Add to collection(s) Add to saved
  1. Business
  2. Finance

Keeping Your SOX On

Keeping Your SOX on: Quality
Improvement for Sustaining SOX
compliance
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Purpose of today’s discussion
2

To discuss the challenges and opportunities presented by the SOX
compliance

To outline an information centric approach towards improving
organizational performance for sustaining SOX compliance
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Agenda
3

State of Financial reporting and SOX mandate

Modeling Enterprise Information

SOX compliance and continuous improvements

Key Benefits
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Agenda
4

State of Financial reporting and SOX mandate

Modeling Enterprise Information

SOX compliance and continuous improvements

Key Benefits
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
State of Financial reporting
450
394
400
350
312
Number of Restatements
300
250
228
200
172
159
150
100
50
0
1999
2000
2001
2002
2003
Year
Inaccurate, Inconsistent and Unreliable financial report is a Quality Issue
[Ref: Huron Consulting Group; Information Integrity Coalition; http://www.forbes.com ]
5
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
SOX Primer




6
Sarbanes-Oxley was enacted in a major effort to prevent accounting
scandals and other reporting problems from recurring, and to rebuild
public trust in corporate business practices and reporting.
Establishes new or enhanced standards for corporate accountability
and penalties for corporate wrongdoing.
Contains 11 titles, ranging from additional responsibilities for audit
committees to tougher criminal penalties for white-collar crimes such
as securities fraud.
Defines a higher level of responsibility, accountability, and financial
reporting transparency – changes that ultimately are intended to
return to investors the confidence.
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
SOX key requirements
7

CEO and CFO certification

Real time disclosure of material events

Disclosure Control and Procedures

Internal Controls Over Financial Reporting

Internal Control Reports and Assertions

External Auditor Attestation
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Challenges
70%




Multiple isolated compliance
efforts
Focus is on compliance ( read
documentation)
Distraction from “Business as
Usual” activities
Compliance does not guarantee
business sustainability – Quality
does
Reasons for loss of share holders value
60%
60%
50%
40%
30%
27%
20%
13%
10%
0%
Strategic
Operational
Compliance
For better value ,Compliance management should be part of “business as usual
activities.
[Ref: Booz, Allen Hamilton, 2004]
8
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Industrial Revolutions
II
I




Manufacturing
Transportation
Energy
Explosion in products




Software
Internet
E-Commerce
Explosion in Information
Ref: Martin Bariff, 2004 at ISACA
9
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Improving Quality of Financial Reporting
Process Focus
 Assure the quality of the financial reporting processes
 Assure the integrity and accuracy of the controls relevant to financial
reporting processes
 Assure the integrity of the information outputs
 Reduce fraud through regulations
10
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Agenda

State of Financial reporting and SOX mandate

Modeling Enterprise Information

SOX compliance and continuous improvements

Key Benefits
11
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
What is Information Integrity?
Information Integrity (I*I) is the trustworthiness or dependability
of information as defined by the accuracy, consistency &
reliability of information content, processes and systems.
12

Accuracy: The degree of agreement between a particular value and an
identified source that provides the correct value at a specific point in time.

Consistency: The degree of agreement among repeated instances of the
same information (occur in space, over time, and in relation to one another at
the same point in time).

Reliability: The degree to which information is complete, current, and
verifiable.
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
I*I Risks are linked to

“Static” business models in changing markets

Process re-engineering initiatives

Growth in business, information, and data

Information systems initiatives

“Off System” analytical work
13
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Reported magnitude of I*I issues
Industry
Impact of I*I failures
Telecom
About 5-11% of revenue is lost [1]. That is about
$15-30 billion a year[1].
Banking
30 banks had reported total operational losses of
around 2.6 billion euros. [5,6]
During year 2000, UK lost £113 million through non- compliant
documents being presented under letters of credit.[3]
Insurance
US Medicare program lost between 7-10% of its
budget due to I*I related errors[4].
Retail
US retail companies lost about $5.6 billion in year
2001 [2] due to clerical and administrative errors.
[1] D&T, Revenue assurance survey, PWC, KPMG publications [4] GAO report,1999, IIC report,2001
[2] 2001, National security survey, university of Florida
[5] BIS, “Quantitative Impact Study” , 2002
[3] SITPRO, 2003
[6] Rick Harris, “Domestic regulatory approaches to operational risk”, 2002
14
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Unitech’s Framework is comprehensive

The Unitech’s Enterprise Information Model (EIM) is a comprehensive framework for
identifying focal business processes for integrity evaluation

