Navigating the Corporate Governance Landscape

1
(No Transcript)
2
Agenda

• Sarbanes Oxley Act
• Where to Begin
• Creating the Risk Library
• Assessments / Audits
• Signing Officer
• Business Process Owners
• Documenting Procedures
• Q A

3
Sarbanes-Oxley ActA Response to the
Deterioration in Public Confidence
4
Sarbanes Oxley ActHighlights

• Section 103 Your auditor must (and therefore,
  you should) maintain all audit-related records,
  including electronic ones, for seven years.
  Effective now.
• Section 201 Firms that audit your companys
  books can no longer provide you with IT-related
  services. Effective now.
• Section 301 You must provide systems or
  procedures that let whistle-blowers communicate
  confidentially with companys audit committee. No
  effective date.
• Section 302 Your CEO and CFO must sign
  statements verifying the completeness and
  accuracy of financials reports. Effective now.
• Section 404 CEOs, CFOs and outside auditors
  must attest to the effectiveness of internal
  controls for financial reporting. Effective now.
• Section 409 Companies must report material
  changes in their financial conditions on a rapid
  and current basis. The act calls it real-time
  disclosure but doesnt define what that means.
  No date set.
• Computerworld, April 14, 2003

5
You must ensure internal controls over your
financial reporting.
The Act states

• Sections 302 and 404 of Sarbanes Oxley

6
You must be able to attest to

• The Processes affecting values in accounts,
• which are exposed to Risks,
• which are mitigated by Controls,
• which are verified by Audit Procedures.

7
Internal Control TestingWhere to Start
8
Setting Up Internal Controls
Review and Update Procedures -Business Process
Owners
Identify and Organize Processes -Internal
Audit/Risk Assurance Partner
Identify Risks Controls for Processes -Internal
Audit/Risk Assurance Partner
Create Risks Controls Library -Risk Assurance
Partner
Upload Risks Controls Library -Risk Assurance
Partner
Identify Controls within your system -Internal
Audit/Risk Assurance Partner
Link Risks to Controls -Internal Audit/Risk
Assurance Partner
Link Key Controls to Audit Procedures -Internal
Audit/Risk Assurance Partner
Link Processes to Key Accounts -Internal
Audit/Risk Assurance Partner
9
Risk Control LibraryDEMO
10
Testing Internal Controls
Begin Assessment Process -CFO
Create Surveys -Internal Audit
Distribute Surveys -Internal Audit
Review Survey Results -Internal Audit
Create Assessment and Link Survey to
Assessment -Internal Audit
Based on Results, Choose Where to Audit -Internal
Audit
Execute Audit Procedures -Internal Audit
Review Processes, Risks Controls -Internal Audit
Make Recommendations Issue Audit
Opinions -Internal Audit
11
Assessment / AuditDEMO
12
Signing OfficerDEMO
13
Business Process OwnerDEMO
14
You must ensure internal controls over your
financial reporting.
The Act states

• Sections 302 and 404 of Sarbanes Oxley

15
You must be able to attest to

• The Processes affecting values in accounts,
• which are exposed to Risks,
• which are mitigated by Controls,
• which are verified by Audit Procedures.

16

17
ICM / Tutor
18
Do You Want to

• Comply with Corporate Governance regulations by
  having documented business policies and
  procedures?
• Achieve success through user acceptance of
  business process and technology changes?
• Reduce time spent documenting implementation
  decisions?
• Easily create and maintain all documentation and
  training material?
• Reduce training costs (development, travel, time
  away)?
• Regularly deploy role specific, accurate,
  up-to-date, procedure manuals?
• Modify Oracle eBusiness Suite online help?
• Provide employees documentation on an as needed
  basis improve employee performance?
• Train employees based on their role in the
  organization?
• Manage change within the organization?
• Leverage documentation and training resources
  across the organization?

19
Oracle Tutor - How it works
20
Tutor Demo
Lets Take a Closer Look
21
Customers

• Uses
• US Department of Transportation
• University of Virginia
• US Army Corps of Engineers
• San Francisco State University
• Testimony
• Medela
• Articles
• Motorola
• ETEC

22

23
ICM / Tutor
24
Oracle Tutor

• Mature Product
• 250 Pre-built business process
• Arthur Andersen Study
• 10 12 man hrs create a procedure
• 2 - 4 man hrs to modify an existing procedure
• ------------
• 8 man hrs time savings per process
• Integration
• Update to Procedure, automatically updates all
  other procedures that reference it
• Not just for Process Documentation

25
Why Oracle?

• Our solution addresses all needs, not just
  documentation of processes or entering testing
  results
• Uses the business processes that you create or
  can be modeled from the applications
• Leverage your existing information and
  environment, especially in your GL which directly
  relates to your financial reporting
• Uses powerful Workflow engine to enforce controls
  and automate what can be automated (reminders,
  notifications, etc)
• Tutor offers delivered content for documentation,
  desk manuals, and training materials

26
You must ensure internal controls over your
financial reporting.
The Act states

• Sections 302 and 404 of Sarbanes Oxley

27
Q A

28
Audit Projects
29
Audit Scope
30
Audit Tasks
31
Controls that are being audited
32
Risks that are being audited
33
Findings
34
Certification Status
35
Certification tied to Financial items
36
Business Process Owner View
37
Business Process Owner View
38
Business Process View-issues