Sox Presentation

Embed Size (px)

Citation preview

  • 8/13/2019 Sox Presentation

    1/35

    Sarbanes-Oxley: Compliance, Approach,Methodology and Products

    Wally Khalifa- Managing PartnerBusiness Practice

    Kris DiMaggioDirector- Strategy Practice

    June 2005

  • 8/13/2019 Sox Presentation

    2/35

    W BILITYKnowledge&Experience

    Agenda

    Section I: SOX- Backgroundand Compliance Issues

    Section II: Achieving Compliance:Requirements, Approach,

    Framework andDevelopment Methodology

    Section III: Internal Control Management

    (ICM) Objectives and

    Technology Solutions

    Section IV: Recommendation and FinalWords

  • 8/13/2019 Sox Presentation

    3/35

    Sarbanes & Oxley compliance

    Section I: Background, The Act,Timelines, Cost of Implementations,

    and Business Benefits

  • 8/13/2019 Sox Presentation

    4/35

    W BILITYKnowledge&Experience

    Background

    I.I Background

    The Sarbanes-Oxley Act of 2002:

    Has ushered in changes to corporate governance

    that rank among the most sweeping in history.

    Developed in response to recent corporate

    accounting scandals.

    Aimed at improving the transparency and

    accuracy of financial accounting of publicly

    traded companies.

  • 8/13/2019 Sox Presentation

    5/35

    W BILITYKnowledge&Experience

    SOXBasics

    AccountingScandals

    PublicMarketsDecline

    SEC &

    CongressRespond

    SarbanesOxley Act

    Enron, Worldcom, Tyco

    Public Call to Restore

    Investor Confidence

    Act Passed

    Public Markets DeclineSignificantly

    I.II Sox Basics

  • 8/13/2019 Sox Presentation

    6/35

    W BILITYKnowledge&Experience

    SOXBasics

    Law

    Happens

  • 8/13/2019 Sox Presentation

    7/35

    W BILITYKnowledge&Experience

    TheACT

    Section 302--

    CEOs and CFOs to sign off on the validity andaccuracy of their companies financial numbersand to certify the controls and procedures behindtheir financial reports.

    Section 404--

    Organizations must ensure that the audit processbehind their financial reporting is not only

    comprehensive and accurate, but that they canalso meet strict quarterly timeframes for reportingon an ongoing basis.

    I.III Sarbanes-Oxley: The Act

  • 8/13/2019 Sox Presentation

    8/35

    W BILITYKnowledge&Experience

    MoreSOX

    Section 409 --

    Issuers are required to disclose to the public, onan urgent basis, information on materialchanges in their financial condition or

    operations.

    Section 802 --

    Imposes penalties of fines and/or up to 20 yearsimprisonment for altering, destroying,mutilating, concealing, falsifying records,

    documents or tangible objects with the intent toobstruct, impede or influence a legalinvestigation.

    I.III Sarbanes-Oxley: The Act

  • 8/13/2019 Sox Presentation

    9/35

    W BILITYKnowledge&Experience

    ComplianceTimeline

    Section 302--

    already in effect.

    Section 404--

    small companies July 2006

    accelerated filers Nov 2005

    Section 409 --

    will be determined

    Section 802

    will be determined Sarbanes Oxley

    I.IV Compliance Timeline

  • 8/13/2019 Sox Presentation

    10/35

    W BILITYKnowledge&Experience

    Questions

    SOX- Act

    Section

    Section 302 Section 404 Section 409

    Key Questions

    for Executives

    Responsible

    for the

    Compliance

    Who in the

    organization is

    responsible for

    ensuring the

    integrity and

    always-on status

    of finance and

    accounting

    systems?

    Does the internal

    controls

    framework include

    business continuity

    planning and

    disaster recovery

    considerations?

    How will

    potential

    material

    changes be

    monitored when

    the systems

    conducting the

    monitoring go

    offline?

  • 8/13/2019 Sox Presentation

    11/35

    W BILITYKnowledge&Experience

    SOXCosts

    The Government estimates:

    $125,000per Company (Small)

    $391,000per Company (Large)

    CFOs estimates:

    $225,000 (Small Company)

    $3.14 million (Large Company)

    The Trade Group Financial Executives

    Surveys final results:

    $291,000per Small Company

    $4.36 millionper Large Company

    I.VI Sarbanes-Oxley: Average Cost Of

    Implementation

  • 8/13/2019 Sox Presentation

    12/35

    W BILITYKnowledge&Experience

    SOXBenefitstoInvestors

    Companies have to reveal poor

    financial reporting practices that

    should be stopped.

    More trust in the financial

    statements of any company before

    deciding on any investments.

