Industry Leading Sarbanes Oxley Compliance

1
Industry Leading Sarbanes Oxley Compliance
Operational Risk Management Solutions
2
Current Sarbanes-Oxley Landscape

• Fortune 1000 will spend 2.5B on SOX Compliance
  in 2003
• Average 1M in SOX expense per 1B of revenue
• Requires ongoing sustainable and repeatable
  processes
• Client solution should support active compliance
• Several new entrants in the marketplace from
  start-ups and accounting firms are attempting to
  address compliance needs
• Vast majority of firms still evaluating tools as
  of Q1 04

1
1
1 Source AMR Research
3
Sarbanes-Oxley Act of 2002 (SOX)

• Who?
• Publicly held/traded companies (domestic and
  international)
• What?
• Stricter corporate-governance and accountability
  provisions
• 302 CEO CFO must sign off on the companys
  quarterly and annual
• financial statements
• 404 Document financial controls and monitor them
  for effectiveness.
• Why?
• Combat corporate and accounting fraud
• When?
• First fiscal year on or after June 15, 2004
• New Date just released by SEC on November 15,
  2004
• 2005 for International Companies

4
Meeting the requirements of 302

• CEO and CFO have been required to sign off on
  quarterly financials for over a year
• C level is looking for more information to
  support their assertions
• Senior managers should certify their areas and be
  held accountable for accuracy of their data
• How do you create an hierarchy of certifications
  throughout the organization
• How do you make the administration of a
  certification program manageable

5
Meeting the requirements of 404

• The Microsoft Office solution
• Word docs can be used for narratives
• Visio flowcharts for process diagrams
• Excel spreadsheets to document the relationships
  between accounts, processes and controls
• Access databases to log and track issues that
  come out of testing
• Bring it all together in a document management
  system or shared directory

6
Meeting the requirements of 404

• The Microsoft Office solution falls short
• Lack of accountability
• Difficult to maintain security
• No centralized reporting features
• No summary dashboards
• Difficult to maintain going forward
• Requires redundant data inputs
• Lacks workflow
•  

7
Meeting the requirements of 404

• Excerpt from a recent Journal of Accountancy
  article
• "Many executives are reaching the same
  conclusion. In a CFO magazine survey published in
  March 2003, only 11 of 245 CFOs said
  spreadsheet-based control reportingwhich is
  very commonwas accurate enough to make senior
  executives confident about certifying their
  companies financial statement data, as the
  Sarbanes-Oxley Act requires."

8
Meeting the requirements of 404

• Web-enabled database application solution
• Centralized database stores all info on
  processes, risks and controls
• Personalized views display only the documents
  that a user needs to see
• Role based security determines read and edit
  access for each user
• Documents can be shared among users
• Incorporates workflow and email notifications
• Data is available for reporting

9
Benefits of a Web-Enabled Database Application

• Simplified administration
• Application and database exist on centralized
  servers
• Passwords and user roles can are managed from the
  application interface
• Data is stored in a single database
• Allows search capability
• Facilitates reporting
• Provides enhanced data security

10
Benefits of a Web-Enabled Database Application

• Simplified content mgmt and monitoring
• MS Office documents can be stored within the
  database
• Users have one place to go to update and maintain
  their documentation
• Once the database is fully populated, users need
  only document those control procedures that change

11
Benefits of a Web-Enabled Database Application

• Distribution of Responsibility and Accountability
• Assign ownership at various levels
• Require actions and certifications
• Sign-off on controls and processes
• Create an hierarchy of accountability
• Workflow capabilities
• Email notifications when actions are due
• Personalized views displaying users documents
• Manage document status
• Workflows can be customized to fit the needs of
  the customer

12
Benefits of a Web-Enabled Database Application

• On-line Survey capability
• Addresses entity level controls
• Management certification of control environment
• Allows SOX team to conduct surveys of all users