The four quadrants can be populated with issues and processes representing every
aspect of enterprise operations
15
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Information Exchange Integrity
Value of Cycle time improvement in
process analytics
INTEGRITY RISKS
AS VARIATION IN
A/C/R
Re-engineered process
LSL
MINIMZED
INTEGRITY
RISKS
Target
Re-engineered process
LSL
16
USL
Target
USL
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
I*I Assessments
SYSTEM
PROCESS
CONTENT
Accuracy
Practice
Components
Standard
Tolerance
Consistency
Spatial
Temporal
Reliability
Relational
Completeness
Currency
Verifiability
Metrics
Methods
Standards
Tools
Ref: Martin Bariff, 2004 at ISACA
17
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
I*I Rating Systems
• Process-Based Ratings –
Management Requirements
Usually for business process
5
4
3
2
1
OPTIMIZED
I*I risk management is integrated with enterprise wide risk management process
MANAGED
I*I risk management is integrated across all key business processes.
PREVENTIVE
I*I risk analysis, Continuous I*I risk monitoring. Focus on business requirements
DETECTIVE
After the fact initiatives. Typical processes are Data cleaning, Audit, process
quality measurement , system reliability measurement
AWARE
Enterprises have some awareness of information integrity issues. Few of these
issues are addressed adequately.
Examples from Quality world
Ref: "Building an Information Integrity Rating System,“ by Craig M. Watson, April 12, 2004
18
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
I*I Rating Systems
• Outcome-Based Ratings – Performance Requirements
Usually for information exchanges. Examples include financial statement released to public, individual bank statements etc.
Similar examples
Trustworthy information
Acceptable non critical information
AAA Investment Grade
BBB Non-Investment Grade
Bbb Junk
Non Acceptable
Source: "Building an Information Integrity Rating
System,“ by Craig M. Watson, April 12, 2004
Proprietary
and
Confidential
Copyright@2005
by Unitech Systems Inc. All rights reserved
19
Agenda

State of Financial reporting and SOX mandate

Modeling Enterprise Information

SOX compliance and continuous improvements

Key Benefits
20
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Baldrige Framework
21
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Several Concepts – Several Tools




Quality Management
Risk Management
Control Management
Information Integrity
Management





Six Sigma, Quality Circle
Business Process
Reengineering
Integrity Risk Assessment
Enterprise Risk Management
COSO, COBIT
Corporate Governance Model
(Baldrige Criteria for Performance Excellence )
22
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Integrated Management Systems Approach
Corporate Governance
Baldrige based Management System
Information Integrity
Requirements
Quality
Requirements
Integrity Tools
Quality Tools
SOX Compliance
23
Regulatory Compliance
Performance Excellence
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Agenda

State of Financial reporting and SOX mandate

Modeling Enterprise Information

SOX compliance and continuous improvements

Key Benefits
24
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Benefits of the Unitech Approach

Enterprise-based
The Enterprise Information Model embraces all major
processes in the enterprise. One tool provides the total
perspective

Process-Focused
Our approach is driven by a relentless focus on practical
process understanding. As a result, we connect with
management thinking and deliver practical integrity
improvements.

Effective/Efficient
We look at processes from both effectiveness and efficiency
perspectives, thus broadening performance impact

Compliance-rich
Unitech is particularly suitable for supporting Sarbanes-Oxley
and Basel II compliance initiatives. We provide documentation
of controls, as well as a high-level of confidence in the results

Generally adaptable
Unitech’s approach can be applied to ANY business process,
yielding powerful insights into information integrity, as well as
performance improvement potential
25
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
More Resources
www.asq.org/ii
 www.informationintegrity.org
 www.unitechsys.com

26
Proprietary and Confidential Copyright@2005 by Unitech Systems Inc. All rights reserved
Related documents
Disclosure and Confidentiality Agreement for Staff and Board
Disclosure and Confidentiality Agreement for Staff and Board
Proprietary Information And Confidentiality Policy
Proprietary Information And Confidentiality Policy
Provider Data - HealtheConnections
Provider Data - HealtheConnections
Non-Disclosure (Confidentiality) Agreement Policy
Non-Disclosure (Confidentiality) Agreement Policy
Health Exchange Subsidy Calculator
Health Exchange Subsidy Calculator
Qliance
Qliance
DynCorp International
DynCorp International
NtregaBusinessPlanExpress 1.1 MB
NtregaBusinessPlanExpress 1.1 MB
Download