Title: Capitalizing on Compliance: What Sarbanes-Oxley Tells Us About Managing Our Compliance Efforts
1Capitalizing on Compliance What Sarbanes-Oxley
Tells Us About Managing Our Compliance Efforts
- New Jersey IIA Chapter Software Expo
- Fairfield, NJ, May 1-2, 2006
- Presented by Cintra Olson, CIA, MSPM
- CODA Financials, Inc.
2Todays Agenda
- CODA Financials, Inc. Who We Are, What We Do
- Theres More to Life than Sarbanes
- Lessons Learned - Year One Year Two
- Applying Lessons Learned to Other Compliance
Efforts - Focusing on the Right Controls
- Self-Assessment and Monitoring
- Next Generation Risk Management Compliance
- Understanding Detective versus Preventive
Controls - Automating Controls
- Automating the Compliance Function
- Conclusions and Questions
3CODA Financials, Inc. Who We Are
- Founded in the UK in 1979 to provide financial
intelligence to organizations globally - Established in the USA and Canada since 1988,
helping finance departments solve complex
problems stemming from issues of scale,
reliability and performance - Over 550 employees around the world (North
America, Europe and Asia/Pacific) - Globally, over 2500 Medium and Large
organizational customers in industries such as
insurance, shipping, transportation and
logistics, retail, banking and finance,
professional services and the public sector. - Customers in the US and Canada number more than
250, and include such names as Booz-Allen
Hamilton, Central Ohio Transport Authority, Maher
Terminals, Texas Pacific Group, Lin TV and
Pan-American Life Insurance
4CODA Financials, Inc. What We Do
- Product offerings that help drive more effective
performance - Focus on organically developed systems to target
client needs - Enable finance and compliance functions to
support strategic change
5The CODA-Control Suite
- CODA-Control Architect
- Provides the Control Solutions methodology and
COSO framework to identify and manage control
selection and testing. - Developing methodologies in response to Basel II,
HIPAA, FDICIA and others - CODA-Control Assessor
- Streamlines overall assessment, remediation and
certification processes and brings information
and activities together - CODA-Control Manager
- Flexible and dynamic captures activities,
controls and support documents as they happen - Facilitates enterprise risk management
- Provides the ability to sign off at multiple
levels of control execution and review
6Theres More to Life than Sarbanes
Compliance requirements cover a number of
different areas, and encompass various current
and targeted types of legislation, including (but
not limited to)
7Lessons Learned Year One Year Two
- Were Spending Too Much Money
- Were Spending Too Much Time
- Too Many Manual Controls
- Too Many Detective Controls
- Inconsistent Execution of Compliance Efforts
- Untimely and Disjointed Information
- Drawing Internal Audit away from Other Priorities
8Applying Lessons Learned to Other Compliance
Efforts
- Focus on key controls/activities supporting
compliance - Standardize and simplify to
- Reduce compliance costs
- Improve quality
- Move from manual to automated compliance
activities - Move from detective to preventive compliance
activities - Manage process and testing documentation both to
support compliance efforts, and to facilitate
external reviews - Move responsibility to those executing compliance
activities - Facilitate Internal/External Audit needs to
manage costs - These steps can be facilitated by the use of a
flexible compliance technology tool designed with
these goals in mind
9Focusing on the Right Controls
- Identify those compliance activities that best
support compliance objectives - Privacy of information
- Environmental protection
- Financial standards of reporting
- Food or drug testing protocols
- Labor Laws
- Look for activities that provide maximum coverage
of related exposures - Financial assertions
- Regulatory approvals
- Industry standards
- Provide consistent directives to testing teams to
ensure content and execution requirements are met
10CODA-Control Architect Focus on Controls
11Self-Assessment and Monitoring
- Steps that lead to effective self-assessment and
monitoring efforts - Build consistency in information provided to
teams - Capture and control the flow of information
- Ensure key action items/remediation steps are
completed - Capture and link to supporting documentation
- Allow visibility to oversight groups (externals,
IAD, regulatory monitoring groups) - Capture high-level certifications on processes
12Next Generation Risk Management Compliance
- Identify those processes that most critically
support risk management and compliance efforts - Evaluate detective versus proventive controls
- Evaluate manual versus automated controls
- Determine what a Best Practice compliance
effort would look like - Develop an automated workflow that will support
this Best Practice compliance effort
13Understanding Detective versus Preventive
- To facilitate more effective compliance efforts
- Define the population of preventive and detective
controls - Evaluate which detective controls would most
effectively translate into preventive controls - Implement as appropriate
14Automating Controls
- To facilitate more efficient compliance efforts
- Define the population of automated and manual
controls - Evaluate which manual controls would most
effectively translate into automated controls - Implement as appropriate
15Web - Sharepoint
16(No Transcript)
17Automating the Compliance Function
- Determine the compliance activities that need to
be completed - Identify the activities/controls
- Notify (trigger) when testing should begin
- Define population
- Select sample
- Capture test steps
- Submit testing for review
- Review and approve testing
- Capture action/remediation items
- Summarize and report
- Develop the workflow, including tasks, forms,
integrating systems - Design the workflow
- Implement the workflow
- Execute
18Automating the Compliance Function
19Conclusions and Questions
- Cintra H. Olson, CIA, MSPM
- Business Development Manager - Compliance
- CODA Financials, Inc.
- Cell (603) 986-3530
- Office (603) 447-5820