Scribd Logo
Upload

Welcome to Scribd!

  • SOX Process

    Uploaded by

    Maria Rona Silvestre
    57 views6 pages
    This document provides guidance on performing walkthroughs of processes related to Sarbanes-Oxley Act (SOX) compliance. It outlines that the purpose of walkthroughs is to trace transactions from origination through a company's systems to financial reports. Walkthroughs should be performed when initially documenting processes, after major changes, and annually. Personnel not involved in the process should conduct walkthroughs. Documentation of walkthroughs should include procedures performed and outcomes.

    Original Description:

    Original Title

    120112474-SOX-Process

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides guidance on performing walkthroughs of processes related to Sarbanes-Oxley Act (SOX) compliance. It outlines that the purpose of walkthroughs is to trace transactions from origination through a company's systems to financial reports. Walkthroughs should be performed when initially documenting processes, after major changes, and annually. Personnel not involved in the process should conduct walkthroughs. Documentation of walkthroughs should include procedures performed and outcomes.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    57 views6 pages

    SOX Process

    Uploaded by

    Maria Rona Silvestre
    This document provides guidance on performing walkthroughs of processes related to Sarbanes-Oxley Act (SOX) compliance. It outlines that the purpose of walkthroughs is to trace transactions from origination through a company's systems to financial reports. Walkthroughs should be performed when initially documenting processes, after major changes, and annually. Personnel not involved in the process should conduct walkthroughs. Documentation of walkthroughs should include procedures performed and outcomes.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    of 6

    Guidance on performance of walkthroughs

    SOX PROCESS WALKTHROUGH QUESTIONNAIRE

    Business Unit:
    BU Code: XXXX
    Walkthrough signoff by:

    ………………………………………. …………………………………………
    Insert Position Insert Position
    ………………………………………. …………………………………………
    Date Date

    PART A INTRODUCTORY GUIDANCE INFORMATION


    PURPOSE OF THIS TEMPLATE
    This purpose of this template is to provide guidance to Business Units in the performance of
    Walkthroughs associated with Sarbanes-Oxley Act (“SOX”) compliance requirements. It may also be
    used by BU management in other matters related to the evaluation of internal controls over financial
    reporting.
    This template provides guidance information on a number of matters associated with planning and
    conducting Walkthroughs and evaluating the results of such walkthroughs. In addition, this template
    can be used as a mechanism for documenting the results of Walkthroughs.
    Additional guidance on this matter is provided by the Public Company Accounting & Oversight Board:
    Auditing Standard No.5 (“PCAOB AS5”).
    PURPOSE OF WALKTHROUGH TESTS
    PCAOB AS5 provides guidance to auditors on the purpose of walkthroughs. However, this guidance
    is equally useful to management if walkthroughs are conducted.

    A walkthrough test aims to trace a transaction from origination through the company's information
    systems until it is reflected in the company's financial reports. Walkthroughs provide evidence to:

     Confirm understanding of the process flow of transactions;


     Confirm understanding of the design of controls;
     Confirm that the understanding of the process is complete by determining whether all
    points in the process at which misstatements related to each relevant financial statement
    assertion that could occur have been identified;
     Evaluate the effectiveness of the design of controls; and
     Confirm whether controls have been placed in operation.

    As such walkthroughs conducted by management provide additional evidence as to the completeness,


    accuracy and reliability of documentation prepared by management to support SOX compliance
    activities. Walkthroughs also assist in forming an opinion on the design effectiveness of internal
    controls.

    The external auditor will also be required to conduct walkthroughs to support their S404 opinion.
    Guidance on performance of walkthroughs

    IS A WALKTHROUGH TEST REQUIRED?


    The conduct of walkthroughs is not mandatory in relation to confirming the integrity of process, risk and
    control documentation. However, it is strongly encouraged that BU management ensure walkthroughs
    are conducted on all Significant Processes to support SOX compliance activities.
    This may be particularly relevant where:
     SOX documentation was not completed within a recent timeframe;
     There have been known major process/system changes within your business; and
     There have been significant personnel changes within the business that are relevant to
    matters covered by SOX documentation.
    WHEN SHOULD A WALKTHROUGH TEST BE CONDUCTED?
    There is no “rule” as to how often walkthroughs should be performed. However, it is recommended that
    walkthroughs be performed:
     To support the initial creation of documentation to support SOX compliance. This should
    be focused on Significant Processes; and
     Following any major business process changes where process, risk and control
    documentation is being updated; and
     At least annually for all Significant Processes as part of the bank’s annual S404
    compliance activities.
    WHO SHOULD CONDUCT THE WALKTHROUGH TEST?
    Ideally, walkthroughs should be conducted by personnel that are not directly involved in the process
    which is the subject of the walkthrough. In addition, it is useful if the walkthroughs are conducted by
    someone that has a good working knowledge of the relevant process.
    Personnel conducting walkthroughs should be conversant with effective documentation of financial
    processes and associated risks and controls.
    IS INTERACTION REQUIRED WITH OTHER BUSINESS UNITS?
    This depends on the nature of the process that is the subject of the walkthrough. If the process being
    evaluated has significant linkages to other business units then it is likely that you will need to
    coordinate the conduct of the walkthroughs with the relevant BU. Such coordination may take two main
    forms:
     The walkthrough involves tracing the relevant transaction through the activities and
    controls performed by the other BU, including interfaces between the relevant BU’s. This
    will require a high level of cooperation and coordination between personnel responsible for
    the walkthroughs in each BU; or
     The walkthroughs focuses on the information flow interfaces between BU’s. However, no
    detailed walkthrough is performed in the other business unit in relation to the transaction
    flows under consideration. Rather, the focus is on the process transaction flow within the
    originating BU and how financial information is transmitted to and received from other
    BU’s. This approach will require coordination of personnel at the relevant information
    interfaces within each BU.
    This matter requires careful consideration and should be discussed with the Group SOX team and
    other BU SOX delegates where relevant.
    Guidance on performance of walkthroughs

    WHAT NEEDS TO BE DOCUMENTED?


