Surf to the EZ-Compliance Demo

How to reach Sarbanes-Oxley Compliance with EZ-Process?

Is your company obliged to comply with Sarbanes Oxley Regulation?

Then you know that, according to Gartner, the Sarbanes-Oxley Act, is the most sweeping regulatory reform of publicly traded markets since the Securities and Exchange Act of 1934. Sarbanes-Oxley is designed to reduce fraud and conflicts of interests, while increasing financial transparency and public confidence in the markets. It is a response to the sensational corporate fraud cases of Enron and WorldCom.

Do you think it’s a Finance department responsibility to reach compliance?

Without excluding the responsibility of Finance departments and the CFO, today Information Systems are to much in the heart of any functional area not to be involved in Sarbanes-Oxley related initiatives. For example, to ensure integrity of statements, and internal controls, the IS organization must play a key-role as e.g. financial reports are based on and generated by financial software and internal controls might be embedded in ERP systems.

What can you expect from EZ-Process to comply with Sarbanes-Oxley Act?

1. Complaints Handling (Sec. 301)

Requirement: Procedures need to be established for handling of complaints by the company audit committee, anonymous posted by employees of the company

EZ-Process supports:
  • Employee can send anonymous e-mails about accounting, internal controls or auditing matters via the WebFeedback, triggering an automatic workflow as well as a confirmation number for the employee for potential follow-up information
  • The recipient of these complaints is notified via email/workflow that new complaints have been entered into system; received complaints are centrally stored for purpose of analysis and reporting

 

2. Corporate Responsibility for Financial Reports (Sec. 302)

Requirement: The CEO, CFO and an attesting public accounting firm must certify the accuracy of financial statements and disclosures in the periodic report, and must certify that the statements fairly present in all material aspects the operations and financial condition of the issuer.

EZ-Process supports:
  • Documentation of internal disclosure controls and procedures
  • Document and report life-cycle management to ensure proper versioning, approval notifications and secured access to the financial reports
  • Deadline control to ensure timely processing of financial reports
  • Exception control to notify exceptions in report handling to the responsible manager or audit committee
  • Workflow controlled assessments and associated findings or deficiencies to support certifying officers’ sign-off
  • Workflow audit trail for drill-down in case history details about specific reports are required

 

3. Management Report on Internal Control over Financial Reporting (Sec. 404)

Requirement: a statement of management’s responsibility for establishing and maintaining adequate internal control over financial reporting for the company, attested to by the company’s auditor. This statement includes an assessment of the controls and identification of the framework used for the assessment. Section 302 requires that financial statements be complete and accurate. Section 404 requires that the process used to generate statements be accurate and meet an accepted industry standard.

Because the processes and internal controls are implemented principally in IT systems, section 404 audits involve a detailed assessment of those systems. Process changes to meet compliance must be documented and implemented by the IS organization. Although a completely paper-based organization could be compliant, most organizations make such extensive use of technology for financial reporting that the CIO plays a major role in auditing and compliance projects. Section 404 also requires reporting of material process changes every quarter. Thus, a new enterprise resource planning (ERP) system or any material change to a system could require a new 404 audit, attestation and report.

EZ-Process supports:

  • Identification of functional areas and corresponding processes to determine scope of gap analysis
  • Documentation of Enterprise Processes to design and document effective internal controls in the context of the business process
  • Web-based Collaboration and sharing tools to allow audit committee members at remote locations access to the enterprise processes, controls and documentation
  • Web-based Review and change control tools to support the analysis, discussion and validation phase
  • Tools to determine effectiveness of role- and authorization structures to validate proper separation of functions

Take control

Time does not stand still and various project teams within your company will soon start to fulfill the requirements of Sarbanes-Oxley. It is imperative to adopt a methodology that leads to guaranteed compliance, and is also supported by your auditor. The project also needs to be managed at various levels, while content needs to be collected, reviewed, changed and approved, to be distributed to the entire organization. Content and results are stored in various environments and platforms. EZ-Process can bring these pieces together.
 

Read more about EZ-Compliance