sarbanes-oxley section 404 how to achieve compliance

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404404

How To How To Achieve Achieve ComplianceCompliance

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404404 Who Must Comply?

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404404 What It Is...

• Transfers liability and responsibility from the corporate entity to chief officers

• Criminal prosecution for chief officers violating section 404 is a fine of as much as $5 million and imprisonment for up to 20 years

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section 404Sarbanes-Oxley section 404Measuring the Effectiveness of Internal Measuring the Effectiveness of Internal

ControlsControls

1) Management signs-off on policies, processes, people and responsibilities, verifying that systems actually exist and are

functioning effectively

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section 404Sarbanes-Oxley section 404Measuring the Effectiveness of Internal Measuring the Effectiveness of Internal

ControlsControls

1) Management signs-off on policies, processes, people and responsibilities, verifying that systems actually exist and are

functioning effectively

2) An independent auditor assesses and reports on the efficiency of internal controls and procedures

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section 404Sarbanes-Oxley section 404Measuring the Effectiveness of Internal Measuring the Effectiveness of Internal

ControlsControls

1) Management signs-off on policies, processes, people and responsibilities, verifying that systems actually exist and are

functioning effectively

2) An independent auditor assesses and reports on the efficiency of internal controls and procedures

3) CEO & CFO sign-off on the report that accompanies the 404 filing

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404 404 MisconceptionsMisconceptions

• “If my controls are deficient I can always fix the problem in the next period.”

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404 404 MisconceptionsMisconceptions

• “If my controls are deficient I can always fix the problem in the next period.”

• There's still a great deal of uncertainty over rules and standards

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404 404 MisconceptionsMisconceptions

• “If my controls are deficient I can always fix the problem in the next period.”

• There's still a great deal of uncertainty over rules and standards

• “Sarbanes is my auditor's problem, not mine.”

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404 404 MisconceptionsMisconceptions

• “If my controls are deficient I can always fix the problem in the next period.”

• There's still a great deal of uncertainty over rules and standards

• “Sarbanes is my auditor's problem, not mine.”

• “We only need to deal with the big picture; our auditors won’t be interested in the details.”

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404404Where the Systems Come In…Where the Systems Come In…

• Every system, process and related control in your organization has some dependence on your IT infrastructure

• CIO is deeply involved in compliance work

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404404Data governance and data Data governance and data stewardshipstewardship

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404404 When You Must Comply

• Process, documentation and monitoring was originally required for September 2003, but was delayed till June 2004

• Multinationals with a foot in Wall street are required to comply by June 2005

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section 404Sarbanes-Oxley section 404Why COSO ComplianceWhy COSO Compliance

• De facto evaluation criteria is COSO framework of internal control to ensure compliance with applicable laws and regulations

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404404Facilitate CertificationFacilitate Certification

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404 404 Biggest ChallengeBiggest Challenge

"The biggest problem complying with corporate governance is that you are diverting your chief executive, and you are diverting your directors, and you are diverting your senior managers, what is it you are diverting them from? Well, you are diverting them from running the company. Keeping up with the stringency expected by stakeholders and the feds while maintaining a focus on the day-to-day challenges." -Thomas d'Aquino, president and chief executive of the Canadian Council of Chief Executives

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section Sarbanes-Oxley section 404 404 Team BetaWatch Compliance Team BetaWatch Compliance ProcessProcess

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section 404Sarbanes-Oxley section 404BenefitsBenefits

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section 404Sarbanes-Oxley section 404Compliance Building BlocksCompliance Building Blocks

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Sarbanes-Oxley section 404Sarbanes-Oxley section 404Value PropositionValue Proposition

• BetaWatch is supplemental to your technology audit resources

• If you don’t have an internal audit function, we help you start

• Guarantee visibility of objectives, assessments, and corrective activities identified at each organizational level to confidently sign off knowing all

levels have conducted appropriate review, assessment, and monitoring of internal controls

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

TECHNOLOGY AUDIT SPECIALISTS

βetaWatch Inc. digital due diligence

Thank You for your time. For more information please call Temi Grafstein 1.866.638.2382 mobile 416.788.1836visit betawatch.com

Sarbanes-Oxley section 404Sarbanes-Oxley section 404Team BetaWatch International optimizes your section 404 audit effort