Add to collection(s) Add to saved
  1. Business
  2. Finance
  3. Financial Markets

ProCognis SOX 404 & COSO Implementation Presentation

ProCognis SOX 404 & COSO
Implementation Presentation
July 2006
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Implementation Background
• Sarbanes-Oxley law (SOX) became law following a
number of high-profile accounting scandals
• SOX Requires Management to Certify (SOX 302)
and Assess (SOX 404) Internal Controls over
Financial Reporting
• Certification means that Management must take
responsibility over the existence and effectiveness of
their company’s financial controls
• Assessment means that Management must
document and verify that the certified controls are
effective.
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
COSO Framework
• SOX requires selection of a framework, however it
does not mandate a specific framework
• COSO is the most frequently used framework
• COSO was developed to provide a framework to
evaluate internal controls
• COSO requires that management assess risks to the
reliability of financial reporting
• Control activities are then implemented to mitigate
identified risks
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
ProCognis SOX Tools & Methodology
• Developed specifically for
SOX 404 compliance
from customer input
• Based on the COSO
framework
• Uses a Top-down, Riskbased approach
• Flexible and configurable
to meet a variety of
customer needs
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Steps to Compliance
• Planning
First steps to get you ready to begin the
compliance process
• Documentation
Communicate the systems, cycles and
risks along with mitigating controls to
involved parties
• Evaluation & Remediation
Testing of actual controls and validating
control effectiveness; Remediation will
be required for controls that failed testing
• Reporting of Results
Communicate results of testing and
begin planning for next compliance
activities
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Planning Overview
• Planning Key Items:
Enter company information &
Identify systems
Evaluate the overall control
environment
Map systems to financial
statement assertions & edit and
print the planning templates
• Gather necessary
internal documentation
and prepare staff for
compliance
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Planning Details
• Company information is
gathered and a scoring
system is used to determine
the appropriate testing level
• Testing level may be overridden for specific tests
• Testing level plus Riskscoring allows the user to
define a minimum level of
testing for all risks/controls
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Documentation Overview
• Obtain a basic
understanding of each
system & Identify
system steps
(sometimes called
cycles or processes)
• Consider inherent risks
and evaluate their
impact & determine if
mitigating controls exist
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Documentation Detail
• Financial Statement
Correlation important to
ensure that there are
no gaps in coverage
• Checkboxes are
provided to correlate
systems to Financial
Controls
• Financial Statement
mapping is key to
implementing the Topdown approach
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Documentation of Systems
• Systems are defined to
categorize the risks and
associated controls
• Systems have Steps
(actions that are performed
as a part of operation of the
System)
• Each Step has risks and
each risk should have one or
more controls; starting with
risks defines the Risk-based
approach
• The systems are tracked
and the status of the testing
is reported for each system
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Evaluation/Testing Overview
• Design test plan for each
Risk/Control
• Define population and select
sample to test (sample
created automatically to
select items for testing)
• Software provides tools to
select statistically valid
sample using consistent
methodology
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Evaluation/Testing Risk-Scoring
•
•
•
•
Risks may be Likely (high
probability of occurring) or
Significant (very material or
damaging) or both
Risk-scoring allows a numerical
scale to quantify the relative
Likelihood and Significance of
each Risk
High Likelihood & Significant
risks are given a larger test
sample size to improve
confidence
Risks that are not likely or
significant may use a smaller
risk scoring to reduce
unnecessary testing
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Evaluation/Testing Details
• Documentation of test
results is important to
validate conclusion
• If a failure is found, the user
must select the status of the
testing procedure
• If the test is considered a
failure, remediation will be
required
• Software provides tools to
automate the remediation
and to track testing status
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Remediation and Retest Details
• Remediation is a retest
of a failed test
procedure
• Remediation will be
tracked as a new test
for the same
risk/control
• Software provides tools
to track remediation
testing status
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Reporting Overview
• Use final checklist to
track progress
• Evaluate remaining
failures and determine
if material
weakness(es) exists
• Based on results select
sample language for
financial reports
• Compile documentation
and preserve testing
details
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Reporting Details
• Final Checklist contains the
key details that tracks
compliance status and
remaining tasks
• Disclosure of Deficiencies
and/or Material weaknesses
will result in additional
testing and control re-design
• Software helps track
compliance to identify
problem areas prior to
disclosing weaknesses or
deficiencies
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
SOX Next Steps
• Following the procedure as
defined in the Planning &
Documentation phases, the
compliance process will
require Auditor sign-off and
validation
• After the Auditors have
validated SOX compliance,
planning will begin for the
next year’s efforts
• Lessons learned will be
preserved to save time in
the future
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
Conclusions
• SOX compliance is a lengthy and involved process
• The end result is a simple conclusion based upon a vast
amount of testing and validation of risks and controls by both
Management and the Outside Auditor
• Software can significantly improve efficiency and quality of the
compliance process and reduce unnecessary effort
• Compliance will not be a single year effort; the first year will
require the most work but the requirement to comply will not
diminish
• With good planning and implementation, the end result of
compliance will be a higher level of confidence in the financial
results
© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com
Related documents
Subject Category: Microbial population and community
Subject Category: Microbial population and community
JD Manager, Internal Audit
JD Manager, Internal Audit
Sarbanes-Oxley, COSO and You
Sarbanes-Oxley, COSO and You
Home Was a Horse Stall Name: Directions: Answer the following
Home Was a Horse Stall Name: Directions: Answer the following
SOX Compliance
SOX Compliance
ME2028 – Letter 1
ME2028 – Letter 1
Download