ACC 675 Final Project Guidelines and Rubric
Overview The final project for this course is the creation of a case study analysis. You will use the article The SOX Compliance Journey at Trinity Industries as a resource for this project. Companies today must ensure that operational processes are performing efficiently and effectively in compliance with current regulations. Accountants must adhere to domestic standards set by organizations—such as the Public Company Accounting Oversight Board and the Financial Accounting and Standards Board—as well as global standards, such as the International Financial Reporting Standards, requiring appropriate implementation and assessment of internal controls. Whether developing appropriate processes internally or preparing substantive testing, external auditors must be able to quickly and completely assess the financial processes, determine weaknesses, and provide recommendations for improvement. The ability to transcribe formalized or narrative processes into functional workflows allows an auditor to identify potential gaps in accounting systems. These gaps can result in material audit findings necessitating changes in the company’s control structure. However, it is not only the process and flow of transactions that requires scrutiny. Companies evolve into sophisticated, computerized systems that require an in- depth understanding of administrative rights, electronic process flows, and end user reporting.
In this case study, you will apply all of these skills in developing recommendations for Trinity Industries. Though the Sarbanes–Oxley Act of 2002 (SOX) promulgated many internal control structure changes, the company is unsure as to whether they are applying too few or too many internal controls. Unnecessary controls place added burden on staff and cost the company thousands of dollars in monitoring and maintenance. Your role will be to provide an overview of the company and its market industry. From this you will formulate your processes into a comprehensive flowchart that will be used to identify gaps in processes and other threats to potential audit weaknesses. The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Two, Four, Six, and Seven. The final product will be submitted in Module Nine. In this assignment, you will demonstrate your mastery of the following course outcomes:
Transcribe formalized or verbal financial processes into both narrative and process flowcharts for identifying gaps resulting in potential material weaknesses
Summarize advantages and disadvantages of various accounting electronic data processing systems with respect to a specific industry’s needs
Perform substantive testing of accounting systems to ensure processes described by management are accurately reflected within system transactions
Formulate recommendations for improvements to financial processes based on outcomes of testing
Assess the effectiveness of companies’ internal control structures for producing accurate and reliable financial reports
Interpret standards as outlined in ISACA and the Public Company Accounting Oversight Board as they relate to compliance within specific industries
Prompt Your role will be to provide an overview of the company and its market industry. From this, you will formulate your processes into a comprehensive flowchart that will be used to identify gaps in processes and other threats to potential audit weaknesses. By understanding the industry, you will gain valuable insight into the appropriate software systems that will provide industry-specific needs and financial reporting by comparing and contrasting current electronic data processing (EDP) systems with those in the marketplace. By performing substantive testing, you will audit the transaction flow and determine whether financial information is accurately reflected in the system transactions. This will allow for an assessment and recommendation as to the effectiveness of the company’s internal control processes, including changes in transaction processing if necessary. Finally, through interpretation of current audit and internal control standards, you will determine whether Trinity is in compliance within the industry standards and aligned functionally with both efficiency and effectiveness of controls. Specifically, the following critical elements must be addressed:
I. Overview To adequately prepare for the following questions, you will need to prepare an overview/assessment of Trinity Industries, including background, key market demographics, financial position, and governance policies. You are required to address the following seven subjects:
a) Overview of the organization b) Size of the organization c) Sector/industry (along with three other companies that would be comparable) d) Structure/line of businesses e) Organizational structure (organization chart) f) Yearly performance in terms of revenue (as compared with the three other companies identified) g) Management and culture (i.e., how long has key staff been employed, stability of the company over the history, growth in industry)
II. First Year of SOX Compliance a) The vice president (VP) and chief audit executive described the company as a likely candidate for a material weakness in the first year of SOX
compliance. What were the elements critical to the company’s decisive success in its first year of compliance? b) What internal controls are important for preparing accurate and reliable financial reports? Support your response using both examples provided
in the case study, as well as research into accounting standards (i.e., Public Company Accounting Oversight Board [PCAOB]). c) Define, using support from accounting standards or other empirical evidence, what a material weakness is in terms of SOX compliance. d) Assess, through reflection on the case study as well as the comparable industries identified in the overview, what material weaknesses are
specific to Trinity. e) Articulate standards addressed in PCAOB regarding the concept of material weaknesses in development of internal control compliance. Ensure
that you demonstrate the requirements of SOX from inception in 2002. f) Describe the factors that made Trinity successful by illustrating the flow processes of the organization both in a narrative and process flowchart.
