Big4Guy

Confessions, Thoughts, Observations and Musings of a Big4Guy

Big4Guy

Welcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.

Post details: Understanding Business Processes for Sarbanes Oxley Compliance

04/16/06

Permalink 12:14:09 am, Categories: Sarbanes Oxley, 229 words   English (US)

Understanding Business Processes for Sarbanes Oxley Compliance

It is very important for Big 4 IT consultants like me to understand the clients business processes before we can help them in identifying controls. To understand a business process, I normally follow a systematic way. So irrespective of the fact whether the process is IT related or not I would approach business process understanding as under:

- Review the available documentation, user manuals, input documents, flowcharts, description of controls, risks if available.
- Interview key process owners, managers, IT personnel, system users, process users etc.
- Finally, I would review existing standard reports, exceptions available for the process.

Following the above methodical process ensures that as an auditor / consultant, I have a through understanding of the process. I normally try and identify information sources which can help me understand the process better. Thus, rather than taking a traditonal approach, I find it better to take a proactive forward looking approach in understanding the business process. The better the understanding of the business process that one has, the better one would be able to point out risk & controls within the process. Identifying key risks and controls is the next logical step after process understanding. It also becomes easy to test the controls once you have an understanding of the process.

Related Posts

Testing Controls in Absence of Evidence
Internal Audit Charter & SOX
CPA's Role in SOX Compliance
Automated Vs Manual Controls

Permalink Leave a comment

Comments:

No Comments for this post yet...

Official Websites

Categories


Archives

  • SAP MM Requirements for Setting up Plant
  • Lessons Learned Log for ASAP Implementation
  • SAP Solution Configuration Realization Phase
  • SAP MDM Master Data Import Manager Loading Data into SAP MDM
  • Compliance Calibrator SOD Conflicts Remediation Strategy
  • SAP Workload Analysis Monitor Tools ST03N
  • SAP BW Data Staging Basics Tutorial
  • How to Implement BW Infoobject Level Security
  • SAP BW Admnistrator Authorizations S_RS_ADMWB
  • BIW Reporting Auth Objects S_RS_COMP
  • SAP BW Security Authorization Objects for SAP BW
  • How to Create SAP Report Variants and Variables
  • more...

    • Search

    Google

    Web Big4Guy.com

    June 2008
    Mon Tue Wed Thu Fri Sat Sun
    <<  <   >  >>
                1
    2 3 4 5 6 7 8
    9 10 11 12 13 14 15
    16 17 18 19 20 21 22
    23 24 25 26 27 28 29
    30

    Misc

    Syndicate this blog XML

    What is RSS?