Big4Guy
Big4GuyWelcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.
|
Post details: Sarbanes Oxley Process Owners - Role of Process Owners in Sarbanes Oxley Compliance
03/31/06
Sarbanes Oxley Process Owners - Role of Process Owners in Sarbanes Oxley Compliance
One of our clients in Ohio, has decided to comply with Sarbanes Oxley voluntarily. I am working with John, who is the SOX Project Manager representing the client. Having identified the critical processes within his organization, John is now identifying process owners. Initially, John was not very clear on the concept of a process owner and what a process owner is supposed to do. He had the misconception that anybody executing the process is the process owner. To set things right, I explained to John that a process owner is
"an individual or a group of individual who are responsible to take decisions regarding a process. Such decisions could be designing the process, monitoring the process etc."
In fact, one very simple way to identify process owners is ask the following questions.
1. Who decides how the process is going to work?
2. Who is responsible for designing the process?
3. Who would build the process from scratch?
4. Who would actually execute the process?
5. And finally, who will monitor the process?
Answering the above questions will definetly help in deciding who the process owner is. A process owner normally decides, designs and monitors the process. There may be case where one is not able to identify any single person as the process owner. This is completely fine, since there can be two or more than two process owners for a process. But remember, the saying goes "Too many process owners, spoil the process!". Once Process owners are identified, the SOX project manager should explain the process owners their roles and responsibilities. Process owners would ideally be responsible for creating process documentation, designing controls within the process, collecting evidence of controls in place and asssessing the control effectiveness of controls within the process.
Related Posts
Continuous Auditing of Controls
Ten Step Plan for Fraud Risk Management
Evaluating Control Exceptions for Sarbanes Oxley
Reporting Lines for the Chief Audit Executive
Comments:
No Comments for this post yet...
Categories
Archives
Search
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| << < | > >> | |||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Misc
All content copyright © 2005-2008
Big4Guy.com
Do not reproduce either in part or full without the express permission of the
Webmaster