III. Bottom-Up Approach
a) What were the strengths and weaknesses of Trinity’s practice-based bottom-up approach? How effective was it? b) What would you recommend it should have done differently in Year 1? Defend your response. c) Compare and contrast the strengths and weaknesses of a bottom-up versus a top-down risk approach to compliance. d) Which approach is more appropriate in completing a compliance project successfully for Trinity’s first year? e) How does each approach affect a company’s internal control structure? f) Identify the chief insights from the pilot project. How does the pilot project for the EDP system compare to SOX requirements? g) Identify the testing processes Trinity performed and whether Trinity took the appropriate approach in designing their controls. h) Based on the substantive tests, which testing process proved to be most useful in assessing Trinity’s accounting system? i) Compose a short memorandum that communicates the results of the first year of testing along with recommendations as to what Trinity should
do differently in subsequent years.
IV. SOX-Related Expenses a) Formulate recommendations for how Trinity could further reduce SOX-related expenses in 2008. Be sure to consider the barriers the company
may encounter with each of your recommendations. b) What are the major sources of cost in Trinity’s compliance maintenance and testing? c) Rank each of the major sources of cost in terms of value. d) Compare the choice of Oracle as the selected software system against two other systems of comparable size and scope. Evaluate each software
system’s advantages and disadvantages. e) If you determine that another software system would have been a better choice through your analysis, defend the decision. If Oracle is the
choice after analysis, defend that decision.
V. IFRS a) What are the implications of a change in accounting standards? For example, what kinds of changes to data calculation and information reporting
are likely to occur with a transition to a new standard? b) What changes will be required for Trinity to improve internal control compliance? c) What standards will affect Trinity as a result of IFRS? d) Discuss each infrastructure’s role is in supporting a compliance project like IFRS:
1. What constitutes Trinity’s governance infrastructure? 2. What constitutes Trinity’s IT infrastructure? 3. What constitutes Trinity’s process infrastructure?
Milestones
Milestone One: Company Overview Report (Section I) In Module Two, you will submit an overview of Trinity Industries. Provide an overview of the company and its market industry. Include background, key market demographics, financial position, and governance policies in your company overview. By understanding the industry, you will gain valuable insight into the appropriate software systems that will provide industry-specific needs and financial reporting necessary. This milestone will be graded with the Milestone One Rubric. Milestone Two: First Year of SOX Compliance (Section II) In Module Four, you will submit an analysis of Trinity Industries’ first year of SOX compliance. The VP and chief audit executive described the company as a likely candidate for a material weakness in the first year of SOX compliance. What were the elements critical to the company’s decisive success in its first year of compliance? Define a material weakness and explain the material weaknesses that are specific to Trinity. Describe the factors that made Trinity a success by illustrating the flow processes of the organization both in a narrative and process flowchart. This flowchart will be used to identify gaps and other threats to potential audit weaknesses. This milestone will be graded with the Milestone Two Rubric. Milestone Three: Comparative Systems Report (Sections III and IV) In Module Six, you will submit a draft of your comparative systems report. Compare and contrast current EDP systems used by Trinity Industries with those in the marketplace. Using substantive testing, audit the transaction flow and determine whether financial information is accurately reflected in the system transactions. This will allow for an assessment and recommendation as to the effectiveness of the company’s internal control processes, including changes in transaction processing if necessary. Compose a short memorandum that communicates the results of the first year of testing along with recommendations as to what Trinity should do differently in subsequent years, including recommendations for reducing SOX-related expenses. This milestone will be graded with the Milestone Three Rubric.
