procognis sox 404 coso implementation presentation l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
ProCognis SOX 404 & COSO Implementation Presentation PowerPoint Presentation
Download Presentation
ProCognis SOX 404 & COSO Implementation Presentation

Loading in 2 Seconds...

play fullscreen
1 / 18

ProCognis SOX 404 & COSO Implementation Presentation - PowerPoint PPT Presentation


  • 596 Views
  • Uploaded on

ProCognis SOX 404 & COSO Implementation Presentation. July 2006. © 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com. SOX Implementation Background. Sarbanes-Oxley law (SOX) became law following a number of high-profile accounting scandals

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'ProCognis SOX 404 & COSO Implementation Presentation' - jenski


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
procognis sox 404 coso implementation presentation

ProCognis SOX 404 & COSO Implementation Presentation

July 2006

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox implementation background
SOX Implementation Background
  • Sarbanes-Oxley law (SOX) became law following a number of high-profile accounting scandals
  • SOX Requires Management to Certify (SOX 302) and Assess (SOX 404) Internal Controls over Financial Reporting
  • Certification means that Management must take responsibility over the existence and effectiveness of their company’s financial controls
  • Assessment means that Management must document and verify that the certified controls are effective.

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

coso framework
COSO Framework
  • SOX requires selection of a framework, however it does not mandate a specific framework
  • COSO is the most frequently used framework
  • COSO was developed to provide a framework to evaluate internal controls
  • COSO requires that management assess risks to the reliability of financial reporting
  • Control activities are then implemented to mitigate identified risks

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

procognis sox tools methodology
ProCognis SOX Tools & Methodology
  • Developed specifically for SOX 404 compliance from customer input
  • Based on the COSO framework
  • Uses a Top-down, Risk-based approach
  • Flexible and configurable to meet a variety of customer needs

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox steps to compliance
SOX Steps to Compliance
  • PlanningFirst steps to get you ready to begin the compliance process
  • DocumentationCommunicate the systems, cycles and risks along with mitigating controls to involved parties
  • Evaluation & RemediationTesting of actual controls and validating control effectiveness; Remediation will be required for controls that failed testing
  • Reporting of ResultsCommunicate results of testing and begin planning for next compliance activities

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox planning overview
SOX Planning Overview
  • Planning Key Items:Enter company information & Identify systemsEvaluate the overall control environmentMap systems to financial statement assertions & edit and print the planning templates
  • Gather necessary internal documentation and prepare staff for compliance

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox planning details
SOX Planning Details
  • Company information is gathered and a scoring system is used to determine the appropriate testing level
  • Testing level may be over-ridden for specific tests
  • Testing level plus Risk-scoring allows the user to define a minimum level of testing for all risks/controls

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox documentation overview
SOX Documentation Overview
  • Obtain a basic understanding of each system & Identify system steps (sometimes called cycles or processes)
  • Consider inherent risks and evaluate their impact & determine if mitigating controls exist

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox documentation detail
SOX Documentation Detail
  • Financial Statement Correlation important to ensure that there are no gaps in coverage
  • Checkboxes are provided to correlate systems to Financial Controls
  • Financial Statement mapping is key to implementing the Top-down approach

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox documentation of systems
SOX Documentation of Systems
  • Systems are defined to categorize the risks and associated controls
  • Systems have Steps (actions that are performed as a part of operation of the System)
  • Each Step has risks and each risk should have one or more controls; starting with risks defines the Risk-based approach
  • The systems are tracked and the status of the testing is reported for each system

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox evaluation testing overview
SOX Evaluation/Testing Overview
  • Design test plan for each Risk/Control
  • Define population and select sample to test (sample created automatically to select items for testing)
  • Software provides tools to select statistically valid sample using consistent methodology

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox evaluation testing risk scoring
SOX Evaluation/Testing Risk-Scoring
  • Risks may be Likely (high probability of occurring) or Significant (very material or damaging) or both
  • Risk-scoring allows a numerical scale to quantify the relative Likelihood and Significance of each Risk
  • High Likelihood & Significant risks are given a larger test sample size to improve confidence
  • Risks that are not likely or significant may use a smaller risk scoring to reduce unnecessary testing

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox evaluation testing details
SOX Evaluation/Testing Details
  • Documentation of test results is important to validate conclusion
  • If a failure is found, the user must select the status of the testing procedure
  • If the test is considered a failure, remediation will be required
  • Software provides tools to automate the remediation and to track testing status

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox remediation and retest details
SOX Remediation and Retest Details
  • Remediation is a retest of a failed test procedure
  • Remediation will be tracked as a new test for the same risk/control
  • Software provides tools to track remediation testing status

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox reporting overview
SOX Reporting Overview
  • Use final checklist to track progress
  • Evaluate remaining failures and determine if material weakness(es) exists
  • Based on results select sample language for financial reports
  • Compile documentation and preserve testing details

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox reporting details
SOX Reporting Details
  • Final Checklist contains the key details that tracks compliance status and remaining tasks
  • Disclosure of Deficiencies and/or Material weaknesses will result in additional testing and control re-design
  • Software helps track compliance to identify problem areas prior to disclosing weaknesses or deficiencies

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

sox next steps
SOX Next Steps
  • Following the procedure as defined in the Planning & Documentation phases, the compliance process will require Auditor sign-off and validation
  • After the Auditors have validated SOX compliance, planning will begin for the next year’s efforts
  • Lessons learned will be preserved to save time in the future

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com

conclusions
Conclusions
  • SOX compliance is a lengthy and involved process
  • The end result is a simple conclusion based upon a vast amount of testing and validation of risks and controls by both Management and the Outside Auditor
  • Software can significantly improve efficiency and quality of the compliance process and reduce unnecessary effort
  • Compliance will not be a single year effort; the first year will require the most work but the requirement to comply will not diminish
  • With good planning and implementation, the end result of compliance will be a higher level of confidence in the financial results

© 2006, ProCognis, Inc. All Rights Reserved - http://www.procognis.com