1 / 18

ProCognis SOX 404 & COSO Implementation Presentation

ProCognis SOX 404 & COSO Implementation Presentation. July 2006. © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com. SOX Implementation Background. Sarbanes-Oxley law (SOX) became law following a number of high-profile accounting scandals

jenski
Download Presentation

ProCognis SOX 404 & COSO Implementation Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ProCognis SOX 404 & COSO Implementation Presentation July 2006 © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  2. SOX Implementation Background • Sarbanes-Oxley law (SOX) became law following a number of high-profile accounting scandals • SOX Requires Management to Certify (SOX 302) and Assess (SOX 404) Internal Controls over Financial Reporting • Certification means that Management must take responsibility over the existence and effectiveness of their company’s financial controls • Assessment means that Management must document and verify that the certified controls are effective. © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  3. COSO Framework • SOX requires selection of a framework, however it does not mandate a specific framework • COSO is the most frequently used framework • COSO was developed to provide a framework to evaluate internal controls • COSO requires that management assess risks to the reliability of financial reporting • Control activities are then implemented to mitigate identified risks © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  4. ProCognis SOX Tools & Methodology • Developed specifically for SOX 404 compliance from customer input • Based on the COSO framework • Uses a Top-down, Risk-based approach • Flexible and configurable to meet a variety of customer needs © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  5. SOX Steps to Compliance • PlanningFirst steps to get you ready to begin the compliance process • DocumentationCommunicate the systems, cycles and risks along with mitigating controls to involved parties • Evaluation & RemediationTesting of actual controls and validating control effectiveness; Remediation will be required for controls that failed testing • Reporting of ResultsCommunicate results of testing and begin planning for next compliance activities © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  6. SOX Planning Overview • Planning Key Items:Enter company information & Identify systemsEvaluate the overall control environmentMap systems to financial statement assertions & edit and print the planning templates • Gather necessary internal documentation and prepare staff for compliance © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  7. SOX Planning Details • Company information is gathered and a scoring system is used to determine the appropriate testing level • Testing level may be over-ridden for specific tests • Testing level plus Risk-scoring allows the user to define a minimum level of testing for all risks/controls © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  8. SOX Documentation Overview • Obtain a basic understanding of each system & Identify system steps (sometimes called cycles or processes) • Consider inherent risks and evaluate their impact & determine if mitigating controls exist © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  9. SOX Documentation Detail • Financial Statement Correlation important to ensure that there are no gaps in coverage • Checkboxes are provided to correlate systems to Financial Controls • Financial Statement mapping is key to implementing the Top-down approach © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  10. SOX Documentation of Systems • Systems are defined to categorize the risks and associated controls • Systems have Steps (actions that are performed as a part of operation of the System) • Each Step has risks and each risk should have one or more controls; starting with risks defines the Risk-based approach • The systems are tracked and the status of the testing is reported for each system © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  11. SOX Evaluation/Testing Overview • Design test plan for each Risk/Control • Define population and select sample to test (sample created automatically to select items for testing) • Software provides tools to select statistically valid sample using consistent methodology © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  12. SOX Evaluation/Testing Risk-Scoring • Risks may be Likely (high probability of occurring) or Significant (very material or damaging) or both • Risk-scoring allows a numerical scale to quantify the relative Likelihood and Significance of each Risk • High Likelihood & Significant risks are given a larger test sample size to improve confidence • Risks that are not likely or significant may use a smaller risk scoring to reduce unnecessary testing © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  13. SOX Evaluation/Testing Details • Documentation of test results is important to validate conclusion • If a failure is found, the user must select the status of the testing procedure • If the test is considered a failure, remediation will be required • Software provides tools to automate the remediation and to track testing status © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  14. SOX Remediation and Retest Details • Remediation is a retest of a failed test procedure • Remediation will be tracked as a new test for the same risk/control • Software provides tools to track remediation testing status © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  15. SOX Reporting Overview • Use final checklist to track progress • Evaluate remaining failures and determine if material weakness(es) exists • Based on results select sample language for financial reports • Compile documentation and preserve testing details © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  16. SOX Reporting Details • Final Checklist contains the key details that tracks compliance status and remaining tasks • Disclosure of Deficiencies and/or Material weaknesses will result in additional testing and control re-design • Software helps track compliance to identify problem areas prior to disclosing weaknesses or deficiencies © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  17. SOX Next Steps • Following the procedure as defined in the Planning & Documentation phases, the compliance process will require Auditor sign-off and validation • After the Auditors have validated SOX compliance, planning will begin for the next year’s efforts • Lessons learned will be preserved to save time in the future © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

  18. Conclusions • SOX compliance is a lengthy and involved process • The end result is a simple conclusion based upon a vast amount of testing and validation of risks and controls by both Management and the Outside Auditor • Software can significantly improve efficiency and quality of the compliance process and reduce unnecessary effort • Compliance will not be a single year effort; the first year will require the most work but the requirement to comply will not diminish • With good planning and implementation, the end result of compliance will be a higher level of confidence in the financial results © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

More Related