Aspect Oriented Programming Michael Kucera CAS 706 March 15, 2005.
© 2003 IBM Corporation 4-Jun-15 IBM Lotus Workplace for Business Controls and Reporting V2.1...
-
date post
19-Dec-2015 -
Category
Documents
-
view
212 -
download
0
Transcript of © 2003 IBM Corporation 4-Jun-15 IBM Lotus Workplace for Business Controls and Reporting V2.1...
Apr 18, 2023 © 2003 IBM Corporation
IBM Lotus Workplace for Business Controls and Reporting V2.1Reducing the cost of sustained compliance
Larry J. Kucera—WW Offerings Manager IBM Software Group
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation2 SWG Value – All Sections Apr 18, 2023
Agenda
Compliance Challenges
SOX and Financial Controls, Section 404
“Gaps” to consider for sustained compliance
IBM Framework for Sustained Compliance
Reducing TCO
Why IBM?
Market Reaction
Q&A
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation3 SWG Value – All Sections Apr 18, 2023
Compliance Challenges
Basel IISarbanes-Oxley Act
SEC 17a-4 / NASD 3010/3110
HIPAA
DoD 5015.2 / PRO
21CFR11 Patriot Act
Gramm Leach-Bliley Act
ACORD
OSHA
IAS
(anti money laundering)
(Brokers, records for all correspondence)
(Financial confidentiality of non public info)
(Electronic Signature records for Food and Drug)
(Certification of electronic records mgt SW products)
CFO Act
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation4 SWG Value – All Sections Apr 18, 2023
Sarbanes-Oxley Act and Financial Controls
The Sarbanes-Oxley Act was signed into law on July 30, 2002, largely in response to a number of major corporate and accounting scandals. It establishes new or enhanced standards for corporate accountability. All publicly traded companies need to comply to this legislation.
Main Sections: • Section 302/906 Corporate Responsibility for Financial Reports now• Section 404 Management Assessment of Internal Controls 11/15/04• Section 409 Real Time Issuer Disclosures now • Section 802/103 Records Management now
“The environment has created significant challenges for US corporations and their management bodies, boards of directors, audit committees,
auditors, and the finance organization”
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation5 SWG Value – All Sections Apr 18, 2023
Total Cost of SOX Compliance
Although first year compliance is not complete, the cost of compliance continues to grow
– Survey by Finance Executive Institute (FEI) in July 2004 indicates SOX 404 compliance costs are 62% higher than previously estimated
– FEI estimates first year compliance costs estimated to be $8 million or more for companies with revenue $5 billion or greater
Source: FEI Survey July 2004
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation6 SWG Value – All Sections Apr 18, 2023
A look towards tomorrow-”gaps” to considerSection 404 established the need to ensure that appropriate controls are in place and operating effectively.
What do we need to enable 404 compliance?….becomes…..
What do we need to enable the business and monitor its controls?
Today
• Project driven
• Inconsistent
• Document centric
• Manual controls
• Owned by “support”
Tomorrow
• “The way we do business”
• Integrated into processes
• Data centric
• Dynamic controls
• Owned by the “business”
What happens when?
• People leave
• Processes get improved
• New systems get implemented
• Businesses get sold/acquired
• Processes are outsourced
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation7 SWG Value – All Sections Apr 18, 2023
CoBIT & COSO
COSO is the control framework of choice for Sarbanes-Oxley compliance. All five layers must be
considered when evaluating internal control.
COBIT is a widely accepted IT control framework (ITGI). COBIT provides four domains
of IT control. COBIT controls address the
five layers of COSOControl Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring
Plann
ing
&
Org
aniz
atio
nAcq
uisi
tion
&
Impl
emen
tatio
nD
eliv
ery
&
Suppo
t
Mon
itorin
g
Section 302
Section 404
CO
SO
Co
mp
on
ents
COBIT Components
Information technology controls should consider the overall governance framework to support the quality and integrity of information
Competency in all five layers of COSO’s framework is necessary to achieve an integrated control program
Controls in IT are relevant to both to financial reporting and disclosure requirements of SOX
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation8 SWG Value – All Sections Apr 18, 2023
CoBIT – 4 domains, 34 control objectives (318 detailed control objectives)
Planning & Organization
Planning & Organization
Delivery & SupportDelivery & Support
Acquisition & Implementation
Acquisition & ImplementationMonitoringMonitoring
Information & IT Systems
Identify Solutions Acquire (Develop) and
Maintain Application Software
Acquire and Maintain Technology
Infrastructure Maintain IT Procedures Install and Accredit
Systems Manage Changes
Assist and Advise IT Customers
Manage the Configuration Manage Problems and
Incidents Manage Facilities Manage Data Manage Operations
Define Service Levels Manage Third Party Services Manage Performance and