Milestone Four: IFRS Report (Section V) In Module Seven, you will submit a draft of your IFRS report. You will determine whether Trinity is in compliance within the industry standards and aligned functionally with both efficiency and effectiveness of controls through the use of current audit and internal control standards. State all assumptions and conclusions. This milestone will be graded with the Milestone Four Rubric. Final Submission: Case Study Analysis In Module Nine, you will submit your case study analysis. It should be a complete, polished artifact containing all of the main elements of the final product. It should reflect the incorporation of feedback gained throughout the course. This submission will be graded using the Final Project Rubric.
Deliverables
Milestone Deliverable Module Due Grading
One Company Overview Report (Section I) Two Graded separately; Milestone One Rubric
Two First Year of SOX Compliance (Section II) Four Graded separately; Milestone Two Rubric
Three Comparative Systems Report (Sections III and IV)
Six Graded separately; Milestone Three Rubric
Four IFRS Report (Section V) Seven Graded separately; Milestone Four Rubric
Final Submission: Case Study Analysis Nine Graded separately; Final Project Rubric
Final Project Rubric Guidelines for Submission: Your case study analysis (including flowcharts and memo) should be 10–12 pages, double-spaced, with one-inch margins, 12-point Times New Roman font, and APA format.
Critical Elements Exemplary Proficient Needs Improvement Not Evident Value
Overview Meets “Proficient” criteria and uses industry-specific language to establish expertise (100%)
Prepares a comprehensive overview (90%)
Prepares an overview but overview is cursory or lacks detail (70%)
Does not prepare an overview (0%)
5
First Year of SOX Compliance: Success
Meets “Proficient” criteria and determination is well-supported with concrete examples (100%)
Accurately determines elements critical to the company’s success in its first year of compliance (90%)
Determines elements critical to the company’s success in its first year of compliance but determination contains inaccuracies (70%)
Does not determine elements critical to the company’s success in its first year of compliance (0%)
5
First Year of SOX Compliance: Internal
Controls
Meets “Proficient” criteria and uses industry-specific language to establish expertise (100%)
Discusses which internal controls are important for preparing financial reports and supports response with examples from the case study and research into PCAOB (90%)
Discusses which internal controls are important for preparing financial reports and supports response with examples from the case study and research into PCAOB but support is weak, illogical, or does not use further research (70%)
Does not discuss which internal controls are important for preparing financial reports (0%)
5
First Year of SOX Compliance: Material
Weakness
Meets “Proficient” criteria and definition is exceptionally clear and contextualized (100%)
Defines what a material weakness is in terms of SOX compliance using support from accounting standards or other empirical evidence (90%)
Defines what a material weakness is in terms of SOX compliance using support from accounting standards or other empirical evidence but support is weak (70%)
Does not define what a material weakness is in terms of SOX compliance using support (0%)
3
First Year of SOX Compliance: Specific
Meets “Proficient” criteria and shows keen insight into the types of material weaknesses (100%)
Assesses which material weaknesses are specific to the company through a reflection on the case study and comparable industries identified in the overview (90%)
Assesses which material weaknesses are specific to the company through a reflection on the case study and comparable industries identified in the overview but assessment is cursory or contains inaccuracies (70%)
Does not assess which material weaknesses are specific to the company (0%)
5
First Year of SOX Compliance: PCAOB
Meets “Proficient” criteria and shows keen insight into SOX requirements (100%)
Articulates standards addressed in PCAOB regarding the concept of material weaknesses in development of internal control compliance and ensures demonstration of the requirements of SOX from inception in 2002 (90%)
Articulates standards addressed in PCAOB regarding the concept of material weaknesses in development of internal control compliance but does not ensure demonstration of the requirements of SOX from inception in 2002 (70%)
