• Products
    • Demos
    • TaskMap Standard
    • TaskMap Pro
    • Capture for Excel
    • TaskMap Central
    • Upgrade
  • Downloads
    • Trials
    • Templates
    • Free Role List
  • Training
    • Self-paced Tutorials
    • Online Seminars
    • Calendar
  • Solutions
    • ITIL Suite
    • SOX Expert Suite
    • SPM Roadmap
    • Consulting
    • Process Conversion
    • Process Templates
  • BPM Blog
    • Process Mapping
    • Process Discovery
    • Process Analysis
    • Improvement
    • Change Management
    • Articles
  • Support
    • Product Support
    • TaskMap
    • FAQ's
    • Contact
    • Self-Paced Tutorials
  • About
    • Contact
    • Partners & Resellers
    • Background

  • About the BPM Blog
  • BPM Blog Sitemap

BPM Blog

BPM made simpler

« Before you start your SOX process it is important to plan
Weekly Summary for BPM Blog 22nd July 2011 »

Before You Start Your Sox Process Perform A Detailed Risk Assessment To Focus Your Efforts To Reduce Time And Cost

Jul 21st, 2011 by TaskMap

SOX_expert_box_207x226Prior to starting your SOX compliance efforts, you should perform a detailed risk assessment to focus management’s evaluation and assessment efforts on those areas that could result in a material misstatement in the financial statements.

We suggest that the risk assessment process should include:

(1) Establish Materiality: Establishing materiality to conclude whether deficiencies identified in an audit of internal control over financial reporting constitute a material weakness.

(2) Risk Rate Accounts: Risk rate significant accounts and disclosures based on materiality. The assessment should be both qualitative (e.g., susceptibility of loss due to errors or fraud) and quantitative in nature and should be performed by management with the assistance of outside consultants, if needed, to:

a. Identify locations that are in scope based on evaluation of materiality. Factors to consider include key financial measures, risk factors, key measures that investors might be interested in; and any other key measures of importance.

b. Identify relevant processes based on materiality and specific financial statement assertions.

c. Link risks to financial statement assertions.

d. Link significant accounts to significant processes and major classes of transactions. Confirm that relevant financial reporting risks (including fraud and general computer controls (“GCCs”)) are identified, and risk-rate control objectives.

(3) Leverage IT GCCs: Approach should identify relevant IT applications and platforms; identify GCC areas and confirm relevance and risk-rating of GCC control objectives; determine relevance to financial reporting objectives and risk-rating of associated significant transactions; and finally, remove non-relevant IT applications and platforms, control objectives and unnecessary controls.

(4) Assess Risks: Assess potential magnitude and likelihood of risks and rationalize the controls to be tested

a. Reduced the population of controls to be tested without compromising appropriate coverage of all relevant assertions

b. Determine the extent of testing at the significant account level based on the rationalized controls.

See more about SOX-Expert TaskMap Edition here

Dan Anderton is a partner at SOX Experts LLC and our guest blogger today.

For more information contact Dan at 203-894-1992 or at danderton@sox-expert.com

Tags: assessment efforts, compliance efforts, computer controls, control objectives, deficiencies, disclosures, financial measures, financial statement assertions, general computer, internal control over financial reporting, material misstatement, material weakness, rate accounts, relevant processes, risk assessment, risk factors, sox compliance

Posted in Compliance

Leave a Reply

Click here to cancel reply.

