Corporate Compliance
33
Corporate Compliance
-
Upload
guest3bd2a12 -
Category
Technology
-
view
1.059 -
download
0
Transcript of Corporate Compliance
Corporate Compliance
Disclosure Controls Internal Controls
• Designed to ensure that required disclosed information is recorded, processed, summarized, and reported within the time periods specified by the SEC.
• Include controls and procedures to help ensure that the required disclosed information is accumulated and communicated to management to allow timely decisions regarding required disclosure.
• Controls that pertain to the preparation of financial statements for external purposes that are fairly presented in conformity with generally accepted accounting principles.
Preservation Controls
• Designed to ensure that all audit records, material financial transactions, related communications, working papers, and other data, is preserved, protected from alteration, and readily available.
Understanding the Law
The Sarbanes-Oxley Act established new and enhanced standards for corporate accountability, as well as severe penalties for corporate wrongdoing. Good corporate governance and ethical business practices are now the law.
Primary Areas of Regulation under Sarbanes-Oxley
Sarbanes-Oxley – Relevant Sections
Section 404 Requires management to annually:
• State their responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting
• Conduct an assessment of the effectiveness of the company’s internal controls and procedures for financial reporting
Requires the independent auditor to:
• Attest to management’s assertion (requires a framework such as COSO)
Section 409 Real Time Disclosures:
• Issuers are required to disclose to the public, on an urgent basis, information on material changes in their financial condition or operations. These disclosures are to be presented in terms that are easy to understand supported by trend and qualitative information of graphic presentations as appropriate.
Some Very Expensive Words
The COSO Framework
COSO identifies five components of internal control that need to be in place and integrated to ensure the achievement of each of the three main objectives.
1. Monitoring2. Information &
Communication3. Control Activities4. Risk Assessment5. Control Environment
Internal Control Framework
Primary Areas of Focus
• Control Activities Completion of the documenting of internal controls Testing and implementing internal controls Sustaining internal control implementations Implementation of system based controls
• Monitoring Timely review of reports Internal audit function Proactive notification of material events
• Information and Communication Single version of the truth Timely distribution of information
Lawson Solutions
Base Systems Financials, Procurement, HR/Payroll Expense Management, Time Management, etc… Reporting & Analytics Security
ProcessFlow - System based controls and approvals Lawson ProcessFlow provides a means of implementing
documented internal controls System based controls Audit trails are created and can be reported on
Smart Notification - Proactive Monitoring and Reporting Time or data event based Monitor data for “material events” Root cause analysis
Functionality comparison with Process Flow
Capability Smart Notes Process Flow
•Notifications with rich, actionable content? Yes - Focus No•End-user subscribe and customize model? Yes No•Dynamic links into Lawson applications? Yes No•Delivery to a wide range of devices? Yes No•Monitors data from both Lawson andnon-Lawson systems? Yes No•Ability to define and monitor complete processes / workflow? No Yes - Focus•Ability to automatically route workflowrequests? No Yes•Perform automated steps based onworkflow decisions? No Yes
ProcessFlow
Lawson ProcessFlow - Packaging
• ProcessFlow Standard Every Lawson release 8 customer receives ProcessFlow
Standard at no charge ProcessFlow Standard is delivered with the 8.0.X
Environment
• ProcessFlow Professional Saleable version of ProcessFlow Full-capability version of ProcessFlow
• ProcessFlow Solutions No charge, licensed products; 28 pre-built processes (flows) Available to every ProcessFlow Standard or Professional
customers Will operate with either ProcessFlow Standard or
Professional
ProcessFlow Standard
• Can build processes (flows) from scratch using the ProcessFlow Designer
• Can not build processes from scratch that contain any of these three nodes: UserNode HR UserNode Work Object Node
• Can operate and configure processes that contain any of these three nodes
ProcessFlow Professional
• Full-capability version of ProcessFlow• Can build processes (flows) from scratch that
contain any node in the ProcessFlow Designer• Can build processes from scratch for multi-step,
multi-user review and approval Job requisition Salary increase Purchase requisition Etc.
