Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed.

Published byGerald Greer Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed."— Presentation transcript:

1 © 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed to any other third party. SOX & Information Technology

2 © 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed to any other third party. 2 SOX – IT Scoping In-scope business processes typically include the following: Entity Level Controls Equity Financial Close Fixed Assets Inventory Investment and Treasury Payroll Procure to Pay Revenue Tax *Start with the financials In-scope business processes support the line items in the financials (significant accounts) RCMs and business process maps created to document business processes, controls, and risks. The Bigger SOX Picture 2

3 © 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed to any other third party. Identify Sources of Data Spreadsheets Reports Systems (applications) Analyze Source Complexity Purpose Number of Users 3 SOX – IT Scoping

4 © 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed to any other third party. In-Scope Creates efficiencies Client must have or implement ITGCs around the system Process owners (and auditors) can rely on data generated by the system Out-of-Scope ITGCs not possible or challenging (Access databases) Process, financial accounts, and controls are still in-scope Process owners must perform data validation (EAE) and have a review control in place 4 SOX – IT Scoping

5 © 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed to any other third party. IT Linkage Example 5

6 © 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed to any other third party. 6 SOX – IT Scoping In-scope business processes typically include the following: Entity Level Controls Equity Financial Close Fixed Assets Inventory Investment and Treasury Payroll Procure to Pay Revenue Tax *Start with the financials In-scope business processes support the line items in the financials (significant accounts) RCMs and business process maps created to document business processes, controls, and risks. In-scope applications that support these in-scope business processes are identified IT General Controls (ITGCs) - pervasive IT controls that support these in- scope business processes and applications are identified and tested. Processes include: Change Management, Security, SDLC, Data Center, and Data Management IT Application Controls (ITACs) – system controls within the business process maps are identified and tested Spreadsheets relied upon or used within controls identified in the business processes are identified and tested. Reports relied upon or used within controls identified in the business processes are identified and tested. The Bigger SOX Picture 6

7 © 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed to any other third party. Logical Security New Hires/Terminations/Transfers Access Reviews Database / OS / Application Administrators Passwords Change Management Tested/Authorized/Approved Segregation of Duties Computer Operations Job Scheduling and Access (batch/backup jobs) Physical Security 7 SOX ITGC Testing

Download ppt "© 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed."

Similar presentations

All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.

All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.
Financial and Managerial Accounting

Financial and Managerial Accounting
Solutions Summit 2014 Corporate Rollout Jonathan Haynes, CPA, CGMA and Kelly Darren, CPA.

Solutions Summit 2014 Corporate Rollout Jonathan Haynes, CPA, CGMA and Kelly Darren, CPA.
Essential Standard 4.00 Understanding the role of finance in business. 1.

Essential Standard 4.00 Understanding the role of finance in business. 1.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.
McGraw-Hill/Irwin Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. 14-1 Chapter Fourteen: Financial Statement Analysis.

McGraw-Hill/Irwin Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved Chapter Fourteen: Financial Statement Analysis.
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.

OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 16-1.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved
Chapter 12 Review.

Chapter 12 Review.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Chapter 23: Statement of Cash Flows

Chapter 23: Statement of Cash Flows
Essential Standard 4.00 Understanding the role of finance in business. 1.

Essential Standard 4.00 Understanding the role of finance in business. 1.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
4.01 Understand financial planning..  Assets: what the company owns  Liabilities: what the company owes  Owner’s Equity: value of owner’s investment.

4.01 Understand financial planning..  Assets: what the company owns  Liabilities: what the company owes  Owner’s Equity: value of owner’s investment.
SAP An Introduction October 2012.

SAP An Introduction October 2012.
Payroll Accounting Section 11. Overview  Accounting Principles  Account Classifications  Account Balances  Journal Entries  Recording Payroll Transactions.

Payroll Accounting Section 11. Overview  Accounting Principles  Account Classifications  Account Balances  Journal Entries  Recording Payroll Transactions.
Chapter 13 Prepared by Richard J. Campbell Copyright 2011, Wiley and Sons Auditing Human Resources Processes: Personnel and Payroll in Service Industries.

Chapter 13 Prepared by Richard J. Campbell Copyright 2011, Wiley and Sons Auditing Human Resources Processes: Personnel and Payroll in Service Industries.
McGraw-Hill /Irwin© 2009 The McGraw-Hill Companies, Inc. THE STATEMENT OF CASH FLOWS REVISITED Chapter 21.

McGraw-Hill /Irwin© 2009 The McGraw-Hill Companies, Inc. THE STATEMENT OF CASH FLOWS REVISITED Chapter 21.

Similar presentations

Ads by Google