Does not articulate standards addressed in PCAOB regarding the concept of material weaknesses in development of internal control compliance (0%)
3
First Year of SOX Compliance: Factors
Meets “Proficient” criteria and both artifacts are exceptionally clear and contextualized (100%)
Describes the factors that made Trinity successful by illustrating the flow processes of the organization both in a narrative and process flowchart (90%)
Describes the factors that made Trinity successful by illustrating the flow processes of the organization both in a narrative and process flowchart but one or both lack detail or contain inaccuracies (70%)
Does not describe the factors that made Trinity successful (0%)
5
Bottom-Up Approach: Strengths and Weaknesses
Meets “Proficient” criteria and determination is well-supported with concrete examples (100%)
Determines the strengths and weaknesses of the bottom-up approach and its effectiveness (90%)
Determines the strengths and weaknesses of the bottom-up approach and its effectiveness but determination is cursory or contains inaccuracies (70%)
Does not determine the strengths and weaknesses of the bottom-up approach (0%)
5
Bottom-Up Approach: Recommend
Meets “Proficient” criteria and recommendation uses industry- specific language to establish expertise (100%)
Formulates a recommendation concerning what the company should have done differently in Year 1 and defends response (90%)
Formulates a recommendation concerning what the company should have done differently in Year 1 but does not defend response or defense is weak or illogical (70%)
Does not formulate a recommendation concerning what the company should have done differently in Year 1 (0%)
3
Bottom-Up Approach: Top-Down
Meets “Proficient” criteria and demonstrates a nuanced understanding of the differences between the two approaches (100%)
Compares and contrasts the strengths and weaknesses of a bottom-up versus a top-down risk approach to compliance (90%)
Compares and contrasts the strengths and weaknesses of a bottom-up versus a top-down risk approach to compliance but with gaps in accuracy or detail (70%)
Does not compare and contrast the strengths and weaknesses of a bottom-up versus a top- down risk approach to compliance (0%)
3
Bottom-Up Approach: Compliance Project
Meets “Proficient” criteria and determination is well-supported with concrete examples (100%)
Accurately determines which approach is more appropriate in completing a compliance project successfully for Trinity’s first year (90%)
Determines which approach is more appropriate in completing a compliance project successfully for Trinity’s first year but is inaccurate in determination (70%)
Does not determine which approach is more appropriate in completing a compliance project successfully for Trinity’s first year (0%)
3
Bottom-Up Approach: Internal Control
Structure
Meets “Proficient” criteria and demonstrates a nuanced understanding of internal control structures (100%)
Accurately assesses how each approach affects a company’s internal control structure (90%)
Assesses how each approach affects a company’s internal control structure but assessment is cursory or contains inaccuracies (70%)
Does not assess how each approach affects a company’s internal control structure (0%)
5
Bottom-Up Approach: Chief Insights
Meets “Proficient” criteria and demonstrates a nuanced understanding of SOX requirements (100%)
Identifies the chief insights from the EDP system’s pilot project and how the project compares to SOX requirements (90%)
Identifies the chief insights from the EDP system’s pilot project but does not identify how the project compares to SOX requirements or identification is incorrect (70%)
Does not identify the chief insights from the pilot project (0%)
3
Bottom-Up Approach: Testing Processes
Meets “Proficient” criteria and supports claims with examples (100%)
Identifies the testing processes Trinity performed and whether Trinity took the appropriate approach in designing their controls (90%)
Identifies the testing processes Trinity performed but does not identify whether Trinity took the appropriate approach in designing their controls or testing processes identified are inaccurate (70%)
Does not identify the testing processes Trinity performed (0%)
5
Bottom-Up Approach: Most Useful
Meets “Proficient” criteria and provides relevant examples (100%)
Determines the most useful testing process based on the substantive tests (90%)
Determines the most useful testing process but does not base determination on the substantive tests (70%)
Does not determine the most useful testing process (0%)
