Corporate Governance, internal controls
- Sarbanes Oxley (SOX)
- implementation
- management
- transformation
ORGANISATION
- Global Industrial Battery Producer – $2Bn revenue, 9000 FTEs
project SCOPE
- Company just started to be quoted on NYSE and therefore SOX implementation was required.:
- full implementation in production entities EMEA & APAC transformation form project to process (YEAR 2)
project GEOGRAPHY
EUROPE, ASIA PACIFIC (APAC)
Full scope: UK, France, Italy, Germany, Poland, Bulgaria, China, Singapore, Japan, Australia (+ 30 local limited scope)
FINDINGS
- no SOX methodology,
- weak corporate governance culture
- non standardized and weak internal control systems
- lack of control risk management:
- documentation
- testing
- analysis
CHALLENGES
- project complexity (6 entities full scope + 30 entities limited scope in EMEA)
- lack of understanding by both staff and management
- time constraints, delay on starting point
- resistance to change
- SCOPE extended in the middle of the process (APAC – 4 entities full scope)
ACTIONS
- planning (incl. roadmap)
- top management involvement
- consulting approach with global accounting firms/certifier (EY)
- collecting data, understanding of processes, walk-throughs, testing
- documentation and evidence
- hiring local testers to speed up the process
- communication management
- transition of SOX from project to process after 1st year
DELIVERABLES
- SOX implemented & assessed – efficient
- SOX properly implemented without material discrepancies found by EY (certifier)
- SOX transformation into process
- Project transformed onto standarised SOX process, ensuring sustainability of the regulatory compliance
- $500k/y – cost reduction
- Reduction of the key controls number (from avg 300 to avg 100 only) and therefore reduction of projects costs (-$500k) per year
- Efficient ICM dep’t (Internal Controls)
- Perfectly functioning and efficient ICM department, smoothly managing SOX process, but also used to permanent improvement of controls environment
EXPERTISE APPLIED
Risk Managment
- risk identification and evaluation
- promoting risk approach culture
Strategic Planning and Vision
- internal controls (design, implementation, monitoring)
- frameworks standards (PCAOB, COSO, COBIT)
- SOX/RCM (Risk Controls Matrix): implementation, management, transition
- business process: (assessment, streamlining, simplification, permanent monitoring)
- process documentation (narratives, workflows, walkthroughs, testing): O2C, P2P,
- R2R, others
Audit and Assurance
- audit procedures (sampling, sampling, testing, walk-through, documentation, investigation)
- IT audit procedures (general IT controls)
Project management
- proper process planning
- roadmaps preparation and execution
- efficient resources allocation
Call to have a short discussion (without any obligations)