less: Reimbursement (25,945)SG&A 914,217 Other Income (Exp.) (116,479)Interest Income (Exp) (214,991)Income tax (71,109)

(see note) 30-Jun-10ASSETSCash & Deposits 224,335 Bank time deposit & restricted cash 25,206 Trade Receivables 325,883

P&LR&D Gross 186,743 Less: Reimbursement (25,945)SG&A 914,217 Other Income (Exp.) (116,479)Interest Income (Exp) (214,991)

(see note) 30-Jun-10ASSETSDeferred taxes – Current 21,544 Inventories 14,373 Property 181,800 Less: Accum. Depreciation (517,347)Net Property 324,453 Intangible Assets 1,268,133 Less: Accum. Amortization (494,300)

P&LProduct Revenues 3,374,231 COGS 839,934 Income tax (71,109)

Note: Items not representative of actual convergence / conversion differentiation

Proceed with Diagnostic

Establish plan for Diagnostic

Starting Point: Consolidated Financials

What You Can and Should be Doing:Differentiate between Convergence and Conversion

34


Each conversion project is a change management process that runs through three phases. Each phase can be addressed in a structured way using the Protiviti Six Elements of Infrastructure model :

Trial Balance

Deliverables

What You Can and Should be Doing: Develop a Conversion Process

Phase I – Preliminary Scoping & Planning

Step I –Preliminary Scoping

Step II –Develop Project Management

Step VI –Integrate Change & Ongoing Compliance

Step V –Year 1 IFRS Reporting

Step IV –Detailed Gap Analysis

Step III –Detailed Project Set Up

Phase II – Project ImplementationPhase III – Embedding

35

Business Strategies & PoliciesBusiness Processes

Organization and PeopleManagement Reports

MethodologiesSystems and Data


What You Can and Should be Doing: Consider the Impact of IFRS on Information Systems• Dual accounting standards during a relatively long transition period trigger the necessity

for different solution frameworks during this period:– Organizations must consider not only how to adopt the new IFRS regulations, but

also how to navigate through the transition phase and to do so well in advance of the expected mandatory timetable so as to be able to provide the required comparatives.

• Fundamental changes in accounting and financial business applications will impact the overall Information Technology (IT) environment:

– New data requirements – Talent Retention– Changes to interfaces – Applications– Change management – IT governance and project management– Security – SOX and other regulatory changes– Operations

36


What You Can and Should be Doing: Consider IFRS Solutions Provided by Major ERP Packages• Translation:

– The new IFRS statements are prepared by extraction and reprocessing data from the old accounting transactions. This is most often what is used as the starting point. This solution requires extraction and mapping programs that are not available in the core ERP features.

• Parallel Accounting: – The system allows parallel recording of two transactions according to both local

GAAP and IFRS standards including new information and new methods of calculation.

• Difference: – Gaps in one system are extracted from the first system to complete and produce

the data in the second one. Depending on the nature of their architecture and software, ERP packages (mainly Tier 1package such as SAP, Oracle, JDE, PeopleSoft) have often integrated one or both ofthe two latter options.

37


What You Can and Should be Doing: Consider ERP Change Strategies for IFRS

The change strategy for the ERP depends on the landscape of the business systems in a given organization. The major change strategies are:• New Implementation:

– Implementation of a new package with integrated features to support multi-standards accounting transactions.

• Modification:– Upgrade of the existing ERP package and/or addition of a new module.

• Re-configuration:– Change the configuration of the existing ERP.

• Re-implementation:– Override the existing configuration of the ERP package by re-implementing from

scratch.

38


What You Can and Should be Doing: Be Prepared For a Variety of IFRS Conversion StrategiesThe conversion strategies before and during the transition period are very likely to be:• Short term

– The organization is reporting in US GAAP format from its supporting general ledger (GL) and subsystems (Excel reporting, manual reconciliation, custom reports).

• Gradual transition– The same sources of information are being used; however, the consolidation and reporting system

is now being used to create IFRS compliant financial statements, along with US GAAP statements. – Some of the IFRS changes have been embedded into supporting transaction systems (GL level and

sub ledger / subsystems); however, there are some manual adjustments being made within the consolidation system to prepare the IFRS financial statements.

• Long term– Over time, the IFRS requirements will be more fully embedded into the supporting transaction

systems (GL level and sub ledgers / subsystems). – The need to make adjusting entries to prepare the IFRS financial statements will be reduced or

eliminated. – Potentially, adjusting entries will be needed to prepare US GAAP financial statements as the

primary GAAP becomes IFRS and the people, process and technology efficiencies are focused around IFRS.