5
Bottom-Up Approach: Results and
Recommendations
Meets “Proficient” criteria and uses industry-specific language to establish expertise (100%)
Composes a memo that communicates the results for the first year and includes recommendations (90%)
Composes a memo that communicates the results for the first year and includes recommendations but memo is cursory or lacks detail (70%)
Does not compose a memo (0%)
3
SOX-Related Expenses: Further
Reduce
Meets “Proficient” criteria and shows keen insight into potential barriers related to SOX (100%)
Formulates recommendations for how Trinity could further reduce SOX-related expenses in 2008 and considers the barriers they may encounter (90%)
Formulates recommendations for how Trinity could further reduce SOX-related expenses in 2008 but does not consider the barriers they may encounter or recommendations are illogical (70%)
Does not formulate recommendations for how Trinity could further reduce SOX-related expenses in 2008 (0%)
3
SOX-Related Expenses: Major Sources of Cost
Determines the major sources of cost in Trinity’s compliance maintenance and testing (100%)
Determines the major sources of cost in Trinity’s compliance maintenance and testing but determination contains inaccuracies (70%)
Does not determine the major sources of cost in Trinity’s compliance maintenance and testing (0%)
5
SOX-Related Expenses: Rank
Accurately ranks each of the major sources of cost in terms of value (100%)
Ranks each of the major sources of cost in terms of value but contains inaccuracies (70%)
Does not rank each of the major sources of cost in terms of value (0%)
3
SOX-Related Expenses: Software
System
Meets “Proficient” criteria and shows a nuanced understanding of the various types of software systems available (100%)
Compares Oracle as the selected software system against two other systems by evaluating each system’s advantages and disadvantages (90%)
Compares Oracle as the selected software system against two other systems by evaluating each system’s advantages and disadvantages but evaluation is cursory or contains inaccuracies (70%)
Does not compare Oracle as the selected software system against two other systems (0%)
3
SOX-Related Expenses: Defense
Meets “Proficient” criteria and provides relevant examples to support decision (100%)
Defends the decision of the software choice based on the analysis (90%)
Defends the decision of the software choice but does not base defense on the analysis (70%)
Does not defend the decision of the software choice (0%)
3
IFRS: Change
Meets “Proficient” criteria and is well-supported with concrete examples (100%)
Discusses the implications of a change in accounting standards (90%)
Discusses the implications of a change in accounting standards but discussion is cursory or contains inaccuracies (70%)
Does not discuss the implications of a change in accounting standards (0%)
3
IFRS: Improve
Meets “Proficient” criteria and provides relevant examples to support determination (100%)
Determines changes required to improve internal control compliance (90%)
Determines changes required to improve internal control compliance but determination is cursory or contains inaccuracies (70%)
Does not determine changes required to improve internal control compliance (0%)
3
IFRS: Standards
Meets “Proficient” criteria and provides relevant examples to support determination (100%)
Determines which standards will affect Trinity as a result of IFRS (90%)
Determines which standards will affect Trinity as a result of IFRS but determination is cursory or contains inaccuracies (70%)
Does not determine which standards will affect Trinity as a result of IFRS (0%)
3
IFRS: Role
Meets “Proficient” criteria and uses industry-specific language to establish expertise (100%)
Discusses the role of the three groups in supporting a compliance project like IFRS (90%)
Discusses the role of the three groups in supporting a compliance project like IFRS but discussion is cursory, contains inaccuracies, or does not discuss all three groups (70%)
Does not discuss the role of the three groups in supporting a compliance project like IFRS (0%)
3
Articulation of Response
Submission is free of errors related to citations, grammar, spelling, syntax, and organization and is presented in a professional and easy-to-read format (100%)
Submission has no major errors related to citations, grammar, spelling, syntax, or organization (90%)
Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas (70%)
Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent understanding of ideas (0%)
5
Earned Total 100%