Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sarbanes-Oxley Compliance Process Automation

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Sarbanes-Oxley Compliance Process Automation"— Presentation transcript:

0 Introduction by Compliancy Software
This is a presentation delivered by Scott Rogers, Director of Internal Audit for PPD at the IT Compliancy Institute conference on Risk Management and Compliance on May 4, 2007 in Washington, DC. In this session, Scott is addressing how PPD solved the challenges of complying with Sarbanes-Oxley. The automation components referred to in this presentation were accomplished with the Compliancy Software solution. Software Transform risk management and compliance into business value IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

1 Sarbanes-Oxley Compliance Process Automation
Presentation Title Sarbanes-Oxley Compliance Process Automation Scott Rogers Director of Internal Audit Pharmaceutical Product Development

2 Agenda Background SOX Overview and Challenges SOX and the IT Function
Presentation Title Background SOX Overview and Challenges The Rules The Scope and Purpose The End Product The Challenges SOX and the IT Function What is ITGC? Using IT to Automate Controls. Automation of the SOX Compliance Process Group Discussion and Questions IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

3 Background Scott Rogers, CPA, Director of Internal Audit
Presentation Title Scott Rogers, CPA, Director of Internal Audit Responsible for the Global Sarbanes-Oxley Compliance Process Pharmaceutical Product Development, Inc. Contract Research Organization, Phase I-IV Development Services HQ in Wilmington, NC $1.3B Revenue $1.4B Market Cap 10,000 Employees in 28 Countries IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

4 Background The SOX Landscape: HQ in Wilmington, NC
Presentation Title The SOX Landscape: HQ in Wilmington, NC 12 SOX Geographic Locations Throughout Americas 55 Significant Processes Approximately 500 Key Control Procedures 35 Process Owners 10 Internal Auditors, Globally Initially the documentation was completely paper based (i.e. Access, Word, Excel, etc.). In 2006 we transitioned to a Professional System to manage the Risk Assessment, Process Documentation, Issues Management, Certification and Testwork processes. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

5 Mix of Controls ITGC Entity Level Financial Presentation Title
IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

6 SOX Overview The Rules The Scope and Purpose The End Product
The Challenges IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

7 SOX Overview – The Rules
Presentation Title PCAOB Established by Congress. Established to Provide Oversight to the Public Accounting Industry. For Lack of Other Guidance, Management’s Compliance Program Has Been Designed to Comply with PCAOB Standards. Your External Auditor Has a Significant Influence on Management’s Compliance Program. New Rules are Coming Soon! PCAOB Is Issuing a Standard for External Auditors. SEC Will Issue a Standard for Management To Follow How are the New Rules Different? IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

8 SOX Overview – Scope and Purpose
Presentation Title Any Process, System, Transaction or Communication that could potentially have a Significant effect on the Accuracy of the Financial Statements. Fraud - The Existence of Fraud Must Be Considered and Evaluated Throughout the Process. Entity Level Controls. IT General Controls. IT Application Controls. The Sole Purpose Is To Ensure That Financial Statements are Accurately Reported. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

9 SOX Overview – The End Product
Presentation Title QUARTERLY CEO and CFO Must Personally Sign a Public Statement which states that the Internal Control Structure is Appropriately Working ANNUALY Two Separate Audit Opinions From the External Auditor Opinion on the Design of the Internal Control Structure Opinion on the Quality of Management’s Compliance Process Audit Opinion From Management IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

10 SOX Overview – The Challenges
Presentation Title Maintaining a Real Time Risk Assessment and Understanding of the Entity Level, Financial and IT General Control Processes. Empowering Process Owners to Take Ownership in the Risk Assessment and Enforcement of Control Processes. Dealing With Change in Transactions, Human Resources, Systems and Rules. Tracking and Reporting Design and Operation Internal Control Issues. External Auditor’s Concurrent Review of the Process. Involvement of a Large Cross Functional Group of People, Systems and Processes. Audit Evidence of Control Performance and Effectiveness. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

11 What are auditors looking for?
EVIDENCE Verbal Inquiry, alone, generally does not constitute audit evidence. Verbal inquiry, alone, does NOT constitute audit evidence. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

