Sarbanes-Oxley Compliance Challenges
|Challenges of meeting the numbers|
Many businesses underestimate what it takes to be compliant. And, unfortunately, the Sarbanes-Oxley Act does not provide detailed, step-by-step guidelines on reaching compliance.
There are industry accepted best practices. In addition, every auditor usually adds individual criteria. And there is no one solution available on the market to help businesses achieve compliance. What's more, Sarbanes-Oxley (SOX) is not a one-time experience. Companies must continue to be compliant as technology and organizations evolve.
If your company doesn't have policies and controls, implementation and testing can be a long and arduous task, especially if you choose to use manual internal controls.
Look to Miles Consulting
We're experts in IT technology and how technology can work for business. Using that expertise, we have successfully completed numerous Sarbanes-Oxley projects for customers in diverse industries.
We employ industry accepted best practices, including the COSO and COBIT frameworks and best practices recommended by auditors. Having worked with many of the accounting firms responsible for SOX audits, we can tailor our methodology to match a firm's criteria, facilitating the compliance process. We also utilize premier audit tools from suppliers such as Ecora and Footprints for a superior audit structure.
Our focus areas
Our service focuses on primary areas, including project management, infrastructure implementation and documentation and testing support. We will customize the scope of our services based on your needs.
Project management and infrastructure implementation
We identify and escalate engagement issues and coordinate resources, ensuring optimal participation by customer staff and external resources, when appropriate. We also implement the required infrastructure and provide customer training.
Documentation and testing support
We assist business stream teams to ensure consistent deliverables and identify and recommend process improvements as they present themselves.
At the beginning of the project, we'll meet with you to define primary goals and objectives as well as additional opportunities that may present themselves for your benefit. From that meeting, we will create a phased plan for implementing a compliance and process improvement program with buy-in from all key members in your organization.
Helping you meet compliance
We will meet with your independent auditors at several points throughout the process to ensure their acceptance of the evaluation criteria and documentation necessary for certification of management’s assertions of internal controls. We can guide you through the entire implementation process, including remediation of deficient IT controls.
Improving your processes
Beyond the primary goal of compliance, there are many opportunities for enhancing an IT environment. We will provide suggestions on how to design a control structure to achieve the optimal segregation of duties within your IT organization. You'll receive a solution for reviewing your internal process flow to help identify opportunities for improving efficiency and cost savings.
The three-phased approach
Executing a project in phases allows you to define clear milestones and checkpoints for consistent and effective progress. Following is a typical outline for achieving compliance and process improvement:
Phase 1 – Planning and scoping
Phase 2 – Process documentation, evaluation and improvement
- Confirm objectives, scope, success criteria and team members
- Execute pilot – full documentation and testing for one business stream
- Confirm pilot results with auditor and finalize plans to move forward
Phase 3 – Control testing and remediation
- Document all current processes, procedures and control points
- Identify potential process improvements and implement where appropriate
- Identify control test plans and metrics and establish monitoring procedure
What happens after the first year?
- Execute tests of control points, document test results and identify inconsistencies with expected results
- Refine process or control to achieve compliance and update process documentation accordingly
Many of our customers have achieved initial compliance with SOX requirements and are now faced with ongoing compliance and the opportunity to leverage the investments made to date. Miles Consulting can provide ongoing support.
Process changes, including system upgrades and/or replacements
We can handle implementation of new processes and controls, test the processes and provide support of the required documentation.
We can define the scope of testing with your external auditors and execute quarterly tests, including any required process remediation.
We can work with you to make process and procedure improvements aimed at improving efficiency and effectiveness.
A proven record
Since the inception of our business in 1996, we have always employed industry accepted best practices. So when Sarbanes-Oxley compliance became a requirement, we were well positioned to serve that need. We hire best-of-breed IT specialists and we're Microsoft Certified Gold on multiple competencies.
With our extensive technical expertise and firsthand knowledge of the challenges facing businesses, we can be your one source for meeting the goals of compliance and process improvement today and into the future. Just ask our customers.
What you should know about SOX Compliance