|
Sarbanes-Oxley Act of 2002 - Corporate Governance SolutionsRecent financial scandals have damaged investor, customer, supplier, and employee confidence. To reinstate and rebuild trust, government and regulatory agencies are creating and enforcing new regulations for corporate governance that you can’t afford to ignore. In the United States, the first of these — the Sarbanes-Oxley Act of 2002 — has very profound consequences for your business:· Corporate responsibility for financial reports· Personal liability for accuracy of your numbers· Disclosure of internal controls and processes· Aggressive deadlines for financial reportingCompanies that fail to meet the new requirements will face exorbitant fines, negative press, and potential de-listing from stock exchanges. Moreover, personal liability requirements may result in executives’ imprisonment. Compliance with these new regulations will affect many aspects of your day-to-day operations, including: corporate policies and procedures, culture, and perhaps most significantly, information systems. With heavy reliance on software applications to run your company’s operations, information systems must form a cornerstone of your corporate governance strategy.TruTek is uniquely positioned to help you implement Oracle’s corporate governance solutions. Oracle’s new controls and compliance management solution, Oracle Internal Controls Manager, is a comprehensive tool for executives, controllers, internal audit departments, and public accounting firms to use to document and test internal controls and monitor ongoing compliance. With Oracle Internal Controls Manager and TruTek, your company can:· Perform more efficient internal controls testing· Have a higher certainty in your risk assessment· Lower external audit verification costs TruTek Governance experts can use current Oracle applications functionality to: Create Segregation of Duties to Control Activities Capture the Business Processes of The Enterprise Manage the Process Documentation Manage Process Variations TruTek has financial auditors and CPA’s that are experts with Oracle Applications.The TruTek Corporate Governance practice can reduce the expense of an external audit by setting up Oracle ICM, documenting business processes & process variations, mapping the organization structure to the business processes, management of internal audits with regard to Oracle Applications. TruTek also will submit audit findings, issue a summary report and review the policy compliance. These findings would then be submitted to your internal and external auditors for review and determination of associated risks. The adequacy of internal controls ,then, can be verified and attest to the accuracy of the financial statement. Perform More Effiecient Internal Controls Testing Oracle’s E-Business Suite has internal controls and best practices built into the products. For example, when you define Oracle Payables, you determine if you want to perform three-way or four-way matching. When you define Oracle Purchasing, you will determine how you wish to route your purchase requisitions for approval. You establish these internal controls to enforce compliance with business practices, to reduce the risk of both malfeasance and accidental errors, and to improve management’s confidence in the numbers recorded in the system. Oracle Internal Controls Manager makes this information easily accessible so you can determine the risk associated with each internal control and perform more efficient internal controls testing – saving your company time and money.Control ActivitiesDuring an internal control check, you will need to test the integrity of your business system. To perform an integrity check, you will need to ensure that:· Transactions have associated source documents.· Processes that commit the company have approval policies in place.· Real world events that create changes in ownership, obligation or value are captured in a source document and reflected in the books of account. Business transactions and communications between systems are working. All transactions are accounted for. Off-balance-sheet transactions often involve guarantees, unconditional commitments, lease and debt arrangements, as well as standby commitments that could reduce a company's credit rating, its earnings, cash flow, stock price or ability to perform its contractual obligations. In January 2002, the final four accounting and audit firms suggested to the SEC that off-balance-sheet deals should be identified by amount and purpose with an explanation of why they are not on the balance sheet. · Revenues and costs are appropriately matched. For example, you need to ensure that costs of sale have been appropriately posted for shippable goods or that revenue is appropriately deferred for service revenue.· Revenue recognition is in compliance with the regulatory framework. For example, you company should comply with SEC and FASB revenue recognition guidelines SOP 97-2, SOP 98-9 and SAB 101. · Contract contingencies and contingent liabilities are reflected in the books of account. For example, if a supply contract for Supplier Managed Inventory defers the transfer of ownership until a component is used, this contingency should be reflected. See Sidebar for details. · Organization structure, systems, and controls are effective. For example, the organization structure should not allow a purchasing agent to create and approve his own requisitions. Systems, whether manual or automatic, should prevent such business transactions. In addition, business systems should automatically alert management to possible infringements. These controls might include the limits or tolerances around which the process is measured. · Changes in approvers or approval limits are authorized. Oracle Internal Controls Manager can help you perform and evaluate the effectiveness of your company’s internal controls. Make Internal Controls Testing an Integral Part of Your SystemPain Points Even companies that are already conservative in their business practices are worried about responding to new corporate governance regulations. And, with executives facing the possibility of punitive and criminal action, the concern has become very personal. Many executives are asking the following types of questions:· Why have one system to run the business and another to check that it is working correctly? · If I have a risk assurance system that is separate from my operational system, does that present a risk in itself?· Does the risk assurance activity need to always start from scratch? · If I have to build a credible case for the effectiveness of my internal controls, where do I start? · How can I possibly get my business documented by the timeframe needed for certification? Oracle offers a solution that is efficient, integrated, and reduces the risk associated with maintaining separate operational and risk assurance systems. Ensuring Segregation of DutiesOne control risk you need to assess and address is ensuring segregation of duties. As part of the audit, the internal and external auditors must confirm that users do not have access to pairs or groups of functions that would compromise good internal controls. For example, one person should not have the authority to both authorize new suppliers and authorize payment processing. Oracle E-Business Suite helps you address this corporate governance requirement by supporting segregation of duties.Oracle Internal Controls Manager SolutionOracle Internal Controls Manager uses features and functionality that are already part of the Oracle E-Business Suite. Only Oracle provides you with all the components you need to run your business and to meet the demands of new regulatory requirements for internal controls testing – all out-of-the-box and fully integrated. Examples include: · Document management· Continuous auditing· Risk assessment questionnaires· Whistleblower protection· Application configuration risk assessment· Audit program office/project management· Embedded business process workflowContent Delivered With the Oracle E-Business SuiteOracle Internal Controls Manager SolutionOracle has streamlined the risk assurance activity for you, and TruTek has the CPA’s with the expertise to efficiently implement ICM. The cornerstones of Oracle Internal Controls Manager are the workflows in the applications and the procedures manuals that are already part of the Oracle E-Business Suite. If you are an existing Oracle E-Business Suite customer, this means that your risk assurance activities are already well underway. If you are a new customer, the steps you need to perform as part of your risk assurance activities are the same steps you will perform while setting up the Oracle E-Business Suite. By leveraging the work you perform in setting up your business system, Oracle Internal Controls Manager saves you time and improves the accuracy of your audit system. TruTek partners with Audit and Risk Assurance firms to ensure their risk libraries can be seamlessly integrated into Oracle Internal Controls Manager. Defining the Business Processes of the EnterpriseYour internal audit department will need to understand and document your existing business processes. Oracle E-Business Suite comes with an embedded process-modeling tool, Oracle Workflow. This tool is not only a drafting tool for the designer of the business process, it is the active workflow management tool used by the applications suite. This robust functionality ensures the processes within each of the applications are visually displayed and automatically documented for your internal auditors. By automating your approval processes with Oracle’s embedded business process workflow capabilities, you can enforce policies and procedures, reduce the risk of errors, and improve management’s confidence in the transactions recorded in the system. |
