SOXsmart Implementation

Throughout the compliance planning and execution phases, key milestones are regularly reviewed with your external auditor. This is critical to the success of the project.

Entity level controls and risks are addressed first. These include controls around:

• Tone at the top and corporate governance
• Code of ethics
• Financial close process, consolidation and disclosure
• Risk management policies and anti-fraud practices

Transaction level controls are documented next based on the results of the entity level control assessment as well as a comprehensive risk analysis of transactional processes. Controls include:

• Initiation, authorization, recording and reporting of transactions
• Selection of accounting policies
• Safeguarding of assets to prevent or detect material misstatements

Information Technology (IT) controls are documented based on the entity level risk assessment combined with an analysis of the systems and key automated controls that support the preparation of the financial statements. Controls include:

• IT Entity Level Controls such as strategic planning, risk management and user
  training
• IT General Computer Controls such as software acquisition and development
• Application Controls

The objectives of our approach are to ensure:

• Board, Audit Committee and Executive Team orientation
• Executive style documentation
• Distribution of ownership to the members of the Executive Team
• Training of internal resources with the goal of self-sustainment
• Auditability
• Compliance flexibility with new pronouncements and best practices