Big4Guy
Big4GuyWelcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.
|
Post details: Handling Significant Deficiencies for Sarbanes Oxley Compliance
04/20/06
Handling Significant Deficiencies for Sarbanes Oxley Compliance
In the Sarbanes Oxley compliance journey, many companies face the onslot of significant deficiencies. Identifying a significant deficiency is one thing, tacking it is another. My experience shows that even though companies are able to identify significant deficiencies, but when the time comes to remediate them, companies are in a fix. Recently, we helped one of our clients in the automotive industry in setting up an action plan for remediating significant deficiencies. Here are some jottings from the plan for your guys!
Prioritizing the deficiencies - After identifying deficiencies it is important to prioritize them. This can be done based on significance, financial statement impact, magnitude, likelihood. Our client used an decision matrix incorporating the factors above.
Deficiency Responsiblity for Process Owners - Process owners should take resposnibility and present significant deficiencies to senior management and audit committee. Process owners should also accompany a plan for as to how the deficiency will be remediated.
Tranings to Identify Deficiencies - One thing we suggested to the client was to institute a training program which will help the ground level users, process owners to identify, manage and dispose of deficiencies. This should involve not only functional guys, but also IT, finance and other cross functional concerned departments.
Timely Escalation & Disposition - Every deficiency identified should be timely escalated to senior management and a file should be maintained documenting how the company proposes to dispose / remediate the deficiency.
Related Posts
Spreadsheets & SOX Compliance
Direct Evidence for judging effectiveness of ICOFR
COSO - Factors affecting Control Environment
SOX Documentation - How much is Enough?
Comments:
No Comments for this post yet...
Categories
Archives
Search
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| << < | > >> | |||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Misc
All content copyright © 2005-2008
Big4Guy.com
Do not reproduce either in part or full without the express permission of the
Webmaster
