Sarbanes-Oxley Compliance Process Automation

Slides:



Advertisements
Similar presentations
Professional Services Overview
Advertisements

VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.
Chapter 10 Accounting Information Systems and Internal Controls
Internal Audit Awareness
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy Corporation.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Finance at Microsoft.
The Islamic University of Gaza
1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Seminar in Accounting & Society SOX – Section 404 April 23, 2008.
ProCognis SOX 404 & COSO Implementation Presentation
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Lecture 8 Understanding entity and its environment
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
INTERNAL CONTROL OVER FINANCIAL REPORTING
SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.
® SOX Overview MTAC Meeting August 7, The Sarbanes-Oxley Act  Enacted in 2002 as a result of a series of large corporate financial scandals  Improves.
Chicagoland IASA Spring Conference
Internal Auditing and Outsourcing
Auditing Internal Control over Financial Reporting
The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
PwC Internal Control Reports: Facts, Myths and Best Practices FIRMA National Risk Management Training Conference – San Francisco, CA Wednesday March 31,
Auditing Internal Control over Financial Reporting
New Auditing Standards Laurie Ball, CPA Swenson Advisors, LLP (Murrieta) Audit Director Accounting Day May 12, 2008.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Chapter 5 Internal Control over Financial Reporting
Page 1 Internal Audit Outsourcing The Moss Adams Approach to Internal Audit Outsourcing Proposed SOX 404 Changes.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
Chapter 8: Client Risk Profile and Documentation
Richard F. Chambers, CIA, CGAP Vice President, IIA Learning Center The Institute of Internal Auditors.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Agenda  Sarbanes Oxley Act  Where to Begin  Creating the Risk Library  Assessments / Audits  Signing Officer  Business Process Owners  Documenting.
© The McGraw-Hill Companies, Inc., 2008 McGraw-Hill/Irwin Principles of Accounting (Accounting 1 for BBA - Undergraduate) SBS Victor Yerris, PhD
1 Sarbanes-Oxley Overview. 2 Sarbanes-Oxley Act Summary The Sarbanes-Oxley Act of 2002 §201Prohibited Non-Audit Services §202Audit Committee Pre-Approval.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.
Reactive Companies Meet Sarbanes-Oxley Standards, Proactive Organizations Exceed Them! Therron Hofsetz Logical Apps, Inc.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
CHAPTER 5 INTERNAL CONTROL OVER FINANCIAL REPORTING.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
Changing IT Managing Networks in a New Reality Alex Bakman Founder and CEO Ecora Software.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
Internal and Governmental Financial Auditing and Operational Auditing
Value of internal auditing: Assurance, Insight, objectivity
OAUG SOX Panel Scott Tang, Project Manager
Value of internal auditing: Assurance, Insight, objectivity
Value of internal auditing: Assurance, Insight, objectivity
Sarbanes-Oxley Act (404) An IT Viewpoint
Value of internal auditing: Assurance, Insight, objectivity
An IT Viewpoint Darin Kreimeyer, Senior Manager Newel Linford, Manager
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Introduction by Compliancy Software This is a presentation delivered by Scott Rogers, Director of Internal Audit for PPD at the IT Compliancy Institute conference on Risk Management and Compliance on May 4, 2007 in Washington, DC. In this session, Scott is addressing how PPD solved the challenges of complying with Sarbanes-Oxley. The automation components referred to in this presentation were accomplished with the Compliancy Software solution. Software Transform risk management and compliance into business value www.compliancysoftware.com IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation Presentation Title Sarbanes-Oxley Compliance Process Automation Scott Rogers Director of Internal Audit Pharmaceutical Product Development

Agenda Background SOX Overview and Challenges SOX and the IT Function Presentation Title Background SOX Overview and Challenges The Rules The Scope and Purpose The End Product The Challenges SOX and the IT Function What is ITGC? Using IT to Automate Controls. Automation of the SOX Compliance Process Group Discussion and Questions IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Background Scott Rogers, CPA, Director of Internal Audit Presentation Title Scott Rogers, CPA, Director of Internal Audit Responsible for the Global Sarbanes-Oxley Compliance Process Pharmaceutical Product Development, Inc. Contract Research Organization, Phase I-IV Development Services HQ in Wilmington, NC $1.3B Revenue $1.4B Market Cap 10,000 Employees in 28 Countries IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Background The SOX Landscape: HQ in Wilmington, NC Presentation Title The SOX Landscape: HQ in Wilmington, NC 12 SOX Geographic Locations Throughout Americas 55 Significant Processes Approximately 500 Key Control Procedures 35 Process Owners 10 Internal Auditors, Globally Initially the documentation was completely paper based (i.e. Access, Word, Excel, etc.). In 2006 we transitioned to a Professional System to manage the Risk Assessment, Process Documentation, Issues Management, Certification and Testwork processes. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Mix of Controls ITGC Entity Level Financial Presentation Title IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

SOX Overview The Rules The Scope and Purpose The End Product The Challenges IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

SOX Overview – The Rules Presentation Title PCAOB Established by Congress. Established to Provide Oversight to the Public Accounting Industry. For Lack of Other Guidance, Management’s Compliance Program Has Been Designed to Comply with PCAOB Standards. Your External Auditor Has a Significant Influence on Management’s Compliance Program. New Rules are Coming Soon! PCAOB Is Issuing a Standard for External Auditors. SEC Will Issue a Standard for Management To Follow How are the New Rules Different? IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

