MENLO PARK, Calif., Oct. 9 /PRNewswire/ -- As more companies work to transition their Sarbanes-Oxley (SOX) compliance efforts from a project to an ongoing, sustainable and cost-effective process, they are assessing strategies to better leverage the SOX technologies they've acquired and implemented. Protiviti Inc., a leading international provider of risk consulting and internal audit services, has addressed the growing need for substantive and practical guidance in this area with the release of its new publication, Guide to the Sarbanes-Oxley Act: Managing Application Risks and Controls.
(Logo: http://www.newscom.com/cgi-bin/prnh/20051101/SFTU041LOGO )
This informative reference tool provides guidance to generate more value out of technologies now that, for most organizations, Year Two of Sarbanes-Oxley compliance is coming to a close. Written by the leaders of Protiviti's Application Controls Effectiveness (ACE) practice, Guide to the Sarbanes-Oxley Act: Managing Application Risks and Controls offers detailed insights, ideas and concepts that should be of great interest to those responsible for internal control strategies within their organizations.
"Protiviti's ACE practice assists companies with their efforts to manage application risks, and the compliance challenges that accompany them, by defining and implementing internal control strategies," said Michael O'Donnell, managing director and global leader of Protiviti's Technology Risk Services. "While the broader context of this guide is the efforts of organizations to address Sarbanes-Oxley, the issues we address will be relevant to executives and audit committees interested in improving and managing the integrity of applications, regardless of a company's compliance initiatives."
Guide to the Sarbanes-Oxley Act: Managing Application Risks and Controls provides specific advice on how to identify relevant applications and the related risks that are important to Sarbanes-Oxley compliance, as well as how to most effectively test the controls that mitigate these risks. Additional topics addressed in this publication include:
-- General application risk and control considerations for complying with
Sarbanes-Oxley: Protiviti provides a detailed overview of application
risk and control as it relates to Section 404. Topics include
benchmarking strategy and disclosure guidelines regarding
ERP/application implementation.
-- Application control considerations: Issues include how key
applications are identified for documentation, and application control
considerations for the order to cash, procure to pay, and close the
books/financial reporting cycles.
-- Access security considerations: Many security configurations create
exposure relating to segregation of duties issues or excessive access
to sensitive transactions. The guide addresses processes that should
be in place with respect to establishing proper user access security
and segregation of duties, the roles of the business and IT
organization in controlling user access processes, and how an
organization can improve its ability to manage appropriate security
without incurring excessive cost and time bottlenecks.
-- General IT controls related to applications: Protiviti discusses
evaluating application change controls, managing interface risks, and
the elements of data management and disaster recovery that should be
evaluated by compliance teams.
-- Implementation controls and considerations: This section includes
explanations of the primary risks associated with implementation of a
new application, data conversions and functional testing.
-- Documentation: Protiviti offers guidance on controls documentation at
various levels, including the entity level and activity/process area
level.
-- Testing: As with other controls, IT controls must be tested to
ascertain that they are operating as designed. The guide includes
strategies for controls testing at the infrastructure and application
levels.
-- Addressing deficiencies and reporting: Protiviti discusses ideas for
how management can address deficiencies and gaps in application
controls, and how an external auditor views application controls during
the attestation process.
-- ERP compliance software and automated testing tools: Protiviti suggests
Sarbanes-Oxley enablement software that companies should consider along
with questions the organization should address with respect to
evaluating an application's capability to support Section 404
compliance.
To request a complimentary copy of Guide to the Sarbanes-Oxley Act: Managing Application Risks and Controls, contact the Protiviti office nearest you by calling 888-556-7420. You also can download an electronic copy by visiting http://www.protiviti.com/ .
About Protiviti Inc.
Protiviti ( http://www.protiviti.com/ ) is a leading provider of independent risk consulting and internal audit services. The firm provides consulting and advisory services to help clients identify, assess, measure and manage financial, operational and technology-related risks encountered in their industries, and assists in the implementation of the processes and controls to enable their continued monitoring. Protiviti also offers a full spectrum of internal audit services to assist management and directors with their internal audit functions, including full outsourcing, co-sourcing, technology and tool implementation, and quality assessment and readiness reviews.
Protiviti's ACE practice provides a full spectrum of services to analyze, standardize and automate internal control strategies throughout Enterprise Resource Planning (ERP) systems and processes.
Protiviti, which has more than 50 locations in the Americas, Asia-Pacific and Europe, is a wholly owned subsidiary of Robert Half International Inc. . Founded in 1948, Robert Half International is a member of the S&P 500 index.
NOTE: Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
AP Archive: http://photoarchive.ap.org/
PRN Photo Desk,