Agenda  Sarbanes Oxley Act  Where to Begin  Creating the Risk Library  Assessments / Audits  Signing Officer  Business Process Owners  Documenting.

Slides:

Advertisements

Similar presentations

Audit Considerations for your 11i implementation Richard Byrom Oracle Applications Consultant UKOUG November 2004.

Advertisements

The Electronic Office Some supplementary information Corporate websites Office automation Company intranet.

Alignment of COBIT to Botswana IT Audit Methodology

This presentation contains forward-looking statements. Because such statements deal with future events and are based on KCS’s current expectations, they.

IT Governance Infocom India Presentation December 6, 2006.

Meeting with IESBA CPAB Update Glenn Fagan and Kam Grewal April 7, 2014.

IS3350 Security Issues in Legal Context

How a Large Company Used the Principles to Establish its Corporate Information Governance Robin Woolen, MBA, IGP President / Principal.

GRC SUMMIT 2013 Apr 30 - May 1, 2013 | Mandarin Oriental, Las Vegas, NV © MetricStream, Inc. |All Rights Reserved ENGAGE | INSPIRE | TRANSFORM GRC SUMMIT.

Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.

Finance at Microsoft.

Experience, Technology and Focus in Mid Market CRM Soffront Asset management: An Overview.

1 Archive Access Audit Keys to Effective Compliance Lifecycle Management.

Sarbanes-Oxley Compliance Process Automation

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:

Seminar in Accounting & Society SOX – Section 404 April 23, 2008.

Under the Microscope Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke Internal Control.

Time System What is this all about? The purpose of this project is to automate how Evergreen collects, records and manages employees’ dates and times worked.

COMPLYING WITH SARBANES- OXLEY SECTION 404: MANAGEMENT’S ASSESSMENT OF THE ACTUARIAL CONTROL ENVIRONMENT Brian Reilly, Senior Vice President & Chief Auditor.

Audit considerations for your 11i implementation Richard Byrom Oracle Applications Consultant EOUG October 2003.

MIS350 Accounting Information Systems Course Context.

Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

Centers for IBM e-Business Innovation :: Chicago © 2005 IBM Corporation IBM Project October 2005.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

1 What is Internal Audit’s Role in Management’s Assertion The Institute of Internal Auditors May 11, 2004 Xenia Ley Parker, CIA, CISA, CFSA Principal XLP.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

INTERNAL CONTROL OVER FINANCIAL REPORTING

® SOX Overview MTAC Meeting August 7, The Sarbanes-Oxley Act  Enacted in 2002 as a result of a series of large corporate financial scandals  Improves.

Erik Gellatly, JD Matrix Logic Corporation (415) x235 Achieving Sarbanes- Oxley Compliance with Hummingbird Solutions.

© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.

Internal Auditing and Outsourcing

Overview of Change Management ClearQuest Overview for CORUG January, 2008.

Tutor 11i Solutions For Adopting Oracle Applications Barbara Batson – Education Solution Consultant Janelle Diller – Apps Delivery Consultant & Readiness.

Oracle iLearning/Tutor Integration Jan  Oracle iLearning Overview  Oracle Tutor Overview  Benefits of integration  Manual integration process.

The Age of Compliance How Sarbanes-Oxley affects IT management.

Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.

Copyright © 2002 Open Applications Group, Inc. All rights reserved Project Definition Project name - RiskML Project Leader name – ? Date – 9/12/03.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.

Providing Best Practice Compliance Solutions for Employer Groups.

Corporate Governance: Good intentions are not enough Punitive consequences …personal liability, even for negligence.

INTERNAL CONTROL OVER FINANCIAL REPORTING

Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.

Chapter 5 Internal Control over Financial Reporting

Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.

Agency Risk Management & Internal Control Standards (ARMICS)

Scandals (in the public and private sector)  Enron  Worldcom  Livent  Nortel  HRDC  Sponsorship Scandal.

1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.

. Integrity  Innovative  Collaborative  Professional  Responsive  Respectful  Ethical  Transparent  Customer first!  Effective & efficient Building.

1 Sarbanes-Oxley Overview. 2 Sarbanes-Oxley Act Summary The Sarbanes-Oxley Act of 2002 §201Prohibited Non-Audit Services §202Audit Committee Pre-Approval.

Reactive Companies Meet Sarbanes-Oxley Standards, Proactive Organizations Exceed Them! Therron Hofsetz Logical Apps, Inc.

Fraud and corruption prevention on-line tools and techniques Dr Robert Lang Chief Executive Officer.

Chapter 9: Introduction to Internal Control Systems

Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.

Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.

Oracle’s EPM System and Strategy

Briefing to the Portfolio Committee on Rural Development and Land Reform (DRDLR) Audit outcomes of the DRDLR portfolio 2 February 2016.

Oracle Internal Controls Manager Krista Ladd. Silicon Image Confidential2 Silicon Image, Inc. Semiconductor company located in Sunnyvale – A leader in.

ISO :2015 Documentation kit for Accreditation of Certifying Body - by Global Manager Group

F8: Audit and Assurance. 2 Audit and Assurance Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B:

Shared Services and Third Party Assurance: Panel May 19, 2016.

© 2007 by Prentice HallManagement Information Systems, 10/e Raymond McLeod and George Schell 1 Information Auditing ► External auditors from outside the.

Maximise your Return on Implementation Investment with Oracle Tutor Richard Byrom Principal Consultant UKOUG October 2005.