    Documentation should be sufficient to enable an independent party to understand the nature of the
    Walkthrough conducted, the approach undertaken and the procedures performed and the outcomes
    achieved.
    Documentation would typically include:
     An outline of the approach in the walkthrough;
     Details of the personnel conducting the walkthroughs, location, time etc;
     Description of the procedures including observation, inspection, inquiry or re-performance;
     Details of any personnel interviewed;
     Details of documents/reports sighted as part of the walkthrough. You may also wish to
    retain copies of such documentation.
     Details of any exceptions noted and how these have been addressed.
    It is recommended that walkthrough documentation be structured in a logical format and indexed to
    facilitate subsequent review by the external auditors.
    Guidance on performance of walkthroughs

    PART B: PERFORMING THE WALKTHROUGH

    The following tables detail the specific matters that should be considered when performing the
    Walkthrough. The Walkthrough focuses on the completeness and accuracy of documentation supporting
    process description and risk and control analysis.

    The Walkthrough tested should undertake the procedures indicated in the Description column. The
    method by which these procedures are commenced should be detailed in the Confirmed By column e.g.
    observation, enquiry, re-performance etc. Document Ref indicates where the supporting information
    prepared/obtained by the walkthrough tester is filed for future review.

    PRELIMINARY
    CONFIRMED DOCUMENT
    PROCEDURE DESCRIPTION
    BY REF
    Determine the  Confirm the process (and associated risks
    subject of the and controls) that are the subject of the
    walkthrough Walkthrough. This should be confirmed
    with the relevant B SOX delegate and
    CFO/SFC.
     Consider whether the scope includes
    process elements performed by other
    BU’s.
    Understand the Ensure that the walkthrough tester has
    nature of the sufficient knowledge of the process.
    process Preparatory work should include:
     Initial discussion with BU personnel and
    relevant SOX delegate
     Review of existing SOX documentation
     Review of other relevant material e.g.
    Group Audit reports
    Request Following initial review of existing
    relevant activity documentation, walkthrough tester may
    and control request examples of process and/or control
    related documentation from the BU
    documents
    Select Sample transactions are selected to enable a
    transaction(s) to walkthrough tester to take the transaction
    be subject to through the nominated process and to enable
    Walkthrough confirmation of process elements and the
    incidence of control activities, particularly Key
    Controls.
     Select a sample of transactions to be
    tested. Sufficient transactions should be
    selected to enable adequate coverage of
    different transaction flows (where
    relevant).
     Transactions should also be selected by
    reference to money value, date of
    transaction, source of transaction.

    Page 4
    Guidance on performance of walkthroughs

    PROCESS DOCUMENTATION
    CONFIRMED WORKPAPER
    PROCEDURE DESCRIPTION
    BY REF
    Process  Are all key process elements appropriately
    Elements described?
     Are process elements in a logical order
    and do they represent the actual sequence
    of the transaction flow?
     Are the linkages between sub-processes
    properly described and reflective of actual
    transaction flows?
     Is it clear what happens to rejected
    transactions at each point in the process
    flow?
    Responsible  Are the departments/personnel
    persons responsible for each process element
    accurately described?
    IT Applications  Are the key IT applications (including end-
    user applications) accurately described
    and at the correct point in the process
    flow?
     Are there any IT applications that have not
    been included in the process flows?
    Input/Output  Does the documentation properly describe
    Documentation the key documents/reports that are used in
    the process?
    Results Identify any amendments that are required in
    relation to the Process Flowcharts.

    RISK MATRIX
    CONFIRMED DOCUMENT
    PROCEDURE DESCRIPTION
    BY REF
    Risk description  For each Key Risk, verify the point of
    occurrence of the risk and the accuracy of
    the description (“what can go wrong”)
     Consider whether there are any key risks
    that have not been identified.
    Risk Attributes Consider whether descriptions of the following
    are reasonable for each Key Risk:
     Impact
     Likelihood
     Relevant Financial Statement
    Assertion
    Results Identify any amendments that are required in
    relation to the Risk Matrix.

    Page 5
    Guidance on performance of walkthroughs

    CONTROL MATRIX
    CONFIRMED DOCUMENT
    PROCEDURE DESCRIPTION
    BY REF
    Description of  Observe the actual implementation of Key
    control Controls and review supporting materials
    and audit trails. Do the identified Key
    Controls operate in the manner described?
    Control Consider whether descriptions of the following
    attributes are accurate for each Key Control:
     Frequency
     Control owner
     Manual vs. automated
     Detective vs. preventive

    Control owner Confirm that the control owner has the


    appropriate skills and experience to undertake
    the control activity.
    Evidence of Through observation and enquiry, confirm that
    control there is appropriate evidence of the operation
    of each Key Control.

    For automated controls, liaison with IT may be


    required.
    Results Identify any amendments that are required in
    relation to the Control Matrix.

    Page 6

    You might also like