    I.VII Benefits to Investors

  • 8/13/2019 Sox Presentation

    13/35

    W BILITYKnowledge&Experience

    SOXBenefitstoCompanies

    Benefits from consolidateddata store

    Benefits from ability to finddata and create reports

    business intelligence

    Side benefit: discovery ofinternal fraud and theftthrough tighter controls

    Result: positive shareholdervalue

    I.VIII Benefits to Companies

  • 8/13/2019 Sox Presentation

    14/35

    W BILITYKnowledge&Experience

    Penalties

    Action Punishment Reference

    Knowingly altering destroying orfalsifying documents in an effort to impede,obstruct, or influence an investigationFines up to 15 millionand/orImprisonment up to 20 years

    Title VIII,Sec. 802

    Securities Fraud Fines and/or imprisonment up to 25years Title VIII,Sec. 807Mail and Wire Fraud Imprisonment up to 20 years Title IX,

    Sec. 903Willfully certifying financial reports that donot meet regulatory requirements Fines up to 5 millionand/orImprisonment up to 20 years

    Title IX,Sec. 906Violating SEC regulations May be ineligible to hold a director orofficer level position at any publiclytraded company

    Title XI,Sec. 1105

    I.VIIII Penalties

  • 8/13/2019 Sox Presentation

    15/35

    Methodology of Compliance

    Section II: Achieving ComplianceRequirements, Approach, Framework

    and Deployment Phases

  • 8/13/2019 Sox Presentation

    16/35

    W BILITYKnowledge&Experience

    AchievingCompliance

    Identify all processes & systems that can have a

    material affect on financial results:

    Identify risks

    Document and test all related

    processes

    Document and test internal controls

    according to a recognized framework

    such as (COSO)Committee of

    Sponsoring Organizations

    Ensure compliance of business rules

    and controls

    II.I Achieving Compliance-The Big Picture

  • 8/13/2019 Sox Presentation

    17/35

    W BILITYKnowledge&Experience

    COSOFramework

    The overarching system of controls

    designed to govern business practices and

    behaviours.

    The overall system of internal control is

    monitored and improved.

    How pertinent information is identified,captured and communicated internally

    and externally.

    How the pertinent activities are

    designed, implemented and

    tested

    How the company sets objectives

    and manages risk

    II.II COSO Framework

  • 8/13/2019 Sox Presentation

    18/35

    W BILITYKnowledge&Experience

    HighLevelApproach

    Group Processesinto Projects for

    Documentation &Evaluation

    Identify theUniverse

    of Processes

    Process 1

    Process 22

    Process 21

    Process 22

    Project

    Project

    ConfirmAdequacy

    of SelectedProcesses

    Complete listof Stream orFunction

    FinancialProcesses

    Risk-filteredprocesses plusprocessesmanagementdesires toevaluate

    4 2 1

    367

    9 8 5

    Impact

    Probability

    Conduct Risk &$Thru Put

    Assessment

    Process 5

    Process 15

    Process 12Project

    II.III High level Approach

  • 8/13/2019 Sox Presentation

    19/35

    W BILITYKnowledge&Experience

    OurMethodology

    AUDITORATTESTATION

    IDENTIFYEXISTINGCONTROLACTIVITIES

    REMEDIATEGAPS

    IDENTIFYCONTROL

    OBJECTIVESTESTING

    DETERMINEGAPS

    MAPBUSINESS

    PROCESSES

    Processes Assessed through a systematic evaluation

    II.IV Our Methodology

  • 8/13/2019 Sox Presentation

    20/35

    W BILITYKnowledge&Experience

    OurMethodology

    Plan Project

    Assess Control

    Environment

    Conduct Pilot

    ProjectRoll-Out

    Report Overall

    Results

    Form Steering Committee

    Perform Risk AssessmentIdentify External Auditor Expectations

    Select Documentation Format

    Prioritize Processes to Document

    Identify Corporate Governance & Management Controls

    Identify/Assess/Document IT General Controls

    Document & Test Controls for 1-3 Processes

    Review Results w/Steering Committee

    Refine Approach

    Roll-out to Centralized Processes

    Roll-out to Other Significant Locations and/orDecentralized Processes

    Report/Fix Any Control Deficiencies

    Cover Period to Yearend

  • 8/13/2019 Sox Presentation

    21/35

    Software Solution

    Section III- Internal Control Management

    (ICM) Objectives and TechnologySolutions

  • 8/13/2019 Sox Presentation

    22/35

    W BILITYKnowledge&Experience

    InternalControlsDefined

    Internal Controls are measures Designed to providereasonable assurance for

    Reliability of financial reporting

    Effectiveness and efficiency of operations

    Compliance with applicable laws and regulations

    III. I Internal Controls - Objectives

    T h l S l i

  • 8/13/2019 Sox Presentation

    23/35

    W BILITYKnowledge&Experience

    Technology will help:

    Provide Optimal Solutions that will

    embrace the improvements of the

    financial processes that underlieinternal controls

    Accommodate changes in the

    regulations, as well as changes in the

    way the company operates its

    business.

