Capitalizing on Compliance: What Sarbanes-Oxley Tells Us About Managing Our Compliance Efforts - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Capitalizing on Compliance: What Sarbanes-Oxley Tells Us About Managing Our Compliance Efforts

Description:

New Jersey IIA Chapter Software Expo. Fairfield, NJ, May 1-2, 2006 ... Untimely and Disjointed Information. Drawing Internal Audit away from Other Priorities ... – PowerPoint PPT presentation

Number of Views:61
Avg rating:3.0/5.0
Slides: 20
Provided by: cint3
Category:

less

Transcript and Presenter's Notes

Title: Capitalizing on Compliance: What Sarbanes-Oxley Tells Us About Managing Our Compliance Efforts


1
Capitalizing on Compliance What Sarbanes-Oxley
Tells Us About Managing Our Compliance Efforts
  • New Jersey IIA Chapter Software Expo
  • Fairfield, NJ, May 1-2, 2006
  • Presented by Cintra Olson, CIA, MSPM
  • CODA Financials, Inc.

2
Todays Agenda
  • CODA Financials, Inc. Who We Are, What We Do
  • Theres More to Life than Sarbanes
  • Lessons Learned - Year One Year Two
  • Applying Lessons Learned to Other Compliance
    Efforts
  • Focusing on the Right Controls
  • Self-Assessment and Monitoring
  • Next Generation Risk Management Compliance
  • Understanding Detective versus Preventive
    Controls
  • Automating Controls
  • Automating the Compliance Function
  • Conclusions and Questions

3
CODA Financials, Inc. Who We Are
  • Founded in the UK in 1979 to provide financial
    intelligence to organizations globally
  • Established in the USA and Canada since 1988,
    helping finance departments solve complex
    problems stemming from issues of scale,
    reliability and performance
  • Over 550 employees around the world (North
    America, Europe and Asia/Pacific)
  • Globally, over 2500 Medium and Large
    organizational customers in industries such as
    insurance, shipping, transportation and
    logistics, retail, banking and finance,
    professional services and the public sector.
  • Customers in the US and Canada number more than
    250, and include such names as Booz-Allen
    Hamilton, Central Ohio Transport Authority, Maher
    Terminals, Texas Pacific Group, Lin TV and
    Pan-American Life Insurance

4
CODA Financials, Inc. What We Do
  • Product offerings that help drive more effective
    performance
  • Focus on organically developed systems to target
    client needs
  • Enable finance and compliance functions to
    support strategic change

5
The CODA-Control Suite
  • CODA-Control Architect
  • Provides the Control Solutions methodology and
    COSO framework to identify and manage control
    selection and testing.
  • Developing methodologies in response to Basel II,
    HIPAA, FDICIA and others
  • CODA-Control Assessor
  • Streamlines overall assessment, remediation and
    certification processes and brings information
    and activities together
  • CODA-Control Manager
  • Flexible and dynamic captures activities,
    controls and support documents as they happen
  • Facilitates enterprise risk management
  • Provides the ability to sign off at multiple
    levels of control execution and review

6
Theres More to Life than Sarbanes
Compliance requirements cover a number of
different areas, and encompass various current
and targeted types of legislation, including (but
not limited to)
7
Lessons Learned Year One Year Two
  • Were Spending Too Much Money
  • Were Spending Too Much Time
  • Too Many Manual Controls
  • Too Many Detective Controls
  • Inconsistent Execution of Compliance Efforts
  • Untimely and Disjointed Information
  • Drawing Internal Audit away from Other Priorities

8
Applying Lessons Learned to Other Compliance
Efforts
  • Focus on key controls/activities supporting
    compliance
  • Standardize and simplify to
  • Reduce compliance costs
  • Improve quality
  • Move from manual to automated compliance
    activities
  • Move from detective to preventive compliance
    activities
  • Manage process and testing documentation both to
    support compliance efforts, and to facilitate
    external reviews
  • Move responsibility to those executing compliance
    activities
  • Facilitate Internal/External Audit needs to
    manage costs
  • These steps can be facilitated by the use of a
    flexible compliance technology tool designed with
    these goals in mind

9
Focusing on the Right Controls
  • Identify those compliance activities that best
    support compliance objectives
  • Privacy of information
  • Environmental protection
  • Financial standards of reporting
  • Food or drug testing protocols
  • Labor Laws
  • Look for activities that provide maximum coverage
    of related exposures
  • Financial assertions
  • Regulatory approvals
  • Industry standards
  • Provide consistent directives to testing teams to
    ensure content and execution requirements are met

10
CODA-Control Architect Focus on Controls
11
Self-Assessment and Monitoring
  • Steps that lead to effective self-assessment and
    monitoring efforts
  • Build consistency in information provided to
    teams
  • Capture and control the flow of information
  • Ensure key action items/remediation steps are
    completed
  • Capture and link to supporting documentation
  • Allow visibility to oversight groups (externals,
    IAD, regulatory monitoring groups)
  • Capture high-level certifications on processes

12
Next Generation Risk Management Compliance
  • Identify those processes that most critically
    support risk management and compliance efforts
  • Evaluate detective versus proventive controls
  • Evaluate manual versus automated controls
  • Determine what a Best Practice compliance
    effort would look like
  • Develop an automated workflow that will support
    this Best Practice compliance effort

13
Understanding Detective versus Preventive
  • To facilitate more effective compliance efforts
  • Define the population of preventive and detective
    controls
  • Evaluate which detective controls would most
    effectively translate into preventive controls
  • Implement as appropriate

14
Automating Controls
  • To facilitate more efficient compliance efforts
  • Define the population of automated and manual
    controls
  • Evaluate which manual controls would most
    effectively translate into automated controls
  • Implement as appropriate

15
Web - Sharepoint
16
(No Transcript)
17
Automating the Compliance Function
  • Determine the compliance activities that need to
    be completed
  • Identify the activities/controls
  • Notify (trigger) when testing should begin
  • Define population
  • Select sample
  • Capture test steps
  • Submit testing for review
  • Review and approve testing
  • Capture action/remediation items
  • Summarize and report
  • Develop the workflow, including tasks, forms,
    integrating systems
  • Design the workflow
  • Implement the workflow
  • Execute

18
Automating the Compliance Function
19
Conclusions and Questions
  • Cintra H. Olson, CIA, MSPM
  • Business Development Manager - Compliance
  • CODA Financials, Inc.
  • Cell (603) 986-3530
  • Office (603) 447-5820
Write a Comment
User Comments (0)
About PowerShow.com