‘soxing up’ business and it processes in a global bpr programme
DESCRIPTION
‘SOXing Up’ Business and IT Processes in a Global BPR Programme. By Rakesh Dighe ACA, AMCT, CISA April 2007. Legacy SOX Compliance. Purpose of the Presentation. GLOBAL BPR ROLL OUT. HOW TO ENSURE CONTINUED SOX COMPLIANCE POST IMPLEMENTATION OF A GLOBAL BPR ROLL OUT AND - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/1.jpg)
‘SOXing Up’ Business and IT Processes in a Global BPR Programme
By Rakesh Dighe ACA, AMCT, CISA
April 2007
![Page 2: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/2.jpg)
Legacy SOX Compliance
Purpose of the Presentation
GLOBAL BPR ROLL OUT
HOW TO ENSURE CONTINUED SOX COMPLIANCE POST IMPLEMENTATION OF A GLOBAL BPR ROLL OUT AND
LEVERAGE BENEFITS OF GLOBAL BPR FOR SOX?
![Page 3: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/3.jpg)
Introduction
‘Experience is the name everyone gives to their mistakes’
Oscar Wilde
![Page 4: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/4.jpg)
Business Context….
Before the Global BPR Roll Out:
SOX requirements had been newly introduced
Group was working hard to meet 1st year of SOX attestation
Group had already spent a great deal of time and money to ensure SOX compliance of LEGACY processes
![Page 5: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/5.jpg)
What is SOX Section404?
The Public Company Accounting Reform and Investors Protection Act
of 2002
(The “Sarbanes Oxley” Act)
![Page 6: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/6.jpg)
…..what is SOX s404?
• US legislation passed in 2002 following the Enron and WorldCom failures
• Objective “to protect investors by improving the accuracy and reliability of corporate disclosures”
• Imposes new legal requirements on all companies listed on US stock exchange
Corporate & personal
accountability
Formal governance
arrangements
Cultureof
transparency
Financialreporting
rigour
Corporate & personal
accountability
Formal governance
arrangements
Cultureof
transparency
Financialreporting
rigour
Corporate & personal
accountability
Formal governance
arrangements
Cultureof
transparency
Financialreporting
rigour
Applicable to Client as “foreign private issuer” from end
2006
![Page 7: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/7.jpg)
Global BPR Roll Out
Supply ChainManagement
Sell to Business Customer
Procure Goods And Services
Sell To RetailCustomer
Peopleprocesses
Finance and Support Services
![Page 8: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/8.jpg)
…….Global BPR Roll Out
Current State (2004)
• 158 ERPs
• 120 Management Information (MI) Systems
• 1200 IT applications tightly connected to ERP (out of 6000+ applications)
• Multiple business processes
Global SAP End-State (2012)
• <10 ERPs with standard SAP configuration and data supporting global business processes
• Standardised Global MI
• 100-200 IT applications tightly connected to Global SAP
![Page 9: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/9.jpg)
Implication of Global BPR Roll Out on SOX Compliance
Major IT Program Major IT Program (Global SAP) (Global SAP)
Restructuring& Restructuring& GlobalizationGlobalization
Business ProcessBusiness ProcessStandardizationStandardization
2006 SOX2006 SOXComplianceCompliance
![Page 10: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/10.jpg)
Business Requirement
‘Global BPR Roll Out to ensure new Business and IT Processes were SOX compliant before roll out at any SOX in scope location’.
OR Global BPR Roll Out would not be allowed to go-live.
![Page 11: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/11.jpg)
Global BPR Response
Centralised ‘SOX Centre of Excellence’ to support the Global BPR Roll Outs
Performance standard: No SOX failures as a result of Global BPR Roll Outs
1) SOX Impact Assessment
Analysis of SOX-relevant Global BPR projects rolling out in SOX Sensitive Countries
2) SOX Design Documentation
Design, Creation and Quality-Control of SOX Controls
3) SOX Implementations Support
Coordinate and drive implementation of SOX controls for Global BPR projects
![Page 12: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/12.jpg)
Key Challenges
• Identify ALL Global BPR projects with SOX impact (~1,000+)
• Minimise the impact on project go-live dates
• Ensure the impact on business efficiency from the controls is minimised
• Ensure Global BPR controls met all Group SOX standards
• Ensure the business understands and operates the controls in an effective manner.
• Complete the work with minimal involvement of Global BPR team staff
![Page 13: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/13.jpg)
Project Benefits of SOX COE
• Provides consistency: interpretation of standards, documentation approach, etc.
• ONE GLOBALLY Defined Set of SOX Controls and common implementation approach to support Global BPR objectives
• Reduces management strain on Global BPR project teams
• Can quickly propagate improvements in methodology
• Leverage central support: economies of scale
• Enables robust progress monitoring and prompt issue escalation
![Page 14: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/14.jpg)
Post Implementation Optimisation
3800
380 controls10 in-scope entities
TotalNumberOf ControlsAnd Tests
2400
240 controls10 in-scope entities
1140
140 global controls (60%)performed once100 local controls at10 in-scope entities
790
EfficiencyAutomation Shared
service
140 global controlsPerformed once50 regional controls3 locations50 local controls10 locations
Start point1/12/05
AutomatedTestingTools
50% testsautomated
400
![Page 15: ‘SOXing Up’ Business and IT Processes in a Global BPR Programme](https://reader035.vdocument.in/reader035/viewer/2022062800/5681417c550346895dad6ba4/html5/thumbnails/15.jpg)
Conclusion
Context of Compliance Projects:
• Tight timelines set by regulators
• Impact of non compliance is CRITICAL (reputation and regulatory risk)
• In the early stages, definition of regulation is subjective
Suggested approach to compliance projects:
• Define a framework (there are no right or wrong answers)
• Exercise good project management
• After 1st year of attestation, seek opportunities to optimise the framework and reduce cost of compliance