39


What You Can and Should be Doing: Understand the Systems and Data Impacts of IFRS

• New data requirements• Changes to interfaces• Change management

– SDLC– Reconfiguration and/or possible ERP

upgrade– Configurable controls – analysis, enabling

and/or disabling– Interfaces– Dual accounting systems

• Security– Role redesign– Changes to segregation of duties rules

and analysis– Access to legacy data

• Operations– Job scheduling– Backups– Data storage

• Talent retention• Applications

– ERP– Financial consolidation packages– Spreadsheets– Budgeting, forecasting and other business

intelligence tools• IT governance and project management• SOX and other regulatory changes

40


What You Can and Should be Doing: Understand New Data and Interfacing Requirements

• New data may be required• Existing data elements may need to be redesigned• Existing data will need to be converted • System interfaces may need to be redesigned

– For example, The chart of accounts Material master Cost element Cost center structures

41


What You Can and Should be Doing: Understand Change Management Impact

• Large volume of changes likely to flow through change management/SDLC processes– Primarily manual change management controls will undergo stress

if not fail.• Reconfiguration, and possible upgrade of ERP.• ERP configurable controls to be analyzed, enabled or disabled

– Lack of strong knowledge on this topic among accounting and IT personnel as it is.

• Interfaces to be redesigned or eliminated.• Dual accounting systems to be maintained during convergence

period.

42


What You Can and Should be Doing: Be Prepared For the Modification of Existing Systems• The IFRS transition process will require additional and changed

information and disclosures for financial reporting purposes.• Financial analysis will change as the fundamental differences

between IFRS and GAAP assumptions will affect operations and planning.

• The chart of accounts, material master, cost element and cost center structures may need to be redesigned, others may need to be defined and implemented.

• All balance sheet validation procedures will change. • Consolidation systems will also be impacted as organizations decide

where and at what level to prepare IFRS reporting.

43


What You Can and Should be Doing: Recognize Security Implications

• Role redesign to account for transaction or functional changes.• Segregation of Duties (SOD) analysis

– SOD rule definitions may change.– Resulting analysis and monitoring tools may be impacted.

• Access capabilities to legacy data must be maintained.• Significant volume of access security changes anticipated.

– Similar to change management, primarily manual user access administration controls will undergo stress if not fail.

44


What You Can and Should be Doing: Scrutinize Applications Impacted by IFRS

• Major ERPs like SAP and Oracle.• Financial consolidation packages such as Hyperion.• Spreadsheets.• Budgeting, forecasting, planning and other business intelligence tools

– Reporting and financial ratios such as KPI metrics must be evaluated.

45


What You Can and Should be Doing: Manage the Impact on IT Governance and Project Management• IFRS effort may compete for scarce IT and accounting resources.• Postpone or accelerate ERP upgrade?• Treat IFRS like the major enterprise risk management project it is

– Significant number of moving parts.– Pervasive impact on Six Elements of Infrastructure.– Start early is major lesson learned from Y2K and SOX compliance efforts Anticipated 2-3 year conversion process for average company. Anticipated average cost of $32 million per company among 110 U.S.

early adopters over the first three years.• Major IT projects ought to have strong IT governance oversight and project

management yet IFRS is much bigger than a technical accounting or IT change.

46


What You Can and Should be Doing: Factor SOX and Other Regulatory Impacts of IFRS into Your Audit Plan

• Changes to business process internal controls and processes– Data– Data elements– Configurable controls– Access privileges/segregation of duties– Analytics

• Risk control matrices, narratives, process flows and test scripts will change.

• Significant volumes of transactions/changes impacting IT general controls.

47


Ultimately The Role of Internal and Information Systems Audit in IFRS Conversion• Audit universe = steady state + change initiatives• IFRS should be part of the audit universe since it is a major project• IFRS (a new project) will most likely be rated as high risk• The internal audit plan should be risk-based • Accordingly, it would be expected that IFRS be part of the internal audit plan• Internal Audit can play a key role in assessing organizational readiness:

– Internal Audit and Information Systems Audit can identify project risks (e.g., operational, financial reporting, resources) in planning stages.

– Internal Audit and Information Systems Audit can focus on control over change management process and impact on ICFR and DC&P.

– Internal Audit and Information Systems Audit can inform the Board and Audit Committee on the status and progress of IFRS readiness and implementation .

48


QUESTIONS AND COMMENTS

Charles G. SorannoManaging Director

Protiviti, Inc.(732) 326-4518

[email protected]

49

presentation to isaca ifrs and gaap convergence: … · charles g. soranno. managing director....

Documents