Scribd Logo
Hochladen

Willkommen bei Scribd!

  • SOX Compliance Presentation

    Hochgeladen von

    Amu Dha
    143 Ansichten22 Seiten
    SOX compliance requires establishing controls to ensure accurate financial reporting and accountability. It was passed in response to accounting scandals and covers topics like auditing requirements, corporate governance, and financial disclosure. Non-compliance can result in fines or imprisonment. Key aspects of compliance include policies, frameworks, change management, logging, and operationalizing information to connect internal changes to strategic objectives.

    Originalbeschreibung:

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PPT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    SOX compliance requires establishing controls to ensure accurate financial reporting and accountability. It was passed in response to accounting scandals and covers topics like auditing requirements, corporate governance, and financial disclosure. Non-compliance can result in fines or imprisonment. Key aspects of compliance include policies, frameworks, change management, logging, and operationalizing information to connect internal changes to strategic objectives.

    Copyright:

    © All Rights Reserved
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    143 Ansichten22 Seiten

    SOX Compliance Presentation

    Hochgeladen von

    Amu Dha
    SOX compliance requires establishing controls to ensure accurate financial reporting and accountability. It was passed in response to accounting scandals and covers topics like auditing requirements, corporate governance, and financial disclosure. Non-compliance can result in fines or imprisonment. Key aspects of compliance include policies, frameworks, change management, logging, and operationalizing information to connect internal changes to strategic objectives.

    Copyright:

    © All Rights Reserved
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 22

    SOX Compliance

    Don’t fight what can help you


    Skye L. Rogers
     9 Years experience working in Systems &
    Operations in various roles.
     4 years focusing on SOX related tasks.
     Currently working with TransCore.
     Skye is not an attorney or an auditor.
    TransCore

     Approaching 70 years
    in the transportation Operations
    Management
    industry
     Installations and Rail-Intermodal
    Track and Trace Fleet
    products in 46 countries Management
    around the world
     Key technologies:

    RFID, wireless
    communications, GPS,
    web-based information Financial
    Services Compliance
    systems Services

    Freight Matching
    What is SOX?
     SOX provides the foundation for new corporate
    governance rules, regulations & standards issued by the
    Securities and Exchange Commission. It covers a range of
    topics from criminal penalties to Corporate Board
    responsibilities. SOX also covers issues such as
    independent auditing requirements, corporate
    governance, internal control assessment, and enhanced
    financial disclosure. 
     CEO’s of publicly traded companies will be held
    accountable for the quality of the controls established
    which enable accurate Financial reporting (including IT
    processes, systems & roles).
    Penalties
     Section 802(a) of the SOX states: “ Whoever knowingly
    alters, destroys, mutilates, conceals, covers up, falsifies,
    or makes a false entry in any record, document, or
    tangible object with the intent to impede, obstruct, or
    influence the investigation or proper administration of
    any matter within the jurisdiction of any department or
    agency of the United States or any case filed under title
    11, or in relation to or contemplation of any such matter
    or case, shall be fined under this title, imprisoned not
    more than 20 years, or both.”
    What prompted SOX?

     Sarbanes-Oxley was
    passed in the wake of
    a number of notable
    corporate accounting
    scandals including
    Enron and
    WorldCom. 
    SOX on the horizon?
     The primary thing to
    remember is that SOX
    is about mitigating
    the risk of fraud,
    financial transparency
    and process control.
    This will change how
    you do things but that
    does not have to be a
    bad thing.
    A hint on policies.
     Bear in mind that you will be held to the letter of
    all policies your company develops related to
    SOX even if they exceed federal requirements.
    This is very important to remember when
    drafting policies.

     Policies should ensure that corporate behavior is


    consistent, controlled, and can be proven.
    A word on Frameworks
    There are many
    frameworks out there
    to assist you with SOX
    compliance. The key
    is to find a framework
    that works for your
    team, commit to it,
    train on it, and use it
    to your best possible
    advantage.
    Examples of COBIT Controls
     Network Security –
    Firewalls, secure network
    configuration including
    802.11x

     Virus Protection –anti-


    virus and anti-spyware
    updated regularly
    Examples of COBIT Controls
     Backups & Restore –
    Regularly tested
    procedures

     IT Continuity –
    Disaster Recovery
    Procedures
    Examples of COBIT Controls
     Files Access Privilege
    Controls
     Identity Management
    – password
    strength/age and
    access. Who has
    access and is that
    appropriate now?
    Examples of COBIT Controls
     Risk Evaluation
    Programs – Risk
    Assessment and
    internal auditing.
     Employee IT
    Security Training –
    Training of end users
    related to utilization
    of resources.
    Examples of COBIT Controls

     Management support/buy in – Executive level


    oversight of projects related to IT.

     IT as part of strategic planning – The business


    must be supported by technologies.
    Change Management
    (Skye’s favorite)
    Standardized change control is a great place to
    find fast rewards in pursuit of compliance.
     Change Approval
     Change Categorization
     Change Documentation
     Change Prioritization
     Formal Request for Change Process
     A body of subject matter experts that oversee
    change.
    Consistent Logging

     Change Management
     Configuration Mgmt.
     Event Management
     Incident Management
     Knowledge Mgmt.
     Problem Management
    “Operationalize” information.
     Connect the internal changes needed with the
    strategic objectives of the company.
     Illustrate that real-time information flow
    enhances your organization’s ability to make
    decisions while making compliance easier.
     Point out the significance of new activities that
    may seem mundane or inconsequential. This will
    help actions taken by staff at every level feel
    more relevant and less painful.
    Remember W. Edward Deming?

    SOX Compliance is
    not a fix it and forget
    it endeavor. As
    companies and the
    ecosystems that
    support them change
    new compliance
    quandaries will
    come up.
    Wait, how can SOX help me?
     Perspectives on operational control, consistency,
    and quality take on a whole different meaning
    once they have a clear relationship to fiduciary
    responsibility.

     It is amazing how different the conversation


    about project prioritization becomes once
    executive management are offered the
    opportunity to make decisions guiding it.
    Questions?
    This is assuming that we have time
    for any.
    FIN
    Thank you very much for your kind
    attention.

    Das könnte Ihnen auch gefallen