Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sarbanes-Oxley: Corporate Governance and Agile Development Charles Leinbach Managing Partner Freshwater Partners, Inc.

Published byPenelope Briggs Modified over 8 years ago

Similar presentations

Presentation on theme: "Sarbanes-Oxley: Corporate Governance and Agile Development Charles Leinbach Managing Partner Freshwater Partners, Inc."— Presentation transcript:

1 Sarbanes-Oxley: Corporate Governance and Agile Development Charles Leinbach Managing Partner Freshwater Partners, Inc. http://www.freshwaterpartners.com cleinbach@freshwaterpartners.com

2 2Copyright 2004, Freshwater Partners, Inc. Customers Projects  CMM Coaching  IT Management Consulting  IT Organizational Development  SE Process Improvement

3 3Copyright 2004, Freshwater Partners, Inc. Continued strong interest in off-shore outsourcing, with a shift in focus to China Customers savings in salaries (big development staff layoffs) More detailed documentation is needed for outsourcing.  You get what you ask for.  There have been many disappointments. Some development work driven back to the US. Strategic work remains developed close to home

4 4Copyright 2004, Freshwater Partners, Inc. Sarbanes-Oxley  Congress’ response to Enron, WorldCom, et al  Internal Controls: evaluate and disclose effectiveness  Disclose fraud  Affects public companies and “significant” vendors Development process must include internal controls for  Fraud  Asset Management and Safeguarding  Financial Reporting Why is this important to executive management?  Executives can go to jail.  IT management can be held grossly negligent and sued by a company or shareholders. The first regulations go into effect this year.

5 5Copyright 2004, Freshwater Partners, Inc. Control Objectives for Information and related Technology Developed by the Information Systems Audit and Control Association. SOA Approved Framework of IT Internal Controls  34 high-level control objectives  318 detailed control objectives Likely audit framework for auditors SE Control Examples  “The organization’s system development life cycle methodology requires that user reference and support manuals (including documentation of controls) be prepared as part of every information system development or modification project.”  “IT management ensures that users are appropriately involved in the design of applications, selection of packaged software and the testing thereof, to ensure a reliable environment.”

6 6Copyright 2004, Freshwater Partners, Inc. Processes and tools over individuals and interactions Comprehensive documentation over working software Contract negotiation over customer collaboration Following a plan over responding to change Auditor Manifesto?

7 7Copyright 2004, Freshwater Partners, Inc. Major Financial Services Company Subsidiary  800 IT staff  No disaster plan, almost sunk after 9/11  Our job – create a back-up plan  32 of 34 major systems were not documented  Major potential for liability Marketing Function – Pre-approved line of credit  Developer meant to exclude applicants who were in the midst of bankruptcy filing. (operative word “meant”)  30,000 bankruptcy filers received pre-approved lines of credit  $20 million write-off  An IT director could be sued for this — Not for the $20 million loss, but for not disclosing the defective internal control…

8 8Copyright 2004, Freshwater Partners, Inc. Very few CobiT audits have taken place so far at our clients  Expect these to increase in depth and frequency – especially as problems occur Agile practitioners may argue that agile practices can satisfy internal control requirements, but ultimately the auditors will have their say.  Would an auditors certify an agile process? New uses for documentation as audited work products. Documentation also becomes a cover for management.  Stories, CRC cards, system metaphor, etc. may not be detailed enough requirements for auditors Many practices good to uncover and manage risk: release planning, small iterations, stand-up meetings, close collaboration with users, unit tests, etc. New benefit for pair programming – make fraud more difficult  Doesn’t eliminate the need for system audits

9 9Copyright 2004, Freshwater Partners, Inc. Enhance their knowledge of internal control  Training, collaboration with company audit functions  Understanding their company’s overall Sarbanes-Oxley and general compliance plan Develop a compliance plan to specifically address IT controls  Integrate this plan into the overall Sarbanes-Oxley compliance plan. Separation of roles  Requirements, design, programming, testing, data Strengthen contract management

10 10Copyright 2004, Freshwater Partners, Inc. IT Control Objectives for Sarbanes-Oxley, Christopher Fox and Paul Zonneveld, IT Governance Institute, 2003 Sarbanes-Oxley and the Need to Audit Your IT Process, Jeff Smith, Vice President R&D, MKS http://www.mks.com/go/sarbanesoxleyhmpg http://www.mks.com/go/sarbanesoxleyhmpg Sarbanes-Oxley: A primer for Public Companies, Their Officers, Directors and Audit Firms, Robert C. Brighton, Jr., Ruden, McClosky, Smith, Schuster & Russell, P.A., http://www.ruden.com/_resources/pdf/article_6.pdf http://www.ruden.com/_resources/pdf/article_6.pdf Information Systems Audit and Control Association http://www.isaca.org http://www.isaca.org IT Governance Institute, http://www.itgi.orghttp://www.itgi.org US Securities and Exchange Commission, http://www.sec.govhttp://www.sec.gov Public Company Accounting Oversight Board Rulemaking http://www.sec.gov/rules/pcaob.shtml http://www.sec.gov/rules/pcaob.shtml

Download ppt "Sarbanes-Oxley: Corporate Governance and Agile Development Charles Leinbach Managing Partner Freshwater Partners, Inc."

Similar presentations

Training: A Common Sense Strategy December 2002 Patti Hanson Vice President and Director of Purchasing Operations Management JCPenney Company, Inc. Plano,

Training: A Common Sense Strategy December 2002 Patti Hanson Vice President and Director of Purchasing Operations Management JCPenney Company, Inc. Plano,
1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,

1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
Forces of Change Don H. Hansen Health Care Services Partner 425.303.3013.

Forces of Change Don H. Hansen Health Care Services Partner
Information System Assurance Practices in China Key players doing IS Assurance In China Regulatory Regime and Professional Organizations -Regulatory AuthoritiesRegulatory.

Information System Assurance Practices in China Key players doing IS Assurance In China Regulatory Regime and Professional Organizations -Regulatory AuthoritiesRegulatory.
Process of CG in Egypt Mohamed Omran Vice Chairman Cairo & Alexandria Stock Exchanges December, 13 th 2006.

Process of CG in Egypt Mohamed Omran Vice Chairman Cairo & Alexandria Stock Exchanges December, 13 th 2006.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.

Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.
The Role of the Public Accountant in the American Economy.

The Role of the Public Accountant in the American Economy.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Third ICAC Symposium The New York Stock Exchange – A Regulator and a Listed Company James F. Duffy Executive Vice President & General Counsel NYSE Regulation,

Third ICAC Symposium The New York Stock Exchange – A Regulator and a Listed Company James F. Duffy Executive Vice President & General Counsel NYSE Regulation,
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
The CPA Profession Chapter 2.

The CPA Profession Chapter 2.

Similar presentations

Ads by Google