13
Benefits of a Web-Enabled Database Application

• Portal style interface
• Shows personalized data to each user
• Provides a selection of data elements
• Customizable by SOX team
• Can be interfaced with other applications in the
  organization

14
Benefits of a Web-Enabled Database Application

• Reports
• Executive Summary Dashboard
• User defined reports that provide both text based
  tabular and charts and graphs
• Interactive views with drill down capability
• Sort and filter data

15
Do you want a tool that just provides SOX
compliance, or do you want more?
How do you get a return on all the time you
invest in your compliance effort?
16
Enterprise Risk Management
Operational Risk
Market Risk
Credit Risk
Operational Risk Management (ORM)
solution Overall compliance application
Sarbanes-Oxley (SOX) compliance
Compliance
Integrated solution for Internal Audit
Sarbanes-Oxley
302
Quarterly Certification by C-Level Management
Control Assurance Software Sarbanes-Oxley (SOX)
Compliance
404
Control Documentation and Testing
17
What to look for in a SOX solution

• Key Features to look for in a SOX solution
• Supports account to process mapping
• Control documentation
• Supports attachments and hyperlinks
• Provides document security and version control
• Captures control testing and results
• Customizable workflow with email notifications
• Issue and Action Plan tracking
• Risk assessment
• Captures all elements of the COSO framework
• Provides on-line survey capability

18
What to look for in a SOX solution

• Key Features to look for in a SOX solution
• Interactive reports with drill down capability
• Executive summary dashboards and heat maps
• Ad hoc reporting capability
• Role based security
• Personalized views
• Reference library for best practices
• Customization
• Is it a SOX tool or can it be used for Compliance
• Does it provide complete ORM functionality

19
What to look for in a SOX solution Vendor

• Key Features to look for in a vendor
• Stability
• Growth
• Expertise
• Capability
• Experience
• Support
• Commitment

20
Business accountability software. Its what we
do!

• Our heritage is auditingfounded in 1995
• Paisley Business accountability solutions
• Audit workflow software
• Sarbanes-Oxley software
• Operational Risk Management software
• Paisley leads in market share with over 240 SOX
  engagements
• Over 50 Fortune 500 companies use Risk Navigator
• Paisley Consulting named to the INC. 500 list of
  the fastest
• growing privately owned companies in America
  last two years

1
1. Survey conducted by EY of 100 Fortune 500
firms
21
A recent survey of 100 SEC listed Companies
showed that Risk Navigator from Paisley has been
chosen by 43 of Companies who have selected
external technology support
Dominant Market Share, Largest Installed Base
1
2
Technology Enablers Deployed

• Paisley Consulting boasts a client roster of over
  500 organizations around the world, serving more
  than 30,000 users in a wide range of industries
• Corporate clients in more than 30 countries
• More Fortune 500 clients use Paisley software
  than all other software tools combined

1. Source Emerging Trends in Internal Controls
over Financial Reporting, an EY Survey,
January 2004 2. 28 of the Companies
surveyed
22
Paisleys SOX ORM Solutions
Sarbanes-Oxley Operational Risk Management

• Flexible tool offering off-the-shelf or
  customized installations.
• Control Self Assessment Surveys.
• Risk Identification Risk Assessment Surveys.
• Domino/NOTES or J2EE (Websphere or WebLogic
  DB2 or Oracle DB)

Sarbanes-Oxley

• Off-the-shelf quick and easy implementation.
• Offers Grant-Thornton methodology with industry
  specific process, risk
• and control templates
• Microsoft.NET web based solution
• Server Windows 2000 or greater with Microsoft
  IIS Server
• Client Windows with IE 5.5 or higher
• SQL Server

23
Paisley Experience Ensures Success

• Paisley Consulting focused on this market since
  1995
• Business accountability software is what we do!
• Commitment to develop our tools, build new
  functionality, add integration points with
  enterprise systems
• Continue to be the leader in functionality and
  methodology

24
Questions and Answers