sarbanes-oxley section 404 how to achieve compliance
TRANSCRIPT
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404404
How To How To Achieve Achieve ComplianceCompliance
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404404 Who Must Comply?
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404404 What It Is...
• Transfers liability and responsibility from the corporate entity to chief officers
• Criminal prosecution for chief officers violating section 404 is a fine of as much as $5 million and imprisonment for up to 20 years
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section 404Sarbanes-Oxley section 404Measuring the Effectiveness of Internal Measuring the Effectiveness of Internal
ControlsControls
1) Management signs-off on policies, processes, people and responsibilities, verifying that systems actually exist and are
functioning effectively
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section 404Sarbanes-Oxley section 404Measuring the Effectiveness of Internal Measuring the Effectiveness of Internal
ControlsControls
1) Management signs-off on policies, processes, people and responsibilities, verifying that systems actually exist and are
functioning effectively
2) An independent auditor assesses and reports on the efficiency of internal controls and procedures
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section 404Sarbanes-Oxley section 404Measuring the Effectiveness of Internal Measuring the Effectiveness of Internal
ControlsControls
1) Management signs-off on policies, processes, people and responsibilities, verifying that systems actually exist and are
functioning effectively
2) An independent auditor assesses and reports on the efficiency of internal controls and procedures
3) CEO & CFO sign-off on the report that accompanies the 404 filing
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404 404 MisconceptionsMisconceptions
• “If my controls are deficient I can always fix the problem in the next period.”
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404 404 MisconceptionsMisconceptions
• “If my controls are deficient I can always fix the problem in the next period.”
• There's still a great deal of uncertainty over rules and standards
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404 404 MisconceptionsMisconceptions
• “If my controls are deficient I can always fix the problem in the next period.”
• There's still a great deal of uncertainty over rules and standards
• “Sarbanes is my auditor's problem, not mine.”
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404 404 MisconceptionsMisconceptions
• “If my controls are deficient I can always fix the problem in the next period.”
• There's still a great deal of uncertainty over rules and standards
• “Sarbanes is my auditor's problem, not mine.”
• “We only need to deal with the big picture; our auditors won’t be interested in the details.”
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404404Where the Systems Come In…Where the Systems Come In…
• Every system, process and related control in your organization has some dependence on your IT infrastructure
• CIO is deeply involved in compliance work
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404404Data governance and data Data governance and data stewardshipstewardship
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404404 When You Must Comply
• Process, documentation and monitoring was originally required for September 2003, but was delayed till June 2004
• Multinationals with a foot in Wall street are required to comply by June 2005
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section 404Sarbanes-Oxley section 404Why COSO ComplianceWhy COSO Compliance
• De facto evaluation criteria is COSO framework of internal control to ensure compliance with applicable laws and regulations
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404404Facilitate CertificationFacilitate Certification
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404 404 Biggest ChallengeBiggest Challenge
"The biggest problem complying with corporate governance is that you are diverting your chief executive, and you are diverting your directors, and you are diverting your senior managers, what is it you are diverting them from? Well, you are diverting them from running the company. Keeping up with the stringency expected by stakeholders and the feds while maintaining a focus on the day-to-day challenges." -Thomas d'Aquino, president and chief executive of the Canadian Council of Chief Executives
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section Sarbanes-Oxley section 404 404 Team BetaWatch Compliance Team BetaWatch Compliance ProcessProcess
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section 404Sarbanes-Oxley section 404BenefitsBenefits
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section 404Sarbanes-Oxley section 404Compliance Building BlocksCompliance Building Blocks
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Sarbanes-Oxley section 404Sarbanes-Oxley section 404Value PropositionValue Proposition
• BetaWatch is supplemental to your technology audit resources
• If you don’t have an internal audit function, we help you start
• Guarantee visibility of objectives, assessments, and corrective activities identified at each organizational level to confidently sign off knowing all
levels have conducted appropriate review, assessment, and monitoring of internal controls
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
TECHNOLOGY AUDIT SPECIALISTS
βetaWatch Inc. digital due diligence
Thank You for your time. For more information please call Temi Grafstein 1.866.638.2382 mobile 416.788.1836visit betawatch.com
Sarbanes-Oxley section 404Sarbanes-Oxley section 404Team BetaWatch International optimizes your section 404 audit effort