Effectiveness of SOX 1 Running head: EFFECTIVENESS OF SOX ...
How to reach SOX Compliance - The Alpro case
-
Upload
expertum-consulting-excellence -
Category
Business
-
view
352 -
download
1
Transcript of How to reach SOX Compliance - The Alpro case
![Page 1: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/1.jpg)
Lamot, MechelenOctober 12, 2011
Your logo
How to reach SOX ComplianceThe Alpro case
Bart Van Hevel, Alpro
Chris Walravens, Expertum
![Page 2: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/2.jpg)
Your logoAgenda
• Key facts about Alpro• What is SOx• Key facts about Expertum• Authorizations @ Alpro• Authorization Issues• Project approach• Success factors• Benefits for Alpro
![Page 3: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/3.jpg)
Your logoKey Facts About Alpro
• Alpro founded in 1980 and part of Dean Foods since mid 2009
• Grown to € ~260 million in revenues in 2010
• Clear European market leader in non-dairy soy-based products
• 2 power brands: Alpro soya and Provamel
• 6 product categories
• 3 channels
• 3 wholly-owned commercial organisations in NL, UK and GE and more than 30 commercial partnerships in all other primary European markets
• 4 plants in BE, FR, UK and NL
• ~800 employees
![Page 4: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/4.jpg)
Your logoAlpro Soya Brand
![Page 5: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/5.jpg)
Your logoProvamel Brand
![Page 6: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/6.jpg)
Your logoGradual Development Of New Categories
Drinks Desserts Yofu
Cream Meat-free Margarine
![Page 7: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/7.jpg)
Your logoAlpro, A Division Of Dean Foods
National chilled DSD and plant footprint
National premium health & welness brands
US leader in national UHT
private label dairy
US
European leaderin branded soy
EU
![Page 8: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/8.jpg)
Your logo4 Complementary Plants
UK Kettering (Birmingham)
BelgiumWevelgem (Kortrijk)
The NetherlandsLandgraaf (Maastricht)
FranceIssenheim (Colmar)
![Page 9: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/9.jpg)
Your logoWhat is S0x?
US Sarbanes-Oxley Act of 2002 commonly called Sarbanes-Oxley, or SOx, is a United States federal law enacted on July 30, 2002 in response to a number of major corporate and accounting scandals including those affecting Enron, WorldCom, …
Applicable to all companies listed on New York Stock Exchange
• Section 302: The CEO/CFO Dean Foods Must Certify Quarterly and Annually that :
• The SEC (Securities & Exchange Commission) report has been reviewed by the CEO/CFO• The report does not contain any misleading and/or untrue statements• Significant deficiencies and material weaknesses in internal control have been disclosed to the Audit Committee
and auditors, as well as any fraud (material or not) involving anyone with a significant role in internal control• Material weaknesses must be disclosed in the annual report to shareholders
Alpro needs to install a sub-certification process to Dean Foods CEO / CFO
• Section 404: Defines the rules for internal control and financial reporting
• Alpro management must assess effectiveness of internal control structure and procedures for financial reporting
![Page 10: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/10.jpg)
Your logoOur Requirement…
Financial Statements
IT General Controls
Business Processes Reporting Processes
Inventory
Procure to Pay
Order to Cash
Company Level Controls
“Identify, implement and formalize adequate business & IT controls within Alpro Comm VA, for core processes that have a material impact on the financial statements, operating on December 31st, 2010”
…
![Page 11: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/11.jpg)
Your logoOur Requirement…
Financial Statements
IT General Controls
Business Processes Reporting Processes
Inventory
Procure to Pay
Order to Cash
Company Level Controls
…
Business & IT controls in order to cover key risks in a process, resulting in:Manual, signed off reports / documents detective controlConfiguration controls (SAP – customizing) preventive controlAccess restriction / Segregation of Duty controls preventive control
![Page 12: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/12.jpg)
Your logoExpertum
• Our Mission• Exceed client expectations by providing top-quality expertise
• Provide our people a safe environment for personal and professional growth
• Facts• Founded in April 2006 by 2 ex-SAP Belux employees
• Team of +50 SAP Experts and Project Managers
• Highly skilled and experienced SAP consultants in all SAP areas, combined with a
• Partnerships
For more info, visit our new website : www.expertum.net
![Page 13: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/13.jpg)
Your logoAuthorizations @ Alpro
• Position based security• Use of the HR organizational structure
• For role assignments
• 2-layered concept• Composite roles for positions or functions
• Single & derived roles for functionality (at sub-process level)
• Starting point of the SOx authorizations project• Strong conceptual basis
• Prerequisite for a smooth and successful compliance project
![Page 14: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/14.jpg)
Your logoAuthorization Issues
Financial Statements
IT General Controls
Business Processes Reporting Processes
Inventory
Procure to Pay
Order to Cash
Company Level Controls
Critical functionality Segregation of Duties Basis Component
![Page 15: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/15.jpg)
Your logoAuthorization Issues
• Critical functionality (10)• Maintain accounting periods
• Asset retirement / scrapping
• Vendor master data
• Segregation of Duties (7)• Inventory count & post differences
• Price conditions & Sales orders
• Vendor master data & invoices
• Basis Component (10)• User & role administration
• Transport requests
• Debugging
![Page 16: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/16.jpg)
Your logoProject Approach
Scope & Pre-audit
User list review Final auditApproval
& Go-liveImplement
& TestSolution approval
Solution & Impact
Root cause analysis
3 Months - 50 Mandays
• Processes & legal entities in scope
• Risk assessment & definition of controls
• Identification of issues to be remediated
• For each issue determine the list of (un)authorized users / roles
• Identify the (combination of) roles causing the unwanted access
• Propose possible solution(s) for each issue
• Always several options possible:
-User assignment-Composite role-Tcode in single role-Auth. object values
• Impact analysis on other users is essential for not disrupting business activities
• Verification of proposed solution with business users
• Approval of solution
• Business approval is essential, especially when changes in day-to-day organisation is changed
• Technical SAP authorizations knowledge essential
• Testing the solution both positive and negative
• Documentation essential because of SOx requirements
• Final approval of the implemented solution and adequacy of testing before go-live
• Transporting the changes into production and/or changing the user assignments
• Audit by external partner • Final SOx audit by external auditor
• Final check to see if the business processes are under control
![Page 17: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/17.jpg)
Your logoSuccess Factors
• Very much business driven• C-level commitment
• High visibility in the organization
• Dedicated team• Divisional Controller (on business side)
• IT Manager (on IT side)
• Authorizations consultant (expert knowledge)
• Project leader (Business Process Manager)
• Smooth and fast decisions
• Ability to translate complex authorisation terminology into business language
• Efficient assessment of impact, resulting in no business disrupting actions
![Page 18: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/18.jpg)
Your logoBenefits for Alpro
• Alpro Comm VA SOx compliant on December 31st, 2010:
0 deficiencies, an exceptional result !
• Provides Alpro management extra comfort on the main business processes and its impact on the financial reporting
![Page 19: How to reach SOX Compliance - The Alpro case](https://reader035.fdocuments.us/reader035/viewer/2022062319/5560d295d8b42a19088b524c/html5/thumbnails/19.jpg)
Thank you!
Your logo