Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda  Sarbanes Oxley Act  Where to Begin  Creating the Risk Library  Assessments / Audits  Signing Officer  Business Process Owners  Documenting.

Published byLorena Warren Modified over 8 years ago

Similar presentations

Presentation on theme: "Agenda  Sarbanes Oxley Act  Where to Begin  Creating the Risk Library  Assessments / Audits  Signing Officer  Business Process Owners  Documenting."— Presentation transcript:

1

2 Agenda  Sarbanes Oxley Act  Where to Begin  Creating the Risk Library  Assessments / Audits  Signing Officer  Business Process Owners  Documenting Procedures  Q & A

3 Sarbanes-Oxley Act A Response to the Deterioration in Public Confidence

4 Sarbanes Oxley Act Highlights  Section 103: Your auditor must (and therefore, you should) maintain all audit-related records, including electronic ones, for seven years. Effective now.  Section 201: Firms that audit your company’s books can no longer provide you with IT- related services. Effective now.  Section 301: You must provide systems or procedures that let whistle-blowers communicate confidentially with company’s audit committee. No effective date.  Section 302: Your CEO and CFO must sign statements verifying the completeness and accuracy of financials reports. Effective now.  Section 404: CEO’s, CFO’s and outside auditors must attest to the effectiveness of internal controls for financial reporting. Effective now.  Section 409: Companies must report material changes in their financial conditions “on a rapid and current basis.” The act calls it “real-time disclosure” but doesn’t define what that means. No date set. Computerworld, April 14, 2003

5 You must ensure internal controls over your financial reporting. Sections 302 and 404 of Sarbanes Oxley The Act states…

6 You must be able to attest to…  The Processes affecting values in accounts,  which are exposed to Risks,  which are mitigated by Controls,  which are verified by Audit Procedures.

7 Internal Control Testing Where to Start

8 Setting Up Internal Controls Review and Update Procedures -Business Process Owners Identify and Organize Processes -Internal Audit/Risk Assurance Partner Identify Risks & Controls for Processes -Internal Audit/Risk Assurance Partner Create Risks & Controls Library -Risk Assurance Partner Upload Risks & Controls Library -Risk Assurance Partner Identify Controls within your system -Internal Audit/Risk Assurance Partner Link Risks to Controls -Internal Audit/Risk Assurance Partner Link Key Controls to Audit Procedures -Internal Audit/Risk Assurance Partner Link Processes to Key Accounts -Internal Audit/Risk Assurance Partner

9 Risk & Control Library DEMO

10 Testing Internal Controls Begin Assessment Process -CFO Create Surveys -Internal Audit Distribute Surveys -Internal Audit Review Survey Results -Internal Audit Create Assessment and Link Survey to Assessment -Internal Audit Based on Results, Choose Where to Audit -Internal Audit Execute Audit Procedures -Internal Audit Review Processes, Risks & Controls -Internal Audit Make Recommendations & Issue Audit Opinions -Internal Audit

11 Assessment / Audit DEMO

12 Signing Officer DEMO

13 Business Process Owner DEMO

14 You must ensure internal controls over your financial reporting. Sections 302 and 404 of Sarbanes Oxley The Act states…

15 You must be able to attest to…  The Processes affecting values in accounts,  which are exposed to Risks,  which are mitigated by Controls,  which are verified by Audit Procedures.

16

17 ICM / Tutor Business Process Risks Controls TUTOR

18 Do You Want to:  Comply with Corporate Governance regulations by having documented business policies and procedures?  Achieve success through user acceptance of business process and technology changes?  Reduce time spent documenting implementation decisions?  Easily create and maintain all documentation and training material?  Reduce training costs (development, travel, time away)?  Regularly deploy role specific, accurate, up-to-date, procedure manuals?  Modify Oracle eBusiness Suite online help?  Provide employees documentation on an as needed basis; improve employee performance?  Train employees based on their role in the organization?  Manage change within the organization?  Leverage documentation and training resources across the organization?

19 Oracle Tutor - How it works Tutor Tools AUTHORAUTHOR PUBLISHERPUBLISHER Apps Help Printed/PDF Student & Instructor Guides Online Help & Reference Materials Online and Printed Desk Manuals Owners Manuals and Reports Content Repository Procedure Documents (MS-Word) Online Help Courseware (MS-PowerPoint) Methodology

20 Tutor Demo Let’s Take a Closer Look

21 Customer’s:  Uses –US Department of TransportationUS Department of Transportation –University of VirginiaUniversity of Virginia –US Army Corps of EngineersUS Army Corps of Engineers –San Francisco State UniversitySan Francisco State University  Testimony –MedelaMedela  Articles –MotorolaMotorola –ETECETEC