Capacity Ensure Continuous Service Ensure System Security Identify and Attribute Costs Educate and Train Users
Monitor the Process Assess Internal
Control Adequacy Obtain Independent
Assurance Provide for
Independent Audit
Define the IT Plan Define the Information Architecture Define the Technology Direction Define the Organization and
Relationships Manage the IT Investment Communicate Management Aims
Manage HR Ensure Compliance with
External Requirements Assess Risks Manage Projects Manage Quality
* Items in red show overlap of CoBIT with SOX 404
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation9 SWG Value – All Sections Apr 18, 2023
IBM Approach to Addressing Sarbanes-Oxley 404
Scope: Define organization Assign owners Use existing corporate
structure
Document: Document processes and
sub-processes for each business unit
For each process, define objectives and risks that jeopardize that objective
Document the appropriate business controls to mitigate the risks
Evaluate & Report: Test the defined
controls Determine effectiveness Mitigate ineffective
controls
Improve / Transform Business Processes:
Model areas that need improvement Enhance application integration Improve data quality
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation10 SWG Value – All Sections Apr 18, 2023
Lotus Workplace for Business Controls and Reporting Sarbanes Oxley Edition GAO / CFO Act Edition CoBIT Edition Basel II Edition International Accounting Standards Edition OSHA Edition Others
“Managing regulations on a one-off basis will cost 10 times more than a more proactive, framework approach” … “public companies that adopt a comprehensive compliance management architecture will spend 50% less per year than those that don't:
Additional
Offerings
over
time
IBM Approach to Sustainable Compliance
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation11 SWG Value – All Sections Apr 18, 2023
Market Analyst Recommendations
• Seek software that extends beyond SOX. Consider building a compliance technology infrastructure that goes well beyond the scope of Sarbanes-Oxley, supporting regulations such as ADA, Basel II, HIPAA, and Equal Employment Opportunity.
• Make your compliance process collaborative (Interactive Across Org.)
• Look for Compliance Apps w / Electronic Content Management
What it Means
• SOX compliance will become a Routine Part of Doing Business.
• SOX applications will more completely address all sections of SOX. The solutions will expand to encompass other SOX requirements, including whistleblower and disclosures (for example, 409 real-time disclosures and electronic document filings)
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation12 SWG Value – All Sections Apr 18, 2023
“One” IBM Product – "One" Business Solution
WebSphere Portal Server(User Interface)
Content Manager(Data Repository)
Reporting(Reporting Format) Control Catalogs
Workplace Assessment(Scope / Document / Evaluate)
Wo
rkp
lace
Bu
sin
ess
Co
ntr
ols
& R
epo
rtin
gW
ork
pla
ce B
usin
ess C
on
trols &
Rep
ortin
g
Instant Messaging(Communication)
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation13 SWG Value – All Sections Apr 18, 2023
User Interface provides context
Or browse the entire corporate hierarchy and choose an item
here
To work on an item, choose it from My Lists, or from Search results
All of this information relates to the
highlighted detail
The current selection is always shown here, with all its properties
More ways to understand and
navigate structures
More context for the current selection
Find things faster
Scrolling portlets eliminate table
paging and excess page refresh
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation14 SWG Value – All Sections Apr 18, 2023
IBM Key Features SECURITY
– Standard IBM Product & Functionality - WebSphere Portal Server
– Role-Based – Delegating Authority for Control Owners
REPORTING
– 30 standard Templates including COSO Heat maps, Linkage Maps
– Executive Dashboard views with more extensive "drill" down by role
NAVIGATION
– Easy & Flexible Navigation through Cooperative Portlets
– Ability to adjust look and feel for organization
GENERAL
– Extendable Platform (Standard Workplace Architecture- J2EE)
– Native Excel Spreadsheet Import
– Corporate Look is easy and flexible
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation15 SWG Value – All Sections Apr 18, 2023
IBM Workplace Business Controls & ReportingTransparency
Aggregates Information on enterprise level
Provides management snapshot of compliance status
Provides understanding of the details
Consistency and Automation
Users work on appropriate tasks quickly and resume day-to-day activities
Processes are linked to corresponding financial statements
Controls are defined and can be checked with test case for validation
Efficiency and Effectiveness
Simple, consistent process flow
Sustainable process and documentation
Workflow management
Accountability
Key roles and risks are defined by process (CFO, Business Unit Owner, Process Owner, Control Owner, etc.)
