Audit Serve, Inc.

The Premier Audit, Security and Sarbanes-Oxley Consulting Company

Pre-Implementation Reviews of Sarbanes-Oxley
 Impacted Systems 

By: Mitchell H. Levine, CISA
Audit Serve, Inc.

                                                             

Low Cost & Highly Skilled 
IT Audit and SOX Consulting Resources Available Immediately
Call Mitch Levine at (203) 972-3567 or 
email levinemh@auditserve.com for additional information

The Sarbanes-Oxley project has focused on the documenting and testing of controls within application systems which are  impacted by Sarbanes-Oxley. As part of the final analysis  of controls to determine whether they meet industry best practices, a list of control weaknesses are established. Typically in an IT audit, the primary component of the issue negotiation besides how it will be resolved is to determine acceptable length of time before action needs which is based on the overall risk. If the entire risk mitigation  resolution requires a significant amount of time, interim solutions are established.

For Sarbanes-Oxley impacted systems, some of the risk mitigation solutions may reside in replacement systems. 
Many organizations have held off the implementation of  these new system until after the company's fiscal year-end since they would not have (1) sufficient time to document and review the controls in the new system and (2) evaluate financial and operational control changes as part of the rollout of a new system. However, since the replacement system in many cases provides solutions to control issues within the sunset system, management needs to establish interim controls to mitigate the risk to acceptable levels.

Although management may delayed the implementation of replacement systems until after the fiscal year end, the 
evaluation of controls to ensure Sarbanes-Oxley compliance cannot be delayed until the system is brought on-line.  A pre-implementation review needs to occur during the system's development to ensure that controls are designed into the system.

============ADVERTISEMENT===============
Audit Serve Sarbanes-Oxley Implementation Consulting Services

Contact Mitchell Levine of Audit Serve at(203) 972-3567,
e-mail Levinemh@auditserve.com or visit http://www.auditserve.com 
for additional information.

---------------------------------------------------

The following is a list of scope components within a pre-implementation review which have special emphasis on
Sarbanes-Oxley requirements:

(1) Assessment of the project status to determine whether the system will be installed by the target date which coincides with the acceptable length of time prior to resolving the control issues within the sunset system.

(2) Perform a gap analysis between the controls deficiencies in the sunset system and the planned control resolutions within the replacement system. In addition, perform control analysis of the replacement system to ensure there is not a degradation of controls.

(3) Review of the application data integrity controls which emphasizes the review of business process rules which enforces that accuracy of the financial statements. This review is especially difficult, because the design of the manual controls (e.g., review processes) may not be established until the users are provided training on the system. Identifying control gaps at this late stage in the project life cycle will either delay the implementation of the system or the replacement system will brought on-line with known Sarbanes-Oxley control issues. 

(4) Assessment of data interfaces to ensure that data integrity and completeness controls are in place.

Looking forward to the planned system deployments is a critical  component to maintaining Sarbanes-Oxley compliance. The Sarbanes-Oxley project does not end with the documenting and testing of controls of the current environment. Section 404 of the Sarbanes-Oxley Act requires the CEO and the external auditors
to signoff on the adequacy of the controls which generates the financial statements each year.

Copyright  2006, Audit Serve, Inc. All rights reserved. Reproduction, which includes links from other Web sites, is prohibited except by permission in writing.

This article appeared in a past issue of the Audit Vision E-Mail Newsletter.

Technical Articles | Conferences | Audit Programs | Audit Serve Seminars | Consulting Services | Audit Vision Newsletter | What's New | Contact US

This website has been optimized for Netscape and Internet Explorer 4.0 and above.  Your comments and suggestions are always welcome, please email webmaster@auditserve.com.
Copyright © 2000  All rights reserved.  27 Pine Street, Suite 700, New Canaan, CT 06840 USA.