Vertex & EnterpriseOne

Alignment of COBIT to Botswana IT Audit Methodology

Presentation transcript:

Agenda  Sarbanes Oxley Act  Where to Begin  Creating the Risk Library  Assessments / Audits  Signing Officer  Business Process Owners  Documenting Procedures  Q & A

Sarbanes-Oxley Act A Response to the Deterioration in Public Confidence

Sarbanes Oxley Act Highlights  Section 103: Your auditor must (and therefore, you should) maintain all audit-related records, including electronic ones, for seven years. Effective now.  Section 201: Firms that audit your company’s books can no longer provide you with IT- related services. Effective now.  Section 301: You must provide systems or procedures that let whistle-blowers communicate confidentially with company’s audit committee. No effective date.  Section 302: Your CEO and CFO must sign statements verifying the completeness and accuracy of financials reports. Effective now.  Section 404: CEO’s, CFO’s and outside auditors must attest to the effectiveness of internal controls for financial reporting. Effective now.  Section 409: Companies must report material changes in their financial conditions “on a rapid and current basis.” The act calls it “real-time disclosure” but doesn’t define what that means. No date set. Computerworld, April 14, 2003

You must ensure internal controls over your financial reporting. Sections 302 and 404 of Sarbanes Oxley The Act states…

You must be able to attest to…  The Processes affecting values in accounts,  which are exposed to Risks,  which are mitigated by Controls,  which are verified by Audit Procedures.

Internal Control Testing Where to Start

Setting Up Internal Controls Review and Update Procedures -Business Process Owners Identify and Organize Processes -Internal Audit/Risk Assurance Partner Identify Risks & Controls for Processes -Internal Audit/Risk Assurance Partner Create Risks & Controls Library -Risk Assurance Partner Upload Risks & Controls Library -Risk Assurance Partner Identify Controls within your system -Internal Audit/Risk Assurance Partner Link Risks to Controls -Internal Audit/Risk Assurance Partner Link Key Controls to Audit Procedures -Internal Audit/Risk Assurance Partner Link Processes to Key Accounts -Internal Audit/Risk Assurance Partner

Risk & Control Library DEMO

Testing Internal Controls Begin Assessment Process -CFO Create Surveys -Internal Audit Distribute Surveys -Internal Audit Review Survey Results -Internal Audit Create Assessment and Link Survey to Assessment -Internal Audit Based on Results, Choose Where to Audit -Internal Audit Execute Audit Procedures -Internal Audit Review Processes, Risks & Controls -Internal Audit Make Recommendations & Issue Audit Opinions -Internal Audit

Assessment / Audit DEMO

Signing Officer DEMO

Business Process Owner DEMO

You must ensure internal controls over your financial reporting. Sections 302 and 404 of Sarbanes Oxley The Act states…

You must be able to attest to…  The Processes affecting values in accounts,  which are exposed to Risks,  which are mitigated by Controls,  which are verified by Audit Procedures.

ICM / Tutor Business Process Risks Controls TUTOR

Do You Want to:  Comply with Corporate Governance regulations by having documented business policies and procedures?  Achieve success through user acceptance of business process and technology changes?  Reduce time spent documenting implementation decisions?  Easily create and maintain all documentation and training material?  Reduce training costs (development, travel, time away)?  Regularly deploy role specific, accurate, up-to-date, procedure manuals?  Modify Oracle eBusiness Suite online help?  Provide employees documentation on an as needed basis; improve employee performance?  Train employees based on their role in the organization?  Manage change within the organization?  Leverage documentation and training resources across the organization?

Oracle Tutor - How it works Tutor Tools AUTHORAUTHOR PUBLISHERPUBLISHER Apps Help Printed/PDF Student & Instructor Guides Online Help & Reference Materials Online and Printed Desk Manuals Owners Manuals and Reports Content Repository Procedure Documents (MS-Word) Online Help Courseware (MS-PowerPoint) Methodology

Tutor Demo Let’s Take a Closer Look

Customer’s:  Uses –US Department of TransportationUS Department of Transportation –University of VirginiaUniversity of Virginia –US Army Corps of EngineersUS Army Corps of Engineers –San Francisco State UniversitySan Francisco State University  Testimony –MedelaMedela  Articles –MotorolaMotorola –ETECETEC

ICM / Tutor Business Process Risks Controls TUTOR

Oracle Tutor  Mature Product  Pre-built business process –Arthur Andersen Study  10 – 12 man hr’s create a procedure  man hr’s to modify an existing procedure man hr’s time savings per process  Integration  Update to Procedure, automatically updates all other procedures that reference it  Not just for Process Documentation

Why Oracle?  Our solution addresses all needs, not just documentation of processes or entering testing results  Uses the business processes that you create or can be modeled from the applications  Leverage your existing information and environment, especially in your GL which directly relates to your financial reporting  Uses powerful Workflow engine to enforce controls and automate what can be automated (reminders, notifications, etc)  Tutor offers delivered content for documentation, desk manuals, and training materials

You must ensure internal controls over your financial reporting. Sections 302 and 404 of Sarbanes Oxley The Act states…

Q & A

Audit Projects

Audit Scope

Audit Tasks

Controls that are being audited

Risks that are being audited

Findings

Certification Status

Certification tied to Financial items

Business Process Owner View

Business Process View-issues