SOX Overview – Scope and Purpose Presentation Title Any Process, System, Transaction or Communication that could potentially have a Significant effect on the Accuracy of the Financial Statements. Fraud - The Existence of Fraud Must Be Considered and Evaluated Throughout the Process. Entity Level Controls. IT General Controls. IT Application Controls. The Sole Purpose Is To Ensure That Financial Statements are Accurately Reported. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

SOX Overview – The End Product Presentation Title QUARTERLY CEO and CFO Must Personally Sign a Public Statement which states that the Internal Control Structure is Appropriately Working ANNUALY Two Separate Audit Opinions From the External Auditor Opinion on the Design of the Internal Control Structure Opinion on the Quality of Management’s Compliance Process Audit Opinion From Management IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

SOX Overview – The Challenges Presentation Title Maintaining a Real Time Risk Assessment and Understanding of the Entity Level, Financial and IT General Control Processes. Empowering Process Owners to Take Ownership in the Risk Assessment and Enforcement of Control Processes. Dealing With Change in Transactions, Human Resources, Systems and Rules. Tracking and Reporting Design and Operation Internal Control Issues. External Auditor’s Concurrent Review of the Process. Involvement of a Large Cross Functional Group of People, Systems and Processes. Audit Evidence of Control Performance and Effectiveness. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

What are auditors looking for? EVIDENCE Verbal Inquiry, alone, generally does not constitute audit evidence. Verbal inquiry, alone, does NOT constitute audit evidence. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

SOX and the IT Function What is ITGC? Using IT to Automate Controls. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

SOX and the IT Function – What Is ITGC? Presentation Title Information Technology General Controls (“ITGC”) How Does ITGC Effect the Financial Statements? Change Control Logical Access IT Infrastructure – Networks, Data Centers, Underlying Data Structures, Physical Assets Segregation of Duties Centralization and Consistency Will Make ITGC Easier. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

SOX and the IT Function – Using IT To Automate Controls Presentation Title Any IT Application’s Functionality That Helps Ensure Accuracy and Integrity of Financial Data Can Be Relied Upon as a Control. The Testing Frequency of Programmed Controls Can Be Significantly Less Than Manual Controls. Application Development Should Include Your Company’s Internal Controls Experts. They and IT Can Work to Build, Identify and Rely on Programmed Controls. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Automation of the Processes Risk Assessment Testing Planning and Management Reporting IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Automation - Risk Assessment Presentation Title Management Certification Process Quarterly Management is Required to Certify That the Business and Control Processes Have Not Significantly Changed. Utilized a Customized Workflow to Deliver the Data to Management. Management’s Review is Scalable to Their Needs Allowing For Many Different Levels of Review. Utilized to Identify Changes and Enhance Our Understanding of the Processes. Helps Drive Management to “Own” the Processes. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Automation - Risk Assessment (cont) Presentation Title Other Risk Assessment Activities Status and Effectiveness of Controls is Automatically Linked to Testing and Issues Processes. Automated Issues Workflows Ensure Management Knows Where They Have Remediation To Perform. Change Control Provides External Auditors With a Clear and Ongoing Map From One Period to the Next. Maintaining an Ongoing List of Design Issues. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Automation – Audit Testing Presentation Title Design and configuration. Scheduling – Allows Creativity and Flexibility in the Nature, Timing and Frequency of Tests. Change Control Over the Test Strategies. Utilizes Workflow to Pass the Test to the Planner, Performer, Reviewer and File Preparation Steps. Electronic Work Papers and Audit Evidence. Sample Selection Processes Portals for Auditor / Management Communication and Data Transfer Automatic Selection of Samples IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Automation – Planning and Management Presentation Title Scheduling the Planning Related Activities and Communications. Scheduling the Key Communication and Reporting Dates. Portal For Capturing Auditor’s Time Spent on Tests. Maintaining the Global Scheduling, Time Analysis and Efficiency Metric Analyses. Portal for Capturing Auditor’s Recommendations and Design Issues Noted. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Automation - Reporting Presentation Title Comprehensive Listing of Issues with Status. Reporting of Delinquent Certifications. Reporting of Delinquent Test Areas. Dashboard Status Views of All Processes. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Summary Presentation Title SOX Is A Broad, Complicated and Changing Process Driving the Need For Process Automation. Process Automation Can Be Found In The Following: Risk Assessment Testing Planning and Management Reporting Develop Strong Relationships With Internal Control Experts In Your Company to Help: Ensure ITGC Is Appropriately Designed. Ensure Programmed Controls Are Identified and Utilized. IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Questions and Discussion Presentation Title Questions and Discussion IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation

Please Complete Your Session Evaluation Presentation Title Contact Information Scott Rogers PPD scott.rogers@wilm.ppdi.com 910 558 6790 Please Complete Your Session Evaluation

For More Information about Compliancy Software Please visit our website at www.compliancysoftware.com Or Call us at 1-919-342-6212 Email us at info@compliancysoftware.com Software Transform risk management and compliance into business value IT COMPLIANCE CONFERENCE 2007 | Sarbanes Oxley Compliance Process Automation