Upload
jayson-allen
View
212
Download
0
Embed Size (px)
Citation preview
The Nature of SOX ProjectsAugust 16, 2006 PMI Chapter Luncheon MeetingAmin Leiman, CISA
Agenda:
Characteristics of SOX Projects “Instant Managers” Challenges Conducting an “instant” analysis of a SOX project
Material Weakness Reported by Type
Key Phases of Project Compliance
ProjectPlanning
DocumentKey Processes
SourceRisks
DocumentControls
AssessDesign
ValidateOperation
Report
Develop the Compliance Plan Select the priority accounts and disclosures from financial statement risk assessment (FSRA) Consider significance to financial reporting and risk of misstatement
Identify the key processes impacting financial reporting Document the transaction flows that materially impact the priority financial reporting elements Designate a standard framework for documenting and testing
Use financial reporting assertions to source “what can go wrong” within the process What are the risks?
Document entity controls (“tone at the top”) Document the controls at the source of the risk (preventive) or downstream in the process (detective and corrective)
What are the key controls? Who owns the controls? Identify control objectives
Assess effectiveness of controls design at Entity and Activity / Process Levels How is the controls
design rated? Test effectiveness of controls operation at Entity and Activity / Process Levels Identify exceptions, classify and remediate deficiencies
Conclude Disclose Report
How are controls performing?
Current Status
Collaboration and Communication
Coordinate with External Auditor
Project Status at a Glance
Key Project Task Status Progress Target Dates Comments
Project Planning & Risk Assessment
Determine Overall Scope of Project
Assessment & Definition of Materiality
Determine Significant Accounts and Disclosures
Identify Critical Processes
Determine Applicable Business Units
Determine Level of Documentation and Standard Formats
Complete Compliance Plan
Meet with External Auditor to Discuss Compliance Plan
Complete IT SOX Compliance Project Plan
IT General Control Risk Assessment
Identify Significant Control Objectives
Consider Entity-level Control Significant Objectives
Analyze Entity-level Control Documentation Gaps
IT Application & General Controls Risk Assessment Plan 80%
KEY Not Started In Process Concern Great Concern Complete
Characteristics of SOX Projects:
As a result of corporate “911” events Panic Mode Uncertainties Last minute action plans Unintended consequences Primarily driven by external auditors
Challenges of “Instant” Managers:
Organizations and projects are, by nature, political The ultimate inspiration is the deadline Relying on ballpark estimates Victim of Parkinson’s Law – Work will expand to take the
time allowed Balancing the Right and Left Brain “You can’t solve a problem with the same thinking that
created it in the first place” Albert Einstein
Your Roles in Helping Them Out:
“Instant” PM PMP-certified PM
Organizations and projects are, by nature, political
Implement Project Integration Management
The ultimate inspiration is the deadline
Project Time Management
Relying on ballpark estimates Project Scope Management - Enforce SOW and WBS
Victim of Parkinson’s Law Project HR Management
Balancing the Right and Left Brain
Project Communications Mgmt.
“You can’t solve a problem with the same thinking that created it in the first place”
Project Quality Management
Conducting an “instant” analysis of a SOX project:
Principle Action
Symptoms tell us we have a problem but the symptom is not the problem itself
Identify and “kill” the bottlenecks quickly before they kill the project.
Close-ended problems have single solutions. Open-ended problems have multiple solutions.
“Close-ended” requires a left-brained approach and “Open-ended” requires a right-brained approach.
If the definition is wrong, you will develop the right solution to the wrong problem.
Clarify a shared understanding of the team’s mission.
Where there is no vision, the people perish (Proverbs 29:18)
Confirm the team’s understanding of what the final result will look like.
Web Sites
http://www.sec.gov/divisions/corpfin/faqs/soxact2002.htm http://cpcaf.aicpa.org/Resources/Sarbanes+Oxley/ http://weblog.gartner.com/weblog/index.php?blogid=11 http://www.pwcglobal.com http://www.protiviti.com/
Q&A
“Misunderstandings sometimes occur because of differences in thinking preferences”
Thank you for coming to our presentation today !