SOX and Process
Home Business Change Analysis & Design Agile Testing Templates About us

Introduction
Overview
Processes
Key Steps
Controls
Financials
Conclusions
Back

SOX and Process Documentation

Generally a company’s documentation convention policy should give some guidance as to what SOX will be expecting for each process, and ideally templates should be given for these. If this is not available the following industry-generic convention can be used.

Essentially, the convention requires the:

bullet

Identification of the (sub)processes per key business goal.

bullet

Identification of risks, objectives and significant controls for each sub process.

The corporate standards specifically provide a checklist covering a large number of points including:

bullet

(Sub) process objective

bullet

Key risk(s)

bullet

Significant controls

bullet

Authorisation

bullet

Configuration/account mapping controls

bullet

Exception/Edit report     

bullet

Interface/conversion controls

bullet

Key performance indicator

bullet

Management review

bullet

Segregation of duties

bullet

System access

bullet

Reconciliation

The standards make clear that inadequate documentation of the design of controls over relevant assertions related to significant accounts and disclosures is a deficiency.

SOX Impact on Process and Owner Deliverable

These considerations are only partially relevant to this deliverable.

Issues of ownership, risk assessment and SLA are covered. All other aspects are more relevant to the process design template and will be covered in the respective guidance notes.

 

SOX Impact on Process Design Deliverable

These considerations are directly relevant to this deliverable.

By use of a template standardisation and visibility of the above areas is maintained.

As well as describing the dynamic procedures, the process design document will need to describe “static” elements referenced by the flow, such as report definitions, control objectives, interface definitions, SLAs, business rules and so on.

 

Back Next

© 2002-2007 Codel Services Ltd

This paper has been prepared by Codel Services Ltd to illustrate how structured business modelling can help your organisation. Codel Services Ltd is an IT Consultancy specialising in business modelling. If you would like further information, please contact us at: Deryck Brailsford, Codel Services Ltd, Dale Hill Cottage, Kirby-Le-Soken, Essex CO13 0EN,United Kingdom. Telephone: +44 (0)1255 862354/Mobile: + 44 (0)7710 435227/e-mail: info@codel-services.com