Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing...
-
Upload
lorena-warren -
Category
Documents
-
view
213 -
download
1
Transcript of Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing...
![Page 1: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/1.jpg)
![Page 2: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/2.jpg)
Agenda
Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting Procedures Q & A
![Page 3: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/3.jpg)
Sarbanes-Oxley ActSarbanes-Oxley ActA Response to the Deterioration in A Response to the Deterioration in
Public ConfidencePublic Confidence
![Page 4: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/4.jpg)
Sarbanes Oxley ActHighlights
Section 103: Your auditor must (and therefore, you should) maintain all audit-related records, including electronic ones, for seven years. Effective now.
Section 201: Firms that audit your company’s books can no longer provide you with IT-related services. Effective now.
Section 301: You must provide systems or procedures that let whistle-blowers communicate confidentially with company’s audit committee. No effective date.
Section 302: Your CEO and CFO must sign statements verifying the completeness and accuracy of financials reports. Effective now.
Section 404: CEO’s, CFO’s and outside auditors must attest to the effectiveness of internal controls for financial reporting. Effective now.
Section 409: Companies must report material changes in their financial conditions “on a rapid and current basis.” The act calls it “real-time disclosure” but doesn’t define what that means. No date set.
Computerworld, April 14, 2003
![Page 5: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/5.jpg)
You must ensure internal controls over your financial reporting.
Sections 302 and 404 of Sarbanes Oxley
The Act states…
![Page 6: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/6.jpg)
You must be able to attest to…
The Processes affecting values in accounts,
which are exposed to Risks,
which are mitigated by Controls,
which are verified by Audit Procedures.
![Page 7: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/7.jpg)
Internal Control TestingInternal Control TestingWhere to StartWhere to Start
![Page 8: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/8.jpg)
Setting Up Internal Controls
Review and Update Review and Update ProceduresProcedures
-Business Process -Business Process OwnersOwners
Identify and Organize Identify and Organize ProcessesProcesses
-Internal Audit/Risk -Internal Audit/Risk Assurance PartnerAssurance Partner
Identify Risks & Identify Risks & Controls for ProcessesControls for Processes
-Internal Audit/Risk -Internal Audit/Risk Assurance PartnerAssurance Partner
Create Risks & Create Risks & Controls LibraryControls Library
-Risk Assurance -Risk Assurance PartnerPartner
Upload Risks & Upload Risks & Controls LibraryControls Library
-Risk Assurance -Risk Assurance PartnerPartner
Identify Controls within Identify Controls within your systemyour system
-Internal Audit/Risk -Internal Audit/Risk Assurance PartnerAssurance Partner
Link Risks to ControlsLink Risks to Controls
-Internal Audit/Risk -Internal Audit/Risk Assurance PartnerAssurance Partner
Link Key Controls to Link Key Controls to Audit ProceduresAudit Procedures
-Internal Audit/Risk -Internal Audit/Risk Assurance PartnerAssurance Partner
Link Processes to Key Link Processes to Key AccountsAccounts
-Internal Audit/Risk -Internal Audit/Risk Assurance PartnerAssurance Partner
![Page 9: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/9.jpg)
Risk & Control LibraryRisk & Control LibraryDEMODEMO
![Page 10: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/10.jpg)
Assessment / AuditAssessment / AuditDEMODEMO
![Page 11: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/11.jpg)
Signing OfficerSigning OfficerDEMODEMO
![Page 12: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/12.jpg)
Business Process OwnerBusiness Process OwnerDEMODEMO
![Page 13: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/13.jpg)
You must ensure internal controls over your financial reporting.
Sections 302 and 404 of Sarbanes Oxley
The Act states…
![Page 14: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/14.jpg)
You must be able to attest to…
The Processes affecting values in accounts,
which are exposed to Risks,
which are mitigated by Controls,
which are verified by Audit Procedures.
![Page 15: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/15.jpg)
![Page 16: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/16.jpg)
ICM / Tutor
Business Process
Risks
Controls
TUTOR
![Page 17: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/17.jpg)
Do You Want to: Comply with Corporate Governance regulations by having documented business
policies and procedures? Achieve success through user acceptance of business process and technology
changes? Reduce time spent documenting implementation decisions? Easily create and maintain all documentation and training material? Reduce training costs (development, travel, time away)? Regularly deploy role specific, accurate, up-to-date, procedure manuals? Modify Oracle eBusiness Suite online help? Provide employees documentation on an as needed basis; improve employee
performance? Train employees based on their role in the organization? Manage change within the organization? Leverage documentation and training resources across the organization?
![Page 18: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/18.jpg)
Oracle Tutor - How it worksTutor Tools
AUTHOR
PUBLISHER
Apps Help
Printed/PDF Student & Instructor Guides
Online Help &Reference Materials
Online and Printed Desk Manuals
Owners Manuals and Reports
Content Repository
Procedure Documents
(MS-Word)
Online Help
Courseware(MS-PowerPoint)
Methodology
![Page 19: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/19.jpg)
Tutor Demo
Let’s Take a Closer Look
![Page 20: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/20.jpg)
Customer’s:
Uses– US Department of Transportation
– University of Virginia
– US Army Corps of Engineers
– San Francisco State University
Testimony– Medela
Articles– Motorola
– ETEC
![Page 21: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/21.jpg)
![Page 22: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/22.jpg)
Oracle Tutor
Mature Product 250 + Pre-built business process
– Arthur Andersen Study 10 – 12 man hr’s create a procedure 2 - 4 man hr’s to modify an existing procedure
------------
8 man hr’s time savings per process
Integration Update to Procedure, automatically updates all other
procedures that reference it Not just for Process Documentation
![Page 23: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/23.jpg)
Why Oracle? Our solution addresses all needs, not just
documentation of processes or entering testing results
Uses the business processes that you create or can be modeled from the applications
Leverage your existing information and environment, especially in your GL which directly relates to your financial reporting
Uses powerful Workflow engine to enforce controls and automate what can be automated (reminders, notifications, etc)
Tutor offers delivered content for documentation, desk manuals, and training materials
![Page 24: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/24.jpg)
You must ensure internal controls over your financial reporting.
Sections 302 and 404 of Sarbanes Oxley
The Act states…
![Page 25: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/25.jpg)
Q & A
![Page 26: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/26.jpg)
Audit Projects
![Page 27: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/27.jpg)
Audit Scope
![Page 28: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/28.jpg)
Audit Tasks
![Page 29: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/29.jpg)
Controls that are being audited
![Page 30: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/30.jpg)
Risks that are being audited
![Page 31: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/31.jpg)
Findings
![Page 32: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/32.jpg)
Certification Status
![Page 33: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/33.jpg)
Certification tied to Financial items
![Page 34: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/34.jpg)
Business Process Owner View
![Page 35: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/35.jpg)
Business Process Owner View
![Page 36: Agenda Sarbanes Oxley Act Where to Begin Creating the Risk Library Assessments / Audits Signing Officer Business Process Owners Documenting.](https://reader036.fdocuments.us/reader036/viewer/2022070410/56649ef05503460f94c006a0/html5/thumbnails/36.jpg)
Business Process View-issues