280 likes | 573 Views
SOX Project Handoff. [Enter Business Unit Name]. Agenda. Ground Rules Introduction to SOX Cycle of Events SOX Controls Roles and Responsibilities. Admin and Ground Rules. Facilities Prizes Silence Mobile phones All contributions welcome. Objectives.
E N D
SOX Project Handoff [Enter Business Unit Name]
Agenda • Ground Rules • Introduction to SOX Cycle of Events • SOX Controls • Roles and Responsibilities SOX Project Handoff_kwedits.ppt
Admin and Ground Rules • Facilities • Prizes • Silence Mobile phones • All contributions welcome SOX Project Handoff_kwedits.ppt
Objectives • Identify stages of the SOX cycle of events • Describe how SOX affects my role and responsibilities • What is the project team turning over to us? • Distinguish between documentation and evidence • Identify SOX resources • Know what my next steps are in taking over the project team’s work SOX Project Handoff_kwedits.ppt
Why are You Here? • Mandatory • Project team is leaving • Time for the business to receive its SOX SOX Project Handoff_kwedits.ppt
Annually & at change Annually Evaluate Self Test Internal Audit External Audit The SOX Cycle Each change Document Daily Generate & Maintain Evidence SOX Project Handoff_kwedits.ppt
Tell me what you do What does SOX Compliance Mean? Show me how do it Proveit to me SOX Project Handoff_kwedits.ppt
Shell Group SOX404 Deliverables • Flowcharts • Process & control narratives • Control Registers • Walkthroughs • Remediation actions • GreenLight • Test scripts • Testing • Recording of results • Management Assessment • External Audit testing • Executive Attestation The following slides gives some further detail on some of these deliverables SOX Project Handoff_kwedits.ppt
Tell me Documentation – the Tell Me stage Map of the financial statement process linking the risks and controls Flowchart Control Register or GreenLight Control Report in Greenlight - The Shell compliance database containing a detailed description of the financial statement risk, their controls and their compliance (design & operating effectiveness) Evidence As part of ‘show-me’, it is important to be able to evidence that the control is in existence and operates effectively. Typical examples are reports, sign-off, check lists etc… Walk-through or Supporting notes Additional notes to assist the control assessment process SOX Project Handoff_kwedits.ppt
Actual Control Description (ACD) Example Control Objective: “To ensure that appropriate provision is made for all bad debts” • “If needed the Claims Review Panel / Delegated authority asks confirmations/opinions from outside lawyers/experts. xxx calculates the provision needed based on GFAP/GFIM”. • “On a quarterly basis, provisions are calculated by the xxx after receiving inputs from the various focal points. If needed lawyer's /expert letter is obtained to assess the provision. <function> reviews if provisions are in compliance with GFAP/GFIM and approves total provision by signing <provision overview>”. Not Clear Clear and Meets the 5W’s and an H criteria SOX Project Handoff_kwedits.ppt
Organizing Controls • Actual Control Descriptions (ACDs) • Objectives • Guidelines • The 5 Ws • Controls roll up to: • Processes • Sub-Processes SOX Project Handoff_kwedits.ppt
Storing & Reporting Controls Q: What is the most current, correct source of information about controls? SOX Project Handoff_kwedits.ppt
Show me Evidence – the Show Me stage • What is evidence? • Why is it important? • What do we do with it? SOX Project Handoff_kwedits.ppt
Testing – the Prove It stage • Self-Testing • Management Assessment • Internal/External Audit Proveit SOX Project Handoff_kwedits.ppt
Roles & Responsibilities Control Executors (everyone) Sox Documentation LEAD Control Owners Process Owners Generate Evidence Document and Test Review and Sign-off Overall Sign-off SOX Project Handoff_kwedits.ppt
I’m responsible for what? Process Owner Signs-off in Greenlight, Makes change requests, reviews walkthroughs Control Owner produces walkthroughs, monitors for triggers, assists with testing process, approves documentation SOX Documentation Lead monitors for triggers, creates, updates, and maintains process flows, narratives, and procedures; performs testing Control Executor perform the control and generates evidence SOX Project Handoff_kwedits.ppt
Taking Over the Work BU must: Generate, Maintain & Control Evidence Level of Effort Understand the turnover from the project team and begin quarterly reviews 1st annual self testing & IAF review Initial attestation by external auditor Q1 2006 Q2 2006 Q3 2006 Q4 2006 SOX Project Handoff_kwedits.ppt
Summary SOX Project Handoff_kwedits.ppt
Attest Assess Document SOX is Built on Your Daily Work • Auditors can’t attest • Managers can’t assess …Without documentation and evidence Evidence SOX Project Handoff_kwedits.ppt
SOX404 Resources Who Can I Ask Questions of? • Managers • Project Team/Center of Excellence (COE) • Embedding Team • SOX404 Website SOX Project Handoff_kwedits.ppt
Review Objectives • Identify stages of the SOX cycle of events • Describe how SOX affects me, and roles and responsibilities • What is the project team turning over to us? • Distinguish between documentation and evidence • Identify SOX resources • Know what my next steps are in taking over the project team’s work SOX Project Handoff_kwedits.ppt
Next Steps • Attend the Maintain SOX Evidence training • Build shortcuts to the documentation and evidence repositories • Get ready for specialized training as needed for your role • Make sure you know what you need to know I went to Project Handoff, and all I got was this lousy binder SOX Project Handoff_kwedits.ppt