3 Ways to Reduce the Costs of SOX compliance

Transcription

1 3 Ways to Reduce the Costs of SOX compliance

2 Presenters John Verver CPA CA, CISA, CMC Consultant and Advisor to ACL Phil Shomura Senior Product Manager at ACL

3 Agenda Current Costs of SOX Compliance Technology-driven SOX Compliance #1: Enable Greater Collaboration #2: Increase Automation throughout the SOX Process #3: The Powerful Role of Data Analytics Q & A

4

5 SOX Compliance Costs

6 How Much Does SOX Compliance Cost? 32% with 12+ locations $2.0M $1-5B Companies $0.93M Average $1.03M+ $20B+ Companies $1.98M 53% of $20B+ Companies > $2.0M

7 Where Does the Time Go? Average Hours Spent on Each Key Control

8 Costs of SOX Compliance Current State for Many Companies: Recognition that there is value in better financial controls Incredibly resource-intensive process Prohibitively expensive Far from optimally efficient

9 Technology Drivers for Reducing SOX Compliance Costs

10 Improving Efficiency and Effectiveness in SOX Compliance How are companies currently using technology? Many still use spreadsheets and internally developed systems Others use combinations of first generation audit/risk application software Most control testing is manual Minimal use of data analytics

11 Improving Efficiency and Effectiveness in SOX Compliance The challenges of current approaches: Today s optimized technology solution: Spreadsheets are notoriously hard to manage, share, use Difficult to get insights needed for control rationalization/optimization Control testing is laborious Difficult to determine control effectiveness on ongoing basis Certification processes are time consuming Software is designed to support ease-of-use and collaboration Relationships among risks and controls are linked, supporting control optimization Controls tested automatically via data analytics and transactional monitoring Red flags and control remediation managed through automated process SOX compliance integrated into enterprise risk and compliance management

12 How Can Technology Reduce SOX Compliance Costs? Increased Efficiency Improved Collaboration Greater insights & assurance Reduced hours and costs Improved Controls Reduced risks of fraud, error & abuse

13 #1: Enable Greater Collaboration

14 Enabling Greater Collaboration Common Current State: Technology Enablers: Risks and controls in different financial systems are viewed in isolation Each line of defense has different priorities and views of risks Difficult to achieve integrated overall view of ICFR risks and state of compliance External auditors uncertain of compliance activities and perform/request additional work Centralized repository of risks and controls Seamless links to control frameworks with fact-based quantification of risks SOX activities consistent with enterprise risk and compliance Links/relationships among risks and controls clearly visible

15 Framework Assurance

16 Map Risks to Policies, Processes and Control Objectives

17 Connect to Risk Management Frameworks and Regulations

18 Risk Scoring

19 Enabling Greater Collaboration The Results: Increased alignment and understanding around key risks and controls Quantified impact of control failures Greater consistency in SOX compliance processes across the organization SOX compliance can be integrated into enterprise risk and compliance activities External auditors gain more rapid insight into effectiveness of compliance activities

20 #2: Increase Automation

21 Increasing Automation Common Current State: Technology Enablers: Reliance on manual controls Control testing processes largely manual Response processes to control failures rely on spreadsheets and Collecting and collating data from control owners is onerous Controls are automated whenever practical and effective Analytics and monitoring are used to automatically test controls Automated workflow for responses to control weaknesses and suspect transactions Automated distribution, collection and collation of questionnaires, surveys & attestations

22 Project Dashboard

23 Smart Response Management

24 Smart Deficiency Remediation

25 Questionnaires, Surveys and Attestations

26 Manage and Monitor Hotlines

27 Increasing Automation The Results: Reduction in time spent on control testing Reduction in time spent on management/administration of compliance processes More effective controls More effective control remediation

28 #3: The Power of Data Analytics

29 The Power of Data Analytics Common Current State: Technology Enablers: Valuable risk insights trapped in various static documents and systems Limited use of data automation and analytics MS Excel often primary analysis tool Point-in-time testing of controls to uncover risks or anomalies Data analyzed from multiple data sources Suites of analytics applied to test control effectiveness in each financial process area Data analytics drive quantified risk/control assessments Continuous monitoring of activities to uncover evolving risks in key control areas

30 Connect to Data from a Wide Range of Sources

31 Analyzing Massive Amounts of Data to Identify Risks and Anomalies

32 Libraries of Specialized Analytics Revenues

33 Data Visualization and Trend Analysis

34 Dashboard Views of Risk Monitoring and Assessments

35 How Can Technology Reduce SOX Compliance Costs? The Results: Continuous compliance risk management Prompt identification and response to control risks and weaknesses Greater assurance over control effectiveness Quantified views of SOX compliance Reduction in time spent on manual testing activities

36 The Results of Technology Enablement

37 How Can Technology Reduce SOX Compliance Costs? Using Modern Technology as Compliance Enabler Can: Drive more efficient processes Reduce hours and costs Facilitate collaboration Create consistency in processes Increase insights and assurance Improve controls Minimize risks of fraud, error and abuse

38

39 Questions?

40 For more information contact: John Verver Phil Shomura