• Products
    • Demos
    • TaskMap Standard
    • TaskMap Pro
    • Capture for Excel
    • TaskMap Central
    • Upgrade
  • Downloads
    • Trials
    • Templates
    • Free Role List
  • Training
    • Self-paced Tutorials
    • Online Seminars
    • Calendar
  • Solutions
    • ITIL Suite
    • SOX Expert Suite
    • SPM Roadmap
    • Consulting
    • Process Conversion
    • Process Templates
  • BPM Blog
    • Process Mapping
    • Process Discovery
    • Process Analysis
    • Improvement
    • Change Management
    • Articles
  • Support
    • Product Support
    • TaskMap
    • FAQ's
    • Contact
    • Self-Paced Tutorials
  • About
    • Contact
    • Partners & Resellers
    • Background

  • About the BPM Blog
  • BPM Blog Sitemap

BPM Blog

BPM made simpler

« Setting Goals 101
Before You Start Your Sox Process Perform A Detailed Risk Assessment To Focus Your Efforts To Reduce Time And Cost »

Before you start your SOX process it is important to plan

Jul 20th, 2011 by TaskMap

SOX_expert_box_207x226

Planning is an extremely important part of your SOX compliance process. Not only will it help you plan out the path ahead, but it becomes a valuable starting place for discussing the project with your auditors and audit committee. The planning process is a valuable time to form consensus, formalize the compliance plan and define responsibilities. Any differences of opinion should be resolved at this stage.

We recommend a plan which encompasses, at a minimum, the following areas:

Staffing: Define who is responsible for an area of compliance and plan feedback and communication with members of the team, audit committee and external auditors. Take some time to consider how you will staff this project. In order to successfully complete this project you will need both knowledge and capacity. Ultimately, there is no one best way to staff this project. Each method (Outsourcing, co-sourcing, direct hire or existing staff) has its positives and negatives. The key is to find the one that best fits your company’s needs.

Timing: Divide the task into key deliverables and plan a schedule for implementation. You will want to have the maximum amount of time to complete the project; however, if you take too long there will be little time to rectify any deficiencies identified. Consult with your outside auditors to determine the minimum period that a control must be in effect before you can begin testing. If that period is two months for example, you will not be able to begin testing until the third month.

A basic compliance process that will work for many companies is:

  • First two months – Organize, launch, document and identify Financial Reporting risks
  • Third to sixth month – Identify controls that adequately address Financial Reporting risks and evaluate evidence of the operating effectiveness of Internal Control Over Financial Reporting
  • Seventh to ninth month – Remediate control in need of remediation and re‐test
  • Tenth and eleventh month – Conclude and report

Framework: Select a recognized framework to construct your testing plans and ongoing compliance tasks. Do yourself a favor, choose the COSO framework. While the final rules do not prescribe which framework to use, the COSO framework is the best known. If you use a different framework you will need to thoroughly research what is required by that framework.

Identify important business cycles: Define business cycles (e.g. Financial Close Reporting, Order to Cash, Purchase to Pay, Inventory Management, etc.) and correlate each cycle to components of the financial statements. One of the most important things you must accomplish in the planning phase is to select your business cycles. To select your cycles, begin by describing a list of potential cycles. Make sure that every line item in the balance sheet & income statement would fall under one of the cycles. Next look at the disclosures, make sure you know which cycle would include each of the significant disclosures. Remember that you are testing controls over financial reporting; therefore you want to make sure you cover all items that are material enough to be presented in your financials.

Assess control environment: Examine risk‐tolerance and anticipated impact for a control failure on a company‐wide level. Once you have considered the impact, you will want to determine the company’s overall risk level. The higher the risk in the control environment, the tighter your internal controls should be and the higher the level of testing.

Plan for testing: Define the testing level (e.g. number of selections, rotation plan, handling test failures, etc.) and define a consistent testing methodology. You should lay out a methodology of how you intend to test your controls. The end goal of your test plan methodology is to provide a “Reasonable assurance” that the controls over financial reporting are effective.

See more about SOX-Expert TaskMap Edition here 

Dan Anderton is a partner at SOX Experts LLC and our guest blogger today.

For more information contact us at 203-894-1992 or at danderton@sox-expert.com

Tags: amount of time, audit committee, compliance plan, consensus, deficiencies, external auditors, implementation, little time, minimum period, sox compliance, style background, team audit

Posted in Compliance

Leave a Reply

Click here to cancel reply.

