1 / 27

SOX Project Handoff

SOX Project Handoff. [Enter Business Unit Name]. Agenda. Ground Rules Introduction to SOX Cycle of Events SOX Controls Roles and Responsibilities. Admin and Ground Rules. Facilities Prizes Silence Mobile phones All contributions welcome. Objectives.

jud
Download Presentation

SOX Project Handoff

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SOX Project Handoff [Enter Business Unit Name]

  2. Agenda • Ground Rules • Introduction to SOX Cycle of Events • SOX Controls • Roles and Responsibilities SOX Project Handoff_kwedits.ppt

  3. Admin and Ground Rules • Facilities • Prizes • Silence Mobile phones • All contributions welcome SOX Project Handoff_kwedits.ppt

  4. Objectives • Identify stages of the SOX cycle of events • Describe how SOX affects my role and responsibilities • What is the project team turning over to us? • Distinguish between documentation and evidence • Identify SOX resources • Know what my next steps are in taking over the project team’s work SOX Project Handoff_kwedits.ppt

  5. Why are You Here? • Mandatory • Project team is leaving • Time for the business to receive its SOX SOX Project Handoff_kwedits.ppt

  6. Introduction to SOX Cycle of Events

  7. Annually & at change Annually Evaluate Self Test Internal Audit External Audit The SOX Cycle Each change Document Daily Generate & Maintain Evidence SOX Project Handoff_kwedits.ppt

  8. Tell me what you do What does SOX Compliance Mean? Show me how do it Proveit to me SOX Project Handoff_kwedits.ppt

  9. Shell Group SOX404 Deliverables • Flowcharts • Process & control narratives • Control Registers • Walkthroughs • Remediation actions • GreenLight • Test scripts • Testing • Recording of results • Management Assessment • External Audit testing • Executive Attestation The following slides gives some further detail on some of these deliverables SOX Project Handoff_kwedits.ppt

  10. Documentation

  11. Tell me Documentation – the Tell Me stage Map of the financial statement process linking the risks and controls Flowchart Control Register or GreenLight Control Report in Greenlight - The Shell compliance database containing a detailed description of the financial statement risk, their controls and their compliance (design & operating effectiveness) Evidence As part of ‘show-me’, it is important to be able to evidence that the control is in existence and operates effectively. Typical examples are reports, sign-off, check lists etc… Walk-through or Supporting notes Additional notes to assist the control assessment process SOX Project Handoff_kwedits.ppt

  12. Actual Control Description (ACD) Example Control Objective: “To ensure that appropriate provision is made for all bad debts” • “If needed the Claims Review Panel / Delegated authority asks confirmations/opinions from outside lawyers/experts. xxx calculates the provision needed based on GFAP/GFIM”. • “On a quarterly basis, provisions are calculated by the xxx after receiving inputs from the various focal points. If needed lawyer's /expert letter is obtained to assess the provision. <function> reviews if provisions are in compliance with GFAP/GFIM and approves total provision by signing <provision overview>”. Not Clear Clear and Meets the 5W’s and an H criteria SOX Project Handoff_kwedits.ppt

  13. Organizing Controls • Actual Control Descriptions (ACDs) • Objectives • Guidelines • The 5 Ws • Controls roll up to: • Processes • Sub-Processes SOX Project Handoff_kwedits.ppt

  14. Storing & Reporting Controls Q: What is the most current, correct source of information about controls? SOX Project Handoff_kwedits.ppt

  15. Evidence

  16. Show me Evidence – the Show Me stage • What is evidence? • Why is it important? • What do we do with it? SOX Project Handoff_kwedits.ppt

  17. Testing

  18. Testing – the Prove It stage • Self-Testing • Management Assessment • Internal/External Audit Proveit SOX Project Handoff_kwedits.ppt

  19. Roles and Responsibilities

  20. Roles & Responsibilities Control Executors (everyone) Sox Documentation LEAD Control Owners Process Owners Generate Evidence Document and Test Review and Sign-off Overall Sign-off SOX Project Handoff_kwedits.ppt

  21. I’m responsible for what? Process Owner Signs-off in Greenlight, Makes change requests, reviews walkthroughs Control Owner produces walkthroughs, monitors for triggers, assists with testing process, approves documentation SOX Documentation Lead monitors for triggers, creates, updates, and maintains process flows, narratives, and procedures; performs testing Control Executor perform the control and generates evidence SOX Project Handoff_kwedits.ppt

  22. Taking Over the Work BU must: Generate, Maintain & Control Evidence Level of Effort Understand the turnover from the project team and begin quarterly reviews 1st annual self testing & IAF review Initial attestation by external auditor Q1 2006 Q2 2006 Q3 2006 Q4 2006 SOX Project Handoff_kwedits.ppt

  23. Summary SOX Project Handoff_kwedits.ppt

  24. Attest Assess Document SOX is Built on Your Daily Work • Auditors can’t attest • Managers can’t assess …Without documentation and evidence Evidence SOX Project Handoff_kwedits.ppt

  25. SOX404 Resources Who Can I Ask Questions of? • Managers • Project Team/Center of Excellence (COE) • Embedding Team • SOX404 Website SOX Project Handoff_kwedits.ppt

  26. Review Objectives • Identify stages of the SOX cycle of events • Describe how SOX affects me, and roles and responsibilities • What is the project team turning over to us? • Distinguish between documentation and evidence • Identify SOX resources • Know what my next steps are in taking over the project team’s work SOX Project Handoff_kwedits.ppt

  27. Next Steps • Attend the Maintain SOX Evidence training • Build shortcuts to the documentation and evidence repositories • Get ready for specialized training as needed for your role • Make sure you know what you need to know I went to Project Handoff, and all I got was this lousy binder SOX Project Handoff_kwedits.ppt

More Related