• Home Page
• Corporate
  • BCRM Approach
  • BCRM FAQ
  • Case Studies
  • Certifications
  • Code Of Conduct
  • Company details
  • Customer satisfaction
  • Industry Endorsements
  • The Team
  • Why us?
• Policies
  • Business Continuity
  • Conflict of Interest
  • Corporate Social Responsibility
  • Data Protection
  • Disability Discrimination
  • Environment
  • Equal Opportunities
  • Health and Safety
  • Information Security
  • Personnel Screening
  • Quality
• Services
  • Health Checks
    • Business Continuity
    • Security Vetting
    • Data Protection Act
    • Software Asset Management
    • Service Management
    • Information Security
    • PCI DSS
    • Risk Management
  • Information Assurance
    • Disaster Recovery
    • Information Security
    • Physical Security
    • Employee Vetting
    • Software Asset Management
    • Risk Management
    • Identity Management;
    • Secure Disposal
  • Compliance
    • Governance Today;
    • GRC
    • FSA Compliance
    • Data Protection Act;
    • PCI DSS;
    • Sarbanes Oxley;
    • FSAP
    • Workflow and GRC;
    • Using XBRL for GRC;
    • Inspection of Records;
    • Litigation Support
    • Employment Law
    • FSA Support
    • Money Laundering
  • Management Systems Consultancy
    • ISO 9001
    • SO 14001;
    • ISO 17025
    • OHSAS 18001
    • ISO 20000
    • BS 25999;
    • ISO 27001;
    • Do you need us?
    • Auditing
    • Polices and Procedures
  • Continuous Improvement
    • ISO 9004;
    • Total Quality Management (TQM)
    • Six Sigma;
    • Capability Maturity Models;
    • ServQual / RATER;
    • EQF
    • Balanced Scorecards;
  • Certification Services
    • Standards Implemented
    • Management System Implementation Methodology
    • Consultancy to Support Certification
    • Certification Body Audit Markings
    • Certification Pre-Audit Services
    • Remediation
    • Certification FAQ
  • Digital Forensics
    • Forensic Evidence Recovery
    • Expert Witness Services
• Records Management
• Training
• Standards
  • Management Systems
    • BS 25999
    • ISO 14000
    • ISO 17025
    • ISO 20000
    • ISO 27000
    • ISO 9000
    • OHSAS 18000
    • PAS 99
  • Other Standards
    • BS 10008
    • BS 10012
    • ISO 25777
    • BS 7858
    • BS 8470
    • BS 7858
    • BS 8549;
    • ISO 15489
    • ISO 19770
    • ISO 24762
    • ISO 38500
• Legislation
  • Basel II
  • Data Protection Act
  • Financial Sector Assessment
  • Financial Services and Markets Act (UK);
  • Health Insurance Portability and Accountability Act US);
  • Markets in Financial Instruments Directive (EU);
  • Miscellaneous relevant EU Directives;
  • Payment Card Industry Data Security Standards (worldwide);
  • Sarbanes Oxley (US);
  • Single European Payments Area (EU);
• Legal
  • Copyright
  • Legal Disclaimer
  • Privacy
  • Security
  • Links to other sites
• Site Map
• Contact Us
•  

---

?

Sarbanes Oxley Act (SOx) Consultancy

---

• overview;
• service offering;
• approach
• benefits
• next steps

Overview

SOx has created a whole new world of risks and mandatory requirements for Top Management of public companies listed on the Securities and Exchange Commission (SEC) in the US. SOx also applies to subsidiaries of US companies outside the US.

Compliance administration can be complex and costly - stretching your already stretched resources even more.

The risks of non-compliance can be colossal for the CEO and CFO who are responsible for certifying the accuracy of financial data.

SOx was passed in response to a number of devastating accounting scandals, to ensure accurate financial reporting for public companies. It requires regulated companies to:

• maintain internal controls that ensure accurate financial reporting;
• identify material weaknesses and significant deficiencies.

SOx primarily covers the areas of:

• corporate governance;
• financial reporting;
• executive conduct;
• internal controls.

Section 404,deals with internal controls, inthis section the executive management is obliged to:

• document internal controls;
• assess the effectiveness of internal controls;
• prepare a report on internal controls.

Service Offering

BCRM recommends the use of: COSO, ISO 27001, ITIL and CobIT.

These are four compatible frameworks, operating at different levels of detail and scope, that provide a set of controls and governance for IT:

• COSO defines organization wide controls;
• CobIT satisfies and extends COSO controls relating to IT;
• ITIL can satisfy and extend CobIT controls relating to IT Service Management (Problem Management, Change Control, Release Control, etc.);
• ISO 27001 provides information security controls to meet and extend CobIT Security.

When combined with BCRM's workflow and governance product (WFD) it can be used to aid the CFO and CEO obtain certification that internal controls have been implemented and are used effectively.

When combined with the BCRM recommended Identity Management process, to can provide complete traceability, transparency and personal accountability of all actions undertaken within your organisation.

Approach

We approach each project in the same manner:

• definition of the scope of the project;
• define and agree the relevant sections of SOx (and other legislation and regulation) that is applicable;
• understand your business;
• undertake a detailed gap analysis;
• undertake a risk assessment;
• present findings in form of a Gap Analysis report;
• agree remedial work to be performed and delivery format;
• produce remedial work in association with your employees;
• implement awareness training;
• ad hoc advice as required;

Benefits

The benefits of using a BCRM for SOx compliance is that they are able to:

• create an organisational structure to ensure that roles and responsibilities for SOx compliance are established;
• define and implement relevant documented procedures to meet the SOx requirements;
• design processes and procedures specific to your business;
• develop and delivering relevant training for all your employees to meet their SOx obligations;
• develop innovative solutions to address your compliance issues;
• ensure that processes and procedures for SOx compliance are documented and tested;
• ensure that there is an ongoing compliance and monitoring mechanism in place.
• identify and objectively assess your risks;
• identify risk and evaluate risks to your organisation;
• manage and treat significant risks to reduce them to an acceptable level in line with risk appetite;
• protect the CEO and CFO;
• provide employees with regulatory and governance experience;
• provide governance, risk and compliance (GRC) experts;
• provide information security and assurance experts;
• provide pragmatic and relevant, as well as innovative, solutions to solve your SOx issues;
• provide traceability, transparency and personal accountability for all actions if combining WFD and BCRM's identity management solution;
• taking some of the burden off your overstretched Compliance Department;
• validate the adequacy of IT controls to meet Section 404;

Next Steps

• BCRM has a number of other service offering, these are listed here;
• BCRM is committed to providing a consistently high value service to our Clients;
• Sian Watson and David Lilburn Watson, who remain personally 'hands-on' throughout the process, manage this process.
• to understand how the BCRM suite of offerings can be used to transform your business, please contact us
• we look forward to discussing your specific requirements, at your convenience;
• whatever other type of consultancy you require, we can possibly offer a free Health Check.