  • Archives

    • March 2012 (1)
    • February 2012 (3)
    • January 2012 (4)
    • December 2011 (11)
    • November 2011 (16)
    • October 2011 (17)
    • September 2011 (20)
    • August 2011 (21)
    • July 2011 (21)
    • June 2011 (22)
    • May 2011 (22)
    • April 2011 (23)
    • March 2011 (26)
    • February 2011 (28)
    • January 2011 (31)
    • December 2010 (31)
    • November 2010 (20)
  • Recent Posts

    • Business Process Modeling
    • Education
    • The issue of organizational culture
    • A VERY SHORT HISTORY OF PROCESSES
    • Process Dashboards: Identifying and flagging risk levels
    • Process Dashboards: Analyzing timeframes
    • THE CASE FOR PROCESS DASHBOARDS
    • Is 2012 the year that version control finally takes hold?
    • How to listen carefully to your team–Reflective listening skills overview (Part 8)
    • How to listen carefully to your team–Reflective listening skills overview (Part 7)
    • How to listen carefully to your team–Reflective listening skills overview (Part 6)
    • How to listen carefully to your team–Reflective listening skills overview (Part 5)
    • How to listen carefully to your team–Reflective listening skills overview (Part 4)
    • How to listen carefully to your team–Reflective listening skills overview (Part 3)
    • How to listen carefully to your team–Reflective listening skills overview (Part 2)
    • How to listen carefully to your team–Reflective listening (Part 1)
    • TaskMap Update: version 4.0.5
    • BPM BLOG Summary for week ending 2 December 2011
    • The Tutorials are coming … the tutorials are coming
    • The psychology of spending and how it can help BPM ;-)
    • Happy Thanksgiving
    • BPM Blog–The need to refine
    • Processes as instruction tools
    • BPM Blog Weekly summary 11.18.2011 with video blog
    • Project and Processes (responses to the questions)
    • Projects and processes
    • Thinking things through
    • Happy 11.11.11 and BPM Blog summary
    • TaskMap Automated tutorial: TaskMap Capture for Excel
    • Customizing fields in TaskMap 4 Professional
    • Prioritization in your life
    • The need to refine
    • Happy Anniversary BPM Blog: A good first milestone
    • Training the trainers
    • Power
    • BPM Blog summary for week ending 28 October 2011
    • Customized process mapping
    • Agile methodology: The case for a blended Agile
    • Additional displays: Are they worth the money?
    • BPM Blog summary week ending 21 October 2011
    • Thoughts matter: How thoughts affect our actions in everyday life
    • BPM Summary of automated tutorials on the TaskMap menu
    • Automated tutorial—Save as process folder
    • Automated tutorial—Task Links and how to use them
    • Automated tutorial for Task Details
    • TaskMap Tutorial—Save as PowerPoint
    • Check my TaskMap
    • BPM Blog summary week ending 7 October 2011
    • Renumbering Tasks in TaskMap
    • Customizing roles names in TaskMap
    • Adding tasks to a Page–add task to page Dialog
    • How to add tasks to pages using the auto connect feature in TaskMap
    • BPM Blog Summary Week ending 30 September 2011
    • Towards Perfection
    • BPM in the Legal Profession
    • BPM BLOG SITE MAP
    • Rigor and our business processes
    • BPM Summary Week ending 23 September 2011. The Case for a Blended Agile
    • The Case for a Blended Agile: Part 4-Agile Stepping Stones Approach
    • The Case for a Blended Agile: Part 3-What a blended approach looks like
  • RSS Get the BPM RSS feed

  • Posts by category

    • Change Management
    • Compliance
    • Law Processes
    • Legal processes
    • Org Charts in Visio
    • Process Analysis
    • Process Discovery
    • Process Improvement
    • Process Mapping
    • Project Management
    • Uncategorized
  • Tags

    best practices bpm budget business analyst business process category change change management computing group dashboard decisions discovery discovery phase efficiency flowchart flowcharts goals and objectives governance harvard job management change management project map methodology mike cunningham milestones personality process documentation process improvement process mapping process maps project management project managers quality standards return on investment risk role names sox compliance target task library team members technorati time and money timeframe Visio willingness

Home • Products • Downloads • Templates • BPM Blog • Training • Contact Us • SiteMap

Copyright © Harvard Computing Group, Inc., 1994-2011. All Rights Reserved. TaskMap is a registered TradeMark of Harvard Computing Group.
Harvard Computing Group, 225 Cedar Hill Street, Suite 200, Marlborough, MA, 01752, USA Tel: 978-800-4590