• Can build processes from scratch that contain these three nodes: UserNode HR UserNode Work Object Node
Types of Triggers (Standard or Professional)
Automatic Initiate ProcessFlow as a by-product of a Lawson application Action. e.g. requisition is released, employee expense approved . . .
Manual Initiate ProcessFlow as an explicit result of an employee action. e.g. Employee “presses” a button, . . .
Scheduled Initiate ProcessFlow in aTime-based or repeatableWay.
ProcessFlow Start
ProcessFlow Inbasket
• Delivered with both ProcessFlow Standard and ProcessFlow Professional
• Two versions: Web/HTML Inbasket Lawson Portal based Inbasket
• Both versions of Inbasket have same functionality• Both versions of Inbasket only require a web
browser connected to internet/intranet for access• Only difference is deployment method• Reviewers and approvers in ProcessFlow do NOT
need to be set-up as Lawson applications users• Unlimited number of end users
How Do You Build a ProcessFlow?
ProcessFlow Designer
• A Graphical User Interface (GUI) to define a process
• Simulate the process at design time• Upload the process on the ProcessFlow Server
Repository for server side execution
ProcessFlow Designer: Nodes
• Activity Nodes AGS, DME (Internet Object Services, IOS) Email Message Builder Work Object Creator Web Run
• Can be used to integrate with non-Lawson, web-addressable applications
User Action HR User Action
• Logical Nodes Branching - conditional channeling of data Iteration - looping over defined sub-graph Assign – basic mapping of variables
ProcessFlow Designer: Salary Change Approval
Can NOT use ProcessFlow Standard to build a process from scratch that includes the User Node(s)
ProcessFlow Metrics
• Track how long to complete each step in a multi-step, multi-level review and approval workflow process
• Metrics are stored in the database powering the Lawson applications
• Answer questions to identify bottlenecks: “How long does it take to approve purchase requisitions
greater than $1,000 by store, by region?”
• Can be analyzed by: Lawson’s Enterprise Performance Management products Lawson Smart Notification Other reporting and analysis tools
ProcessFlow Example
Business Problem
• New and Returning Employee Security Set-up Employees initiated the request for access Time consuming process An average of 60 - 80 new hires or returning employees
each bi-weekly pay cycle Small security division staff
Problem Resolution
• Used ProcessFlow Professional (or Standard) to Automate Security Set-up Process: Identifies all new or returning employees Verifies Status Code and Process Level Creates the user personal profile and web name (RD30)
record Creates the interface file for use by the current Lightweight
Directory Access Protocol (LDAP) account creation system Emails the employee or HR office the logon information
Example
• PHR008 Security Flow This process can be built from scratch with ProcessFlow Standard
Note no User Nodes, HR User Nodes, or Work Object Nodes
Smart Notification
Section 409
Take Section 409 Seriously. Preparations for SOX 409 – Real Time Issuer Disclosures – were delayed in many organizations due to the earlier 404 deadline or the belief that 409 would have minimal IT impact. As best practices for 404 emerge, RFG expects enforcement of 409 to become a priority. The result is likely to be nasty surprises for enterprises that assumed their only responsibility was faster reporting. Business intelligence systems may come under additional scrutiny when enforcement begins in earnest and regulators – and shareholders – attempt to determine who knew what and when. Attempting to use ambiguity in the law as a defense strategy is misguided.
Robert Francis Group, February 2005
Smart Notification
• Proactively monitors data, filters out noise, and automatically delivers important information
• Simplifies and guarantees reporting, analysis and information dissemination
• Eliminates uncertainty
Smart Notification makes it easy
Data Sources Smart NotificationServer
Smart Notification
In-Context Application Links
Smart Notification Example
Functionality comparison with Process Flow
Capability Smart Notes Process Flow
•Notifications with rich, actionable content? Yes - Focus No•End-user subscribe and customize model? Yes No•Dynamic links into Lawson applications? Yes No•Delivery to a wide range of devices? Yes No•Monitors data from both Lawson andnon-Lawson systems? Yes No•Ability to define and monitor complete processes / workflow? No Yes - Focus•Ability to automatically route workflowrequests? No Yes•Perform automated steps based onworkflow decisions? No Yes