Ownership is assigned to drive business accountability
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation16 SWG Value – All Sections Apr 18, 2023
Components of Total Cost of Compliance (TCOC)
Control Management
Costs+ Testing
Costs= TCOC
Control Documentation
Ongoing Control Monitoring
Updating Control Documentation
External Auditor Testing
Management Testing
Disclosure and Reporting
Costs+
Financial Reporting Process
Periodic Disclosure Management Process
Real-time Disclosure Management Process
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation17 SWG Value – All Sections Apr 18, 2023
Reducing Disclosure and Reporting Costs
Financial Reporting and Disclosure Processes are generally involve …
– Workers geographically dispersed
– Multiple often non-integrated systems
– Mixture of Manual and automated activities
– Information from internal and external sources
As a result controls and documentation is generally decentralized
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation18 SWG Value – All Sections Apr 18, 2023
Reducing Disclosure and Reporting Costs
Lotus Workplace collaboration tools address these issues by providing …
– Instant messaging capabilities
– Electronic team rooms for discussion and document sharing as well as version control
– Archiving and document management for e-mail and instant messages
– Event tracking and and documentation through workflow
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation19 SWG Value – All Sections Apr 18, 2023
Reducing Control Management Costs
Control Catalogue updates to ensure consistency
Automatically create samples for simplified auditing and monitoring
Follow trends in control history to gauge momentum and progress
Create more detailed access control to ensure integrity
Customize language in the software to match your corporate parlance
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation20 SWG Value – All Sections Apr 18, 2023
Reducing Control Management Costs
Customize email notifications to meet corporate control policies and timelines
Integrate seamlessly into your corporate intranet reducing end user training
Team rooms for projects: data, plans, communications assignments, in one place
Expertise locator and Instant Messaging Shared
Customize email notifications to meet corporate control policies and timelines
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation21 SWG Value – All Sections Apr 18, 2023
Reducing Control Management Costs
Enhanced import capabilities; including directly from MS Excel®
Import procedures directly to avoid duplication and ensure consistency across units
Import data with default owners
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation22 SWG Value – All Sections Apr 18, 2023
Reducing Testing Costs
Share controls across multiple processes to reduce testing overhead
Centralized testing capability to ease auditing and endure consistency
Email alerts to simplify testing process
Configurable email alerts to focus employees on timely control activity
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation23 SWG Value – All Sections Apr 18, 2023
Why IBM ?
IBM Differentiators
• Global scale and delivery capabilities: world’s largest software organization
• Integrated services; strategy through implementation and operation
• Deep industry expertise and knowledge of industry processes
• Leading-edge Solution Focus on SOX and other risk & compliance areas
• Deep technology skills
• Strategic alliances with leading technology vendors
• Premier client list and “track record” of success
• Focused investment in innovative solutions, people development, and intellectual capital
Help reduce the cost of managing risk & compliance
Step-wise approach to addressing SOX challenges Start with 404 controls, expand into
modelling / improvements into financial business processes
Add 802 archiving / retention Move to 409 (speed 10k/10Q creation),
address real-time material event reporting Common infrastructure that can be leveraged
for multiple risk & compliance initiatives Consistent user experience Provide decision makers with the right
information at the right time At a glance status on “readiness”
Our Qualifications
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation24 SWG Value – All Sections Apr 18, 2023
Market Response
281 Customers Awaiting IBM Demo / Proposal
38 Proposals Currently Pending
18 New Customers Since April 1 Release
8000 User Community
64% Y-T-D SMB Customers
38% Y-T-D Non-Traditional IBM Accounts
Cross-Industry / Multi-National Environment
13 Customers considering IBM for COBIT Management
8 Customers planning to use for Business Performance Management
IBM Internal Audit Usage to Manage SOX 404
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation25 SWG Value – All Sections Apr 18, 2023
Workplace Business Controls & Reporting Users
"We wanted something robust and functional that would be supported and enhanced by a legitimate vendor going forward. Having IBM as that provider gave everyone a great sense of comfort. The product is functionally rich and the pricing was competitive. A bit of a no-brainer really."
--David Sewalk, Senior Vice President, Business Solutions Development, Huntington National Bank
"We wanted something robust and functional that would be supported and enhanced by a legitimate vendor going forward. Having IBM as that provider gave everyone a great sense of comfort. The product is functionally rich and the pricing was competitive. A bit of a no-brainer really."
--David Sewalk, Senior Vice President, Business Solutions Development, Huntington National Bank
“The total IBM software and services solution helped Ceres Group discover internal and external deployment risks and make timely and well-informed decisions that comply with the federally regulated requirements of the Sarbanes-Oxley Act.”
“The total IBM software and services solution helped Ceres Group discover internal and external deployment risks and make timely and well-informed decisions that comply with the federally regulated requirements of the Sarbanes-Oxley Act.”
I BM – Sarbanes-Oxley View
© 2003 IBM Corporation26 SWG Value – All Sections Apr 18, 2023
IMPORTANT: Clients are responsible for ensuring their own compliance with the Sarbanes-Oxley Act. It is the
client's sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of
any relevant laws, including but not limited to, the Sarbanes-Oxley Act, that may affect the client's
business and any actions client may need to take to comply with such laws. IBM does not provide legal,
accounting or audit advice or represent or warrant that its services or products will ensure that client is in
compliance with any law.
IMPORTANT: Clients are responsible for ensuring their own compliance with the Sarbanes-Oxley Act. It is the
client's sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of
any relevant laws, including but not limited to, the Sarbanes-Oxley Act, that may affect the client's
business and any actions client may need to take to comply with such laws. IBM does not provide legal,
accounting or audit advice or represent or warrant that its services or products will ensure that client is in
compliance with any law.