© 2006-2007 Cost Advisors, Inc. 1 Sarbanes-Oxley Section 404 Sarbanes-Oxley Section 404 Documentation and Testing Documentation and Testing Software Software
Mar 31, 2015
© 2006-2007 Cost Advisors, Inc. 1
Sarbanes-Oxley Section 404 Sarbanes-Oxley Section 404 Documentation and Testing SoftwareDocumentation and Testing Software
© 2006 - 2007 Cost Advisors, Inc. 2®
• Founded in 1999 by Bill Douglas
• Collaborated with all ‘Big 4’ firms and public
companies to design SarbOxPro®
• Microsoft Access and Excel experts
• Taught SOX 404 ‘Best Practices’ class for OSCPA
• Published article for the Internal Auditor, “A Guide to Section 404 Project Management"
V
DVISORS™
cost
© 2006 - 2007 Cost Advisors, Inc. 3®
Fast, Easy Documentation & Testing Software
• Easy Input
• Easy to Use
• Easy Output
Our goal is to make your SOX 404 Project fast, easy, and affordable
© 2006 - 2007 Cost Advisors, Inc. 4®
SarbOxPro® Features
Easy InputFast and easy installation on any PC or existing shared drive Import data directly from Excel® (or use pre-populated data)
Easy To UseControl and testing librariesIntuitive 'Tree' structureOrganize Visio, Excel, and Word DocumentsSchedule tests and keep a history of test results
Easy OutputRead SarbOxPro data with pre-formatted Pivot Tables in ExcelExport to ExcelPre-formatted Access Reports
© 2006 - 2007 Cost Advisors, Inc. 5®
Ideal Customer Fit
• Small to medium size public companies
• Limited budget
• Geographically concentrated
• Committed to Microsoft Office
• Accelerated filers with completed project data in Excel
• Non-accelerated filers needing guidance and pre-populated processes, risks and controls
© 2006 - 2007 Cost Advisors, Inc. 6®
Excel SarbOxPro Web-Based
Share controls and tests between documenters
√ √
Ensure pre-defined and uniform data capture √ √
Run consolidated reports for all documenters √ √
Easy to setup √ √
Custom reports in Excel √ √ maybe
Responsive (no latency) √ √
Low Cost √ √
E-Mail notification √
# Simultaneous users 1 about 5 dozens
SarbOxPro is Right for Many Companies
© 2006 - 2007 Cost Advisors, Inc. 7®
Without SarbOxPro®
Process PrioritizationProcess 1 MediumProcess 2 LowProcess 3 High
Document Test Report
IT General Risks & Controls
Segregation of Duties Analysis
Testing, Schedule & Status
Test 1 In ProgressTest 2 DoneTest 3 Not StartedTest 4 FailedTest 5 Done
Entity-LevelControls
Test PlansSelect Deficiency List
Deficiencies
Significant Deficiencies
Material Weaknesses
Process Improvement
Ideas1.
2.
3.
Flowcharts
Visio
Narratives in Word
Lists of Items Tested1. Pass/ Fail2.3.4.5.6.
xxx
x
Risk & Control Matrices
Risk Control
100010101020 . . .
GL Cross-Reference
xx
x
© 2006 - 2007 Cost Advisors, Inc. 8®
With SarbOxPro®
Li
Flowcharts
Visio
nk
Narratives in Word
Link
Li
Lists of Items Tested1. Pass/ Fail2.3.4.5.6.
xxx
x
nk
© 2006 - 2007 Cost Advisors, Inc. 9®
SarbOxPro® is FREE
Just pay $995 per year for the maintenance plan, which includes:2 hours telephone SOX 404 consultingFree E-mail support (10 incidents per year)Free upgradesAccess to user discussion group (forum)Access to additional SarbOxPro Excel Pivot tablesSOX 404 Best Practices classProject templates
© 2006 - 2007 Cost Advisors, Inc. 10®
Sarbanes-Oxley 404 Consulting Available
• Project scoping
• Preparation of documentation
• Risk assessment
• Testing
• Segregation of Duties analysis
• Project management
• Education and training
• Excel data clean up
© 2006 - 2007 Cost Advisors, Inc. 11®
Customer Quotes
"We are very pleased with the SarbOxPro software. It is integrated with the standards set by the PCAOB and is quite user friendly. It was an excellent tool in our planning process and has helped us in our documentation of our internal controls. We believe the pricing is very fair."
Gery Richards, Senior Accountant, Ramtron International
“Many benefits and efficiencies were realized through the application of SarbOxPro to our compliance efforts:
•Creates a flow of documentation that ensures our approach is complete. •Links all the information together for easy comprehension and minimal training for current and future staff. •Great central storage for all documentation. •Allows the user to customize screens.•Creates a testing log and schedule.”
Director of Internal ControlsOil & Gas Company
I find the SarbOxPro software very useful in giving me and my client a structure and an outline to follow as we document and test the scope and adequacy of the company's internal control structure and procedures for financial reporting.“
Sonny Sano, Business Consultant
© 2006 - 2007 Cost Advisors, Inc. 12®
Product Organization
User Guide
Retrieve reports
Input project data
Set up optional company data
Create a back up of your data
© 2006 - 2007 Cost Advisors, Inc. 13®
Initial Configuration:Set Up Data for Your Company
Customize field ‘drop downs’
Built-in risk evaluation tool determinesthe inherent process risk and risk of control failure.
Easy to import project data from Excel
© 2006 - 2007 Cost Advisors, Inc. 14®
Main Menu: Data Input
© 2006 - 2007 Cost Advisors, Inc. 15®
SarbOxPro Data Tree Structure
Cycle
Process
Objective
Risk
Control
Test
© 2006 - 2007 Cost Advisors, Inc. 16®
SarbOxPro Data Tree Structure
Risk = The possibility that an objective will not be met. (i.e. Invoices are not accurately input and processed both individually and in the aggregate).
