SOX

SOX

Sarbanes-Oxley Act
  • SE Document completely meets our document control requirements, facilitates retrieval, and manages the entire document revision process.
    Janaina Salatti – Quality Supervisor    		      
    Group Roullier
  • SoftExpert Solution has streamlined data sharing for our quality system and has contributed to reducing impacts on the environment through doing away with the need for storing piles of original and obsolete paper documents for auditing purposes.
    Solange Amaral – Human Resource Analyst    		      
    Carrier
  • The SE Project was implemented quickly and the time required for the adoption of the solution by the users was quite natural, considering that the pharmaceutical segment is legally required to work with reliable and secure records that guarantee the quality of products and do not represent risks to the population.
    Randel Moreira – IT Manager    		      
    Laboratório Globo
  • We have achieved improved dependability as well as standardization in our processes to assure measurement consistency and the required monitoring to verify conformity in our products. This adds enhanced safety and quality to our customers.
    Helton Calaça – SPC Technical Support    		      
    Mitsubishi Motors
  • Our productivity and reliability increased greatly. The software helped us to meet the ISO/TS 16949 standard requirements, providing security in the daily routine of the Engineering area and auditing, while easily proving full compliance with the standard and customer requirements.
    Jeferson R. F. dos Santos – MENFUND Unit Manager    		      
    Menegotti
  • SE Document has provided the means to streamline our document control, through excellent drilldown options for searching and registering documents, a systematic workflow
    tool for sending pending tasks to system users, as well as really cutting down on the need for printed copies.
    Ângela Fischer    		      
    CTA-Continental
  • The SoftExpert facilitates and speeds up activities, and the system was considered highly suitable for the renewal of ISO/TS 16949 and ISO 14001.
    Cristina Pereira – Gerente adjunta de Informática    		      
    Coindu
  • Online access to wherever we offer services ensures us speedy responses, through reliable and updated information, which, in turn, facilitates decision making and customer satisfaction.
    José Andrade – Opetrec Manager    		      
    Opetrec
  • SE Document manages ISO standardization documentation to facilitate compliance, as well as all other document types. The workflow system provides great distribution copy control, approval, revision, printed copies, and document retrieval search capabilities. Currently, there are over 1,100 users and 3,500 registered documents.
    Carla Regina Schmitt    		      
    Universal Leaf Tabacos
  • The implementation of SE Action streamlined our continuous improvement process for managing actions, especially through the workflow functionality. This facilitates the verification of occurrence causes and drafting correction actions.
    Gustavo Martins – Quality Department Assistant    		      
    Coca-Cola

    The Corporate Accountability Bill sponsored by Senator Paul Sarbanes and Representative Michael Oxley was passed into law in 2002. It contains a number of provisions that impose obligations on public corporations designed to ensure transparency of operations and accountability. These provisions are designed to address specific business processes and ensure that auditable records are retained. Business Records today are heavily digitized, the result is a considerable impact upon the IT environment, particularly in storage processes.

    Benefits

  • Benefits of Implementing SOX include:

    • A more engaged control environment – with active participation by the board, the audit committee and management.
    • More thoughtful analysis of monitoring controls, along with recognition that monitoring is an integral part of the control process.
    • More structure year-end closing process and recording of journal entries Thus recognizing the extent to which theses areas have increased in complexity.

    Benefits of Implementing SOX include:

    • A more engaged control environment – with active participation by the board, the audit committee and management.
    • More thoughtful analysis of monitoring controls, along with recognition that monitoring is an integral part of the control process.
    • More structure year-end closing process and recording of journal entries Thus recognizing the extent to which theses areas have increased in complexity.
    • Implementation of anti-fraud activities with defined processes in place, including responsibility for follow-up by defined parties and resolution approaches.
    • Better understanding of the risks associated with general computer controls, and the need to improve both control and audit procedures to gain assurances that the risks associated with computer systems are mitigated.
    • Improved documentation of controls and control processes that can serve as the basis for training practical day-to-day guidance and management evaluation.
    • Improved definition of controls and the relationship of controls and risk across the organization.
    • Control parameters becoming embedded into the organization with a broader understanding by operating personnel and management of their responsibility for controls.
    • Improvements in the adequacy of the audit trail as a basis to support operations as well as to support audit assessment of control adequacy and financial reporting.

    Back to top      Close

    • The Challenge

  • SOX primarily targets financial documents and financial reporting but it is clear that the overflow effect will be to include an ever-increasing variety of data that may be used to support those materials.