22

23 ICM / Tutor Business Process Risks Controls TUTOR

24 Oracle Tutor  Mature Product  250 + Pre-built business process –Arthur Andersen Study  10 – 12 man hr’s create a procedure  2 - 4 man hr’s to modify an existing procedure ------------ 8 man hr’s time savings per process  Integration  Update to Procedure, automatically updates all other procedures that reference it  Not just for Process Documentation

25 Why Oracle?  Our solution addresses all needs, not just documentation of processes or entering testing results  Uses the business processes that you create or can be modeled from the applications  Leverage your existing information and environment, especially in your GL which directly relates to your financial reporting  Uses powerful Workflow engine to enforce controls and automate what can be automated (reminders, notifications, etc)  Tutor offers delivered content for documentation, desk manuals, and training materials

26 You must ensure internal controls over your financial reporting. Sections 302 and 404 of Sarbanes Oxley The Act states…

27 Q & A

28 Audit Projects

29 Audit Scope

30 Audit Tasks

31 Controls that are being audited

32 Risks that are being audited

33 Findings

34 Certification Status

35 Certification tied to Financial items

36 Business Process Owner View

37

38 Business Process View-issues

Download ppt "Agenda  Sarbanes Oxley Act  Where to Begin  Creating the Risk Library  Assessments / Audits  Signing Officer  Business Process Owners  Documenting."

Similar presentations

Audit Considerations for your 11i implementation Richard Byrom Oracle Applications Consultant UKOUG November 2004.

Audit Considerations for your 11i implementation Richard Byrom Oracle Applications Consultant UKOUG November 2004.
The Electronic Office Some supplementary information Corporate websites Office automation Company intranet.

The Electronic Office Some supplementary information Corporate websites Office automation Company intranet.
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
This presentation contains forward-looking statements. Because such statements deal with future events and are based on KCS’s current expectations, they.

This presentation contains forward-looking statements. Because such statements deal with future events and are based on KCS’s current expectations, they.
IT Governance Infocom India Presentation December 6, 2006.

IT Governance Infocom India Presentation December 6, 2006.
Meeting with IESBA CPAB Update Glenn Fagan and Kam Grewal April 7, 2014.

Meeting with IESBA CPAB Update Glenn Fagan and Kam Grewal April 7, 2014.
IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context
How a Large Company Used the Principles to Establish its Corporate Information Governance Robin Woolen, MBA, IGP President / Principal.

How a Large Company Used the Principles to Establish its Corporate Information Governance Robin Woolen, MBA, IGP President / Principal.
GRC SUMMIT 2013 Apr 30 - May 1, 2013 | Mandarin Oriental, Las Vegas, NV © MetricStream, Inc. |All Rights Reserved ENGAGE | INSPIRE | TRANSFORM GRC SUMMIT.

GRC SUMMIT 2013 Apr 30 - May 1, 2013 | Mandarin Oriental, Las Vegas, NV © MetricStream, Inc. |All Rights Reserved ENGAGE | INSPIRE | TRANSFORM GRC SUMMIT.
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, 2002. Established.

Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
Finance at Microsoft.

Finance at Microsoft.
Experience, Technology and Focus in Mid Market CRM Soffront Asset management: An Overview.

Experience, Technology and Focus in Mid Market CRM Soffront Asset management: An Overview.
1 Archive Access Audit Keys to Effective Compliance Lifecycle Management.

1 Archive Access Audit Keys to Effective Compliance Lifecycle Management.
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Seminar in Accounting & Society SOX – Section 404 April 23, 2008.

Seminar in Accounting & Society SOX – Section 404 April 23, 2008.
Under the Microscope Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke Internal Control.

Under the Microscope Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke Internal Control.
Time System What is this all about? The purpose of this project is to automate how Evergreen collects, records and manages employees’ dates and times worked.

Time System What is this all about? The purpose of this project is to automate how Evergreen collects, records and manages employees’ dates and times worked.
COMPLYING WITH SARBANES- OXLEY SECTION 404: MANAGEMENT’S ASSESSMENT OF THE ACTUARIAL CONTROL ENVIRONMENT Brian Reilly, Senior Vice President & Chief Auditor.

COMPLYING WITH SARBANES- OXLEY SECTION 404: MANAGEMENT’S ASSESSMENT OF THE ACTUARIAL CONTROL ENVIRONMENT Brian Reilly, Senior Vice President & Chief Auditor.
Audit considerations for your 11i implementation Richard Byrom Oracle Applications Consultant EOUG October 2003.

Audit considerations for your 11i implementation Richard Byrom Oracle Applications Consultant EOUG October 2003.

Similar presentations

Ads by Google