1 / 15

‘SOXing Up’ Business and IT Processes in a Global BPR Programme

‘SOXing Up’ Business and IT Processes in a Global BPR Programme. By Rakesh Dighe ACA, AMCT, CISA April 2007. Legacy SOX Compliance. Purpose of the Presentation. GLOBAL BPR ROLL OUT. HOW TO ENSURE CONTINUED SOX COMPLIANCE POST IMPLEMENTATION OF A GLOBAL BPR ROLL OUT AND

kalkin
Download Presentation

‘SOXing Up’ Business and IT Processes in a Global BPR Programme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ‘SOXing Up’ Business and IT Processes in a Global BPR Programme By Rakesh Dighe ACA, AMCT, CISA April 2007

  2. Legacy SOX Compliance Purpose of the Presentation GLOBAL BPR ROLL OUT HOW TO ENSURE CONTINUED SOX COMPLIANCE POST IMPLEMENTATION OF A GLOBAL BPR ROLL OUT AND LEVERAGE BENEFITS OF GLOBAL BPR FOR SOX?

  3. Introduction ‘Experience is the name everyone gives to their mistakes’ Oscar Wilde

  4. Business Context…. Before the Global BPR Roll Out: • SOX requirements had been newly introduced • Group was working hard to meet 1st year of SOX attestation • Group had already spent a great deal of time and money to ensure SOX compliance of LEGACY processes

  5. What is SOX Section404? The Public Company Accounting Reform and Investors Protection Act of 2002(The “Sarbanes Oxley” Act)

  6. …..what is SOX s404? • US legislation passed in 2002 following the Enron and WorldCom failures • Objective “to protect investors by improving the accuracy and reliability of corporate disclosures” • Imposes new legal requirements on all companies listed on US stock exchange Applicable to Client as “foreign private issuer” from end 2006

  7. Sell to Business Customer Supply Chain Management Sell To Retail Customer Procure Goods And Services Finance and Support Services People processes Global BPR Roll Out

  8. …….Global BPR Roll Out • Global SAP End-State (2012) • <10 ERPs with standard SAP configuration and data supporting global business processes • Standardised Global MI • 100-200 IT applications tightly connected to Global SAP • Current State (2004) • 158 ERPs • 120 Management Information (MI) Systems • 1200 IT applications tightly connected to ERP (out of 6000+ applications) • Multiple business processes

  9. Restructuring& Globalization Business Process Standardization Major IT Program (Global SAP) Implication of Global BPR Roll Out on SOX Compliance 2006 SOX Compliance

  10. Business Requirement ‘Global BPR Roll Out to ensure new Business and IT Processes were SOX compliant before roll out at any SOX in scope location’. OR Global BPR Roll Out would not be allowed to go-live.

  11. Global BPR Response Centralised ‘SOX Centre of Excellence’ to support the Global BPR Roll Outs • SOX Impact Assessment • Analysis of SOX-relevant Global BPR projects rolling out in SOX Sensitive Countries • SOX Design Documentation • Design, Creation and Quality-Control of SOX Controls • 3) SOX Implementations Support • Coordinate and drive implementation of SOX controls for Global BPR projects Performance standard: No SOX failures as a result of Global BPR Roll Outs

  12. Key Challenges • Identify ALL Global BPR projects with SOX impact (~1,000+) • Minimise the impact on project go-live dates • Ensure the impact on business efficiency from the controls is minimised • Ensure Global BPR controls met all Group SOX standards • Ensure the business understands and operates the controls in an effective manner. • Complete the work with minimal involvement of Global BPR team staff

  13. Project Benefits of SOX COE • Provides consistency: interpretation of standards, documentation approach, etc. • ONE GLOBALLY Defined Set of SOX Controls and commonimplementation approach to support Global BPR objectives • Reduces management strain on Global BPR project teams • Can quickly propagate improvements in methodology • Leverage central support: economies of scale • Enables robust progress monitoring and prompt issue escalation

  14. Post Implementation Optimisation Start point 1/12/05 Efficiency 3800 Shared service Automation 2400 Automated Testing Tools 1140 Total Number Of Controls And Tests 790 400 50% tests automated 140 global controls Performed once 50 regional controls 3 locations 50 local controls 10 locations 140 global controls (60%) performed once 100 local controls at 10 in-scope entities 240 controls 10 in-scope entities 380 controls 10 in-scope entities

  15. Conclusion Context of Compliance Projects: • Tight timelines set by regulators • Impact of non compliance is CRITICAL (reputation and regulatory risk) • In the early stages, definition of regulation is subjective Suggested approach to compliance projects: • Define a framework (there are no right or wrong answers) • Exercise good project management • After 1st year of attestation, seek opportunities to optimise the framework and reduce cost of compliance

More Related