    SOX has an immediate impact within the data storage area, which provides penalties for destruction, alteration or falsification of records. It prohibits destruction of corporate audit records. The records covered are as broadly defined as any that may be required in a federal investigation or bankruptcy proceeding. While financial records are the principal interest, other records such as communications regarding transactions and documents relating to projects may also fall within the Act’s purview.

    SOX primarily targets financial documents and financial reporting but it is clear that the overflow effect will be to include an ever-increasing variety of data that may be used to support those materials.

    SOX has an immediate impact within the data storage area, which provides penalties for destruction, alteration or falsification of records. It prohibits destruction of corporate audit records. The records covered are as broadly defined as any that may be required in a federal investigation or bankruptcy proceeding. While financial records are the principal interest, other records such as communications regarding transactions and documents relating to projects may also fall within the Act’s purview.

    The effect upon data storage processes is that all documents must now be protected against willful deletion, alteration or destruction, with the burden of proof on the corporation to prove that alterations have not taken place. Documents that are relevant to an audit or review need to be retained for a period of seven years. Since the scope of a review cannot be determined in advance, this could potentially include communications, project documents, memos, plans, specifications, and pronouncements.

    To accelerate SOX compliance as well as safeguard confidential information, companies need automated solutions and processes that provide full visibility into all activities and automated workflows for distributing reports and getting sign-offs from compliance oversight teams. In addition, they need a unified approach that provides auditing, as well as real-time security capabilities such as policies, alerting and blocking of unauthorized activities.

    SoftExpert GRC Suite is easy-to-use, comprehensive compliance software for automating and managing business processes. It also controls documents, projects, changes, risks, and related activities in a secure environment. SoftExpert Excellence Suite provides an automated, searchable system for documenting internal controls and business processes to help ensure SOX compliance.

    With SoftExpert GRC Suite, users can create, collaborate, log, execute and conclude business transactions in a structured, efficient environment. Through SoftExpert Excellence Suite, users across an organization can immediately access information regarding a process or project, including all outstanding issues, approvals, statuses, discussions, and communications.

    Back to top      Close

Back to top

Each SoftExpert component addresses key compliance issues as shown below:

Module SOX Compliance and Requirements
SE Document
SE Document
  • Maintains SOX documentation in a secure, centralized system that can be accessed by users and auditors from virtually anywhere.
  • Automated task assignments, routing, escalation, review, and approval increasing efficiency for the internal compliance team.
  • Changes are automatically tracked and approvals are streamlined.
  • Enables external auditors to search and retrieve documents quickly and easily, resulting in savings of billable hours used.
  • Compliance history always accessible.
  • Retains documents according to company policy, anywhere from 24 hours to several years or longer. Retention can be configured by document category.
SE Process
SE Process
  • Ensure processes are defined, planned, and documented.
  • Ensure processes are monitored and controlled.
  • Creation of approval cycles to enable full visibility and accountability for executive management.
  • Advanced tracking and reporting capability.
  • Real-time view of a company's SOX environment, allowing continuous monitoring and processes improvement, increasing confidence among executives, process owners, and auditors.
  • Processes can be carried out under controlled conditions: documented instructions, in-process controls, and approval of processes and controls.
SE Project
SE Project
  • Automated task assignments, routing, escalation, review, and approval, increasing efficiency for the internal compliance team.
  • Compliance history always accessible.
  • Ready to use, proven project management process aligned to de facto standard PMBOK approach.
  • Provides tailoring of additional and organization unique processes and reporting capabilities.
  • Provides project classification schemes. Projects associated with or impacted by Sarbanes-Oxley can be tracked and managed.
  • Templates and checklists for tracking and managing changes.
  • Provides project and product development processes.
  • Provides stage-gates approach for projects, including scorecard criteria and criteria for a "go/no-go" decisions.
SE Risk
SE Risk
  • Manages enterprise and operational risks.
  • Risks, controls, and tests are linked for traceability.
  • Risk framework can easily be configured to a variety of organizational structures or methodologies, enabling organizations to adapt the solution to their unique systems and processes.
  • Supports a top-down risk assessment approach and a process level risk assessment approach that analyzes business process across the organization.
  • Automates the tracking of inherent, target and residual risks.
  • Identifies and scores enterprise-wide risks based upon significance and likelihood, and tracks controls related to each risk.
  • Provides a framework for establishing risk management goals and priorities, identifying action plans and ownership, and monitoring progress against goals.
  • Robust reporting features such as dashboards, heat maps, and key risk indicators enabling executive monitoring of critical risks.
SE Audit
SE Audit
  • Audits are planned and performed.
  • Results of audits are communicated to management.
  • All findings are corrected and registered.
  • Manages any required corrective action.
  • Ensures corrective actions are carried out on time.

Back to top

 ?>
Download Center
Select materials of interest and click Download