Control = Mitigates risk (i.e. Exceptions to standard pricing and discounts require specific management approval).
Test = A check that the control is working (i.e. Verify evidence of management approval for price exceptions).
Objective = The goal of a process or transaction based on management’s assertions (i.e. Invoices with non standard pricing (exceptions) are reviewed and approved by the appropriate level of management)
Cycle = A group of processes performed to accomplish an objective (i.e. Revenue or Financial Reporting cycle)
Process = A subset of a cycle. (i.e. The Sales Order process, Credit Approval process, and Invoicing processes are all components of the Revenue cycle)
© 2006 - 2007 Cost Advisors, Inc. 17®
Financial Reporting
FIN-01 Chart of Accounts
FIN-02 Estimates & Accruals
FIN-11 Disclosures
FIN-12 Close GL
Obj FIN-12.A All JEs are booked
Risk FIN-12.A.1 Subledgers are incomplete
Risk FIN-12.A.2 Subledgers accum. Incorrectly
Risk FIN-12.A.3 Unposted JEs
FINCTRL-013 Closing checklist is used
EXPTEST-001
−
−
−
−
+
+
+
+
+
Example: Financial Reporting Cycle Monthly GL Close Process
Cycle
Process
Objective
Risk
Control
Test
© 2006 - 2007 Cost Advisors, Inc. 18®
Three Sections of Data Input
In the Data Tree Area you can see the hierarchy of Process, Risks and Controls.
In the Detail Area you can see the specific info for the single item selected in the Data Tree.
In the Library Area you can see the entire list of accounts and tests.
© 2006 - 2007 Cost Advisors, Inc. 19®
Overview – Data Input
Easily use the Data Tree Input Form with pre-loaded data or add your own. You can also add modify and delete Risks and Controls here.
© 2006 - 2007 Cost Advisors, Inc. 20®
Process Level Data
Enter process level data here.
© 2006 - 2007 Cost Advisors, Inc. 21®
Process Level: External Links
Visio® Data
SarbOxPro can reference external project documents such as Visio flowcharts, Word narratives, and test plan results in Excel.
© 2006 - 2007 Cost Advisors, Inc. 22®
Process Documentation
SarbOxPro calculates a comprehensive risk weighted score for each process based on the weight and score assigned by the user.
© 2006 - 2007 Cost Advisors, Inc. 23®
Segregation of Duties
Employees - Segregation of duties issues exist when a single individual does too much. Identify the people who perform each transaction and later run a report showing Segregation of Duties conflicts.
© 2006 - 2007 Cost Advisors, Inc. 24®
Objectives
Identify relevant assertions for each Objective.
Objectives are determined by ‘assertions’. Assertions describe what is ‘correct’ about financial processes. The standard PCAOB assertions are built into SarbOxPro.
© 2006 - 2007 Cost Advisors, Inc. 25®
Risks
Use the SarbOxPro pre-loaded risk data or easily import risks from Excel into SarbOxPro.
© 2006 - 2007 Cost Advisors, Inc. 26®
Deficiency Evaluation Form
This form is available from both the risk and testing menus. It can be used to document both design deficiencies and operating (testing) deficiencies. The form is designed to capture deficiencies noted by the project team plus remediation plans from process owners. Reports are available to summarize the status of deficiencies.
The ‘Determine Classification’ button in the Deficiency Evaluation Form will direct you to the Deficiency Classification Form (see next slide).
© 2006 - 2007 Cost Advisors, Inc. 27®
Deficiency Classification
This interactive flowchart is used to evaluate the severity of a deficiency as a Deficiency, Significant Deficiency or Material Weakness. The flowchart follows COSO standards.
The flowchart ‘branches’ to successive questions based on user answers to simple ‘yes’ ‘no’ questions.
© 2006 - 2007 Cost Advisors, Inc. 28®
Controls
Controls – You can use SarbOxPro pre-populated controls or import controls from Excel or write new controls. Once a control is in the library, use the ‘Select Controls’ button to pick a control from the library (see next slide).
© 2006 - 2007 Cost Advisors, Inc. 29®
Controls Library
Controls are saved to a control library so you can apply the same control to multiple risks in different cycles and processes. There is no need to re-enter the control data.
Locate controls in the library by filtering on keywords.
© 2006 - 2007 Cost Advisors, Inc. 30®
Test Data
Next Test Date – SarbOxPro calculates future test dates
Test Log- Archive historical test results
© 2006 - 2007 Cost Advisors, Inc. 31®
Main Menu: Reports
© 2006 - 2007 Cost Advisors, Inc. 32®
Reporting From SarbOxPro®
1. Display & Print
2. Export
3. Read
Read SarbOxPro from within Excel using pre-formatted Pivot tables.
Formatted Access Reports
SarbOxPro
© 2006 - 2007 Cost Advisors, Inc. 33®
Reports – Export to Excel
Export SarbOxPro data to Excel
Filter reports however you wish
© 2006 - 2007 Cost Advisors, Inc. 34®
Pre-formatted Access Reports
© 2006 - 2007 Cost Advisors, Inc. 35®
Reports – Excel Reader (Pivot Tables)
SarbOxPro ships with an Excel Pivot table that allows you to ‘read’ SarbOxPro Process, Risk, Control and Test data. This saves time from having to export SarbOxPro data to Excel each time the data changes.
© 2006 - 2007 Cost Advisors, Inc. 36®
Need more information?
Download a free copy of
SarbOxPro online at:
www.SarbOxPro.com
Call us for a demonstration:
503-646-3500
Receive fast responses to your
specific questions by E-mailing: