|
Virtually all
aspects of the Sarbanes / Oxley Act of 2002 (SOX) require some form of
remediation from organization to organization. By this, we generally
accept the philosophy that most companies who start out on the road to
SOX compliance will have to perform some type of remediation in order to
achieve the compliance anticipated under the SOX Act, as promulgated by
the United States Congress in 2002. What do we mean whenever we discuss
the term remediation? Well the definition provided in Webster’s
Dictionary is “the act or process of correcting or counteracting”
something that is not currently operating correctly, efficiently or is
not in place to alert or prevent unacceptable events from occurring.
Thus as we apply this definition to SOX, it affects the following
areas:
-
The revision
of existing internal controls or financial reporting processes,
after “SOX Implementation”, in order for
them to operate as originally envisioned;
-
The
establishment of internal controls or financial reporting
mechanisms, after “SOX Implementation”,
in areas where they do not currently exist;
-
The revision
of internal controls or financial reporting processes, after “Management
Testing”, when determined not be operating as envisioned
through a SOX audit; and
-
The revision
of internal controls or financial reporting mechanisms, after
ongoing monitoring through Section 302 disclosures, when determined
not to be operating as required.
Remediation
services require the use of knowledgeable, experienced and control
oriented professionals in as much as re-engineering a control or
reporting process requires skill and the ability to work
closely with those who run or operate the control (Owners).
Some of the steps involved in a remediation effort might include the following:
-
Identify
source of audit or control failure;
-
Flowchart
process and determine recommended remediation steps;
-
Determine if
failure is control based or operation based (Process adherence);
-
If a control
based failure, then develop solution to issues and implement;
-
If a
operation based failure, then determine why the process was not
followed or what influences affected the failure;
-
Work with
client personnel to recommend solution to process failure and
document;
-
Monitor
solutions for one cycle to ensure compliance with the internal
control or financial reporting process;
-
Report
status of internal control or financial reporting remediation
efforts on a weekly basis; and
-
Notify
internal audit to re-test the control or reporting process, but only
after at least one operating cycle of the “fix” has occurred.
As can be seen,
remediation of control or reporting failures is not simple and requires significant effort on the part of both the individuals remediating the
deficiency and those who must implement the “fix”. Most
organizations do not maintain enough resources to staff the day-to-day
operations, develop remediatation solutions for the control and
reporting failures and then implement the control or reporting “fixes”.
This is where GTS can be of significant assistance!
Why GTS Network
GTS brings just
the right combination of resources and knowledge to the project, saving
our customers valuable costs which can be used elsewhere in the
Company. We hire and place on each engagement only the best
professionals available and we guarantee that our pricing and overall
cost estimates will be the most advantageous to you the Client.
At GTS we want to be your SOX partner!
Global Technology Solutions,
LLC (Your One-Stop SOX Consultant)
|