    TheFinalWord

    TechnologySolutions

    III.II Technology Solutions

    S l i C i i

  • 8/13/2019 Sox Presentation

    24/35

    W BILITYKnowledge&Experience

    Reduces time to compliance

    Enhances the procedures for financial

    reporting & business Processes

    Accommodates changes inregulations and procedures

    Monitors and Maintains control

    procedures

    An Infrastructure for broader process

    automation

    FinalWord

    SelectionCriteria

    III.III Selection Criteria

  • 8/13/2019 Sox Presentation

    25/35

    W BILITYKnowledge&Experience

    TechnologyFeatures

    General Provides environment that provides fast

    access to SOX information (accounts,processes, controls)

    Maintains policies, procedures anddocumentation

    Integrates with existing workflow processes Can import control information from other

    applications

    Managing Controls

    Automates and manages control procedures

    Records all control process user workflowactivities for accountability

    Issues and Audits

    Manages audit preparation activities

    Automates SOX issue resolution

    III.IV Solution Features

  • 8/13/2019 Sox Presentation

    26/35

    W BILITYKnowledge&Experience

    Products

    Process Centric Workflow

    Solutions

    E-mail and IM Scanning and

    Archiving Solutions

    Information Lifecycle

    Management Solutions:

    Document Management

    Storage Management

    III.V Solution Products Categories

    O ti l S l ti

  • 8/13/2019 Sox Presentation

    27/35

    W BILITYKnowledge&Experience

    OptimalSolutions

    Supports the rapid thorough

    completion of the audit process

    Enables management, enforcement

    and modification of key processes

    and financial controls

    Allows organizations to easily

    modify requirements and business

    logic

    III.VI Process Centric Workflow Features

    P d t

  • 8/13/2019 Sox Presentation

    28/35

    W BILITYKnowledge&Experience

    Products

    SOXA Accelerator from HandySoft

    Provides a solid foundation for

    corporate governance by stream lining

    and automating the processes involved

    in evaluating, documenting andenforcing internal controls

    Combines business processes

    management (BPM) technology with

    the collaboration, search and

    personalization capabilities of

    Plumtree's Enterprise website Portal.

    III.VII Process Centric Workflow Products

    P d

  • 8/13/2019 Sox Presentation

    29/35

    W BILITYKnowledge&Experience

    Products

    Example: Assentor Enterprise

    Suite from Illumin Software

    Services- Performs Message

    Management

    Assentor Compliance - daily

    supervision of messages

    picks out words and phrases

    that might be in violation of

    brokerage laws

    Assentor Discoveryretrieve

    archived messages for audits

    III.VIII Email Management Products

    P d

  • 8/13/2019 Sox Presentation

    30/35

    W BILITYKnowledge&Experience

    Products

    Example: KVS Enterprise Vault

    Can reduce the cost of expensive

    disk storage

    Lets customers set customizedretention policies for e-mail,

    documents, instant messages and

    Microsofts SharePoint Portal

    Server documents.

    For SOX, GLB, HIPAA, SEC

    Rule 17 a-4

    III.VIIII Email Archiving Products

  • 8/13/2019 Sox Presentation

    31/35

    Recommendations and Final Words

    Section IV: Recommendations,

    Final Wordsand Future Legislation

    Recommendations

  • 8/13/2019 Sox Presentation

    32/35

    W BILITYKnowledge&Experience

    Recommendations

    We believe that the deployment of a Process-

    Centric Solution will turn the challenges of

    SOX compliance into an opportunity, because

    the same methods you use to come intocompliance will be used to improve the

    performance of your entire financial

    organization.

    Process Centric Solutions bring together

    process, methodology and documentation to

    provide complete solution for SOX compliance

    and further process improvements

    IV.I Recommendations

    Fi l W d

  • 8/13/2019 Sox Presentation

    33/35

    W BILITYKnowledge&Experience

    FinalWords

    Sarbanes-Oxley has transformed the corporatelandscape with new and complex mandates for

    corporate financial reporting.

    All public companies of all sizes will go through

    the same basic steps to achieve compliance, eachwill take a slightly different approach.

    Organizations will require a technology solution

    that does not force them into a particular process

    or methodology.

    Select a tool that will allow you to capture and

    enforce best practices around the collection and

    reporting of financial data.

    IV. II Final Words

    Fi l W d

  • 8/13/2019 Sox Presentation

    34/35

    W BILITYKnowledge&Experience

    FinalWords

    The best solutions must be able to easily adapt to

    individual approaches, provide long term

    flexibility while coordinating all of the moving

    parts, tasks, people, and systems involved in

    compliance.

    Compliance is not a one-time event: it is an

    ongoing process where the initial audit is only

    the first phase, followed by ongoing enforcement

    of controls and process enhancement.

    Smart organizations will view SOX as an

    opportunity to establish corporate governance

    and process excellence in their financial

    processes and other key business areas.

    IV.II Final Words

    F t L i l ti ?

  • 8/13/2019 Sox Presentation

    35/35

    FutureLegislation?

    Corporate Information SecurityAccountability Act (proposed)

    Rep. Adam Putnam, R-Fla. Primary concern: identity theft

    Potential SOX-style compliance; would

    require cyber-security certification by

    public companies

    Not introduced last year; could be

    introduced in the future?

    IV.III Future Legislation ?