  • Archives

    • March 2012 (1)
    • February 2012 (3)
    • January 2012 (4)
    • December 2011 (11)
    • November 2011 (16)
    • October 2011 (17)
    • September 2011 (20)
    • August 2011 (21)
    • July 2011 (21)
    • June 2011 (22)
    • May 2011 (22)
    • April 2011 (23)
    • March 2011 (26)
    • February 2011 (28)
    • January 2011 (31)
    • December 2010 (31)
    • November 2010 (20)
  • Recent Posts

    • Business Process Modeling
    • Education
    • The issue of organizational culture
    • A VERY SHORT HISTORY OF PROCESSES
    • Process Dashboards: Identifying and flagging risk levels
    • Process Dashboards: Analyzing timeframes
    • THE CASE FOR PROCESS DASHBOARDS
    • Is 2012 the year that version control finally takes hold?
    • How to listen carefully to your team–Reflective listening skills overview (Part 8)
    • How to listen carefully to your team–Reflective listening skills overview (Part 7)
    • How to listen carefully to your team–Reflective listening skills overview (Part 6)
    • How to listen carefully to your team–Reflective listening skills overview (Part 5)
    • How to listen carefully to your team–Reflective listening skills overview (Part 4)
    • How to listen carefully to your team–Reflective listening skills overview (Part 3)
    • How to listen carefully to your team–Reflective listening skills overview (Part 2)
    • How to listen carefully to your team–Reflective listening (Part 1)
    • TaskMap Update: version 4.0.5
    • BPM BLOG Summary for week ending 2 December 2011
    • The Tutorials are coming … the tutorials are coming
    • The psychology of spending and how it can help BPM ;-)
    • Happy Thanksgiving
    • BPM Blog–The need to refine
    • Processes as instruction tools
    • BPM Blog Weekly summary 11.18.2011 with video blog
    • Project and Processes (responses to the questions)
    • Projects and processes
    • Thinking things through
    • Happy 11.11.11 and BPM Blog summary
    • TaskMap Automated tutorial: TaskMap Capture for Excel
    • Customizing fields in TaskMap 4 Professional
    • Prioritization in your life
    • The need to refine
    • Happy Anniversary BPM Blog: A good first milestone
    • Training the trainers
    • Power
    • BPM Blog summary for week ending 28 October 2011
    • Customized process mapping
    • Agile methodology: The case for a blended Agile
    • Additional displays: Are they worth the money?
    • BPM Blog summary week ending 21 October 2011
    • Thoughts matter: How thoughts affect our actions in everyday life
    • BPM Summary of automated tutorials on the TaskMap menu
    • Automated tutorial—Save as process folder
    • Automated tutorial—Task Links and how to use them
    • Automated tutorial for Task Details
    • TaskMap Tutorial—Save as PowerPoint
    • Check my TaskMap
    • BPM Blog summary week ending 7 October 2011
    • Renumbering Tasks in TaskMap
    • Customizing roles names in TaskMap
    • Adding tasks to a Page–add task to page Dialog
    • How to add tasks to pages using the auto connect feature in TaskMap
    • BPM Blog Summary Week ending 30 September 2011
    • Towards Perfection
    • BPM in the Legal Profession
    • BPM BLOG SITE MAP
    • Rigor and our business processes
    • BPM Summary Week ending 23 September 2011. The Case for a Blended Agile
    • The Case for a Blended Agile: Part 4-Agile Stepping Stones Approach
    • The Case for a Blended Agile: Part 3-What a blended approach looks like
  • RSS Get the BPM RSS feed

  • Posts by category

    • Change Management
    • Compliance
    • Law Processes
    • Legal processes
    • Org Charts in Visio
    • Process Analysis
    • Process Discovery
    • Process Improvement
    • Process Mapping
    • Project Management
    • Uncategorized
  • Tags

    best practices bpm budget business analyst business process category change change management computing group dashboard decisions discovery discovery phase efficiency flowchart flowcharts goals and objectives governance harvard job management change management project map methodology mike cunningham milestones personality process documentation process improvement process mapping process maps project management project managers quality standards return on investment risk role names sox compliance target task library team members technorati time and money timeframe Visio willingness

Home • Products • Downloads • Templates • BPM Blog • Training • Contact Us • SiteMap

Copyright © Harvard Computing Group, Inc., 1994-2011. All Rights Reserved. TaskMap is a registered TradeMark of Harvard Computing Group.
Harvard Computing Group, 225 Cedar Hill Street, Suite 200, Marlborough, MA, 01752, USA Tel: 978-800-4590