12 SOX and the IT Function What is ITGC? Using IT to Automate Controls.
IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

13 SOX and the IT Function – What Is ITGC?
Presentation Title Information Technology General Controls (“ITGC”) How Does ITGC Effect the Financial Statements? Change Control Logical Access IT Infrastructure – Networks, Data Centers, Underlying Data Structures, Physical Assets Segregation of Duties Centralization and Consistency Will Make ITGC Easier. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

14 SOX and the IT Function – Using IT To Automate Controls
Presentation Title Any IT Application’s Functionality That Helps Ensure Accuracy and Integrity of Financial Data Can Be Relied Upon as a Control. The Testing Frequency of Programmed Controls Can Be Significantly Less Than Manual Controls. Application Development Should Include Your Company’s Internal Controls Experts. They and IT Can Work to Build, Identify and Rely on Programmed Controls. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

15 Automation of the Processes
Risk Assessment Testing Planning and Management Reporting IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

16 Automation - Risk Assessment
Presentation Title Management Certification Process Quarterly Management is Required to Certify That the Business and Control Processes Have Not Significantly Changed. Utilized a Customized Workflow to Deliver the Data to Management. Management’s Review is Scalable to Their Needs Allowing For Many Different Levels of Review. Utilized to Identify Changes and Enhance Our Understanding of the Processes. Helps Drive Management to “Own” the Processes. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

17 Automation - Risk Assessment (cont)
Presentation Title Other Risk Assessment Activities Status and Effectiveness of Controls is Automatically Linked to Testing and Issues Processes. Automated Issues Workflows Ensure Management Knows Where They Have Remediation To Perform. Change Control Provides External Auditors With a Clear and Ongoing Map From One Period to the Next. Maintaining an Ongoing List of Design Issues. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

18 Automation – Audit Testing
Presentation Title Design and configuration. Scheduling – Allows Creativity and Flexibility in the Nature, Timing and Frequency of Tests. Change Control Over the Test Strategies. Utilizes Workflow to Pass the Test to the Planner, Performer, Reviewer and File Preparation Steps. Electronic Work Papers and Audit Evidence. Sample Selection Processes Portals for Auditor / Management Communication and Data Transfer Automatic Selection of Samples IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

19 Automation – Planning and Management
Presentation Title Scheduling the Planning Related Activities and Communications. Scheduling the Key Communication and Reporting Dates. Portal For Capturing Auditor’s Time Spent on Tests. Maintaining the Global Scheduling, Time Analysis and Efficiency Metric Analyses. Portal for Capturing Auditor’s Recommendations and Design Issues Noted. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

20 Automation - Reporting
Presentation Title Comprehensive Listing of Issues with Status. Reporting of Delinquent Certifications. Reporting of Delinquent Test Areas. Dashboard Status Views of All Processes. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

21 Summary Presentation Title SOX Is A Broad, Complicated and Changing Process Driving the Need For Process Automation. Process Automation Can Be Found In The Following: Risk Assessment Testing Planning and Management Reporting Develop Strong Relationships With Internal Control Experts In Your Company to Help: Ensure ITGC Is Appropriately Designed. Ensure Programmed Controls Are Identified and Utilized. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

22 Questions and Discussion
Presentation Title Questions and Discussion IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

23 Please Complete Your Session Evaluation
Presentation Title Contact Information Scott Rogers PPD Please Complete Your Session Evaluation

24 For More Information about Compliancy Software
Please visit our website at Or Call us at us at Software Transform risk management and compliance into business value IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Download ppt "Sarbanes-Oxley Compliance Process Automation"

Similar presentations

Professional Services Overview

Professional Services Overview
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.

VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Internal Audit Awareness

Internal Audit Awareness
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy Corporation.

Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy Corporation.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Finance at Microsoft.

Finance at Microsoft.
The Islamic University of Gaza

The Islamic University of Gaza
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Seminar in Accounting & Society SOX – Section 404 April 23, 2008.

Seminar in Accounting & Society SOX – Section 404 April 23, 2008.
ProCognis SOX 404 & COSO Implementation Presentation

ProCognis SOX 404 & COSO Implementation Presentation
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Similar presentations

Ads by Google