There are a lot of definitions of IT risk, below is the definition of IT risk from Sarbanes Oxley perspective. But, before let you know that every business venture is basically risky. In new business ventures and new product development, there are unknown factors and their impacts on the venture are equally unknown. The unknown factors could be favorable or unfavorable. There is a probability that one may either gain or lose. However, a loss may hurt the venture. Here are some of the definitions:
1. Risk is the probability of suffering loss.
A refinement of this definition is to include goals, gains, or opportunities in the statement. Perhaps it is implied and obvious that risks are connected with gains. Nevertheless, if risks are divorced from the associated goals, then one sees just a set of problems. A risk list should not be reduced to a problem list. Risks have a much broader role to play. (more…)
Popularity: 6% [?]
Implementing risk control matrices for Sarbanes Oxley Compliances mean implementing a lot of control. Some how most of control tend to be very excessive. Below some explanation why people allergic to excessive control and how to manage it.
Interference does not improve employee performance; improvement is accomplished by motivating, allowing freedom of action, and understanding the contributions that people make. As stated in the first point, the urge to manage in a knee-jerk manner inevitably causes work to get bogged down. Using IT as a control instrument when that happens tends to make matters even worse.
Keep It Simple: Simplicity Is the Mark of Truth
We can only cope with a limited quantity of information and, perhaps not surprisingly, in spite of the amount of information we have, we cannot look into the future. We make decisions on the basis of “best guesses” and continue to do so until a solution is determined that provides us with some satisfaction. This suboptimization does not result from laziness but from the need to perform on many (more…)
Popularity: 4% [?]
During Sarbanes Oxley compliances the auditor should perform a walkthrough against internal control. So what is walkthrough? Michael Ramos in his book about SOX implementation said that basically a walkthrough is a procedure in which trace a transaction from its origination through the company’s information processing system, and all the way to its reporting in the financial statements. Although inquiries of company personnel are a major component, a walkthrough is more than just inquiry. Think of a walkthrough as
- Corroborative inquiry, in which auditor ask questions of client personnel and then obtain corroborating evidence to support their answers
- A test of one, in which auditor take a single transaction and perform detailed procedures to test the operating effectiveness of the controls for processing that transaction
The company is not required to perform walkthrough procedures; however, it is in management’s best interests to do so.
Sometimes, the company’s documentation of its information processing stream does not match the reality of what actually happens on a daily basis. Companies that perform tests of controls based only on what has been documented often run into testing exceptions when they discover that documentation of the information stream and related controls was not accurate.
The walkthrough procedure will allow auditor to confirm their understanding of key elements of the information processing stream and related controls before auditor begin detailed test work. The walkthrough can help auditor evaluate the effectiveness of the design of internal control for each major transaction. While performing the walkthrough, auditor also may obtain evidence about the operating effectiveness of controls.
Popularity: 41% [?]
Since first time Sarbanes Oxley act enacted, there are many stories about SOX implementation in every company. Both sharing the same story about the happy and the sad part of implementing what so called Risk Control Matrices, IT General Control, and Application Control. Here is ten sign for successful SOX implementation.
1. Number of control implemented is increase
Number of control already implemented is one of the key of successful SOX implementation. During first year of SOX compliance implementation, most of company could not able to implement all control which already designed.
2. Every body happy with the compliances
Usually most of people will refuse new thing, and SOX compliances is one the new thing that people will find difficult to accept. Successful SOX compliances should be able to make every body happy with the policy and procedures that company accepted. Failure dealing with people issue is time bomb for bigger problem tomorrow
3. Risk Control Matrices already mature
Risk Control Matrices (RCM) is always changing due to business trend and climate. The company of course must update the RCM to meet business change. However the basic control should not be change and already mature. (more…)
Popularity: 3% [?]
Working with Sarbanes Oxley Compliance is could be mean working with a lot of documentation. The company who should comply with SOX at least has assets with more than 75 Million USD. So maybe it’s an across 30 country global company, or very complex branch of business company. The problem? Just the same: working with a lot of people, a lot of documentation, and of course a lot of process.
Nowadays working with a lot of people across globe could be easier by using a lot of software collaboration from lotus notes, to google talk. Most of advanced company also already using teleconferencing to discuss with others people in different time zone.
Working with a lot of documentation is also easier, many tools such as Microsoft Groove or proprietary software from PWC –Team Mate could be used. Imaging device from Canon or HP is really helpful device for maintain document management.
However the problem with unique process in every region is always consider the biggest problem in SOX compliance. For example, the Tax management in Malaysia would be a little different with the Tax Management in Turkey, of course will definitely different with common practice in US. (more…)
Popularity: 2% [?]