• You are managing your SOX process using Excel, email, hardcopy, etc. & you haven’t automated because of the cost
• You are worried about the: Reliance on individuals, Manual tracking and lack of visibility, High visible and hidden costs
• Do you really know where you stand?
• Are the work papers: Complete and where you think they are? Backed up anywhere?
• Has someone changed controls or tests without approval?
• What is in your path to compliance?
• What happens if your SOX administrator leaves?
• Are you really “in good shape” like you told the Board?

• A web-based tool to manage documentation, processes, controls and tests
• Easy migration from your current processes
• Compliance status “dashboard” reporting
• Workflow capable
• Comprehensive audit trails and security
• Hosted remotely, secure, back up and available 24/7
• Low cost of ownership in initial startup phase and continuing annually thereafter. Minor cost and time to implement

Process Designer

• Intuitive flowcharting tool
• Integrates risk with related control and test
• Workflow-driven testing and remediation
• Migration path from:
• Your hardcopy, through
• Uploading and locking that hardcopy, to
• Online flowcharting & workflow
• Easy update to meet changing circumstances
• Full audit trail of changes
• Changes require approvals

Process Controls

• Controls integrated with related risks and tests
• Flexible documentation standards
• Comprehensive control categorization
• Controls are security enabled to prevent unauthorized edits

Risk Assessment

• Entity level risk assessment
  • Upload your approved assessment
  • History of changes
• Transaction level risk assessment
  • Integrated with controls and testing
  • See your risk, related control and testing in context

Process Tests

• Testing process driven using workflow
• Manual or automated test kick off
• Can workflow tasks and tests
• Online escalation
• Online response and update
• Upload and lock test documentation
• Workflow driven test approval
• Workflow driven approval and execution of remediation plan

Document Management

• Comprehensive document manager for any document types (contracts, policies, procedures, permits, etc)
• User definable synopsis header
• Available Document version always current
• Update notification
• Utilizes current infrastructure e.g. Outlook

Application Security

• Processes have to be locked to get into production
• Can then only change assigned user, start date and lead time
• To change a Process requires:
  • Copying, editing & locking new process
  • Archiving legacy process
• Locking requires defined notification/approval
• Customary hierarchical access controls
• Audit trail of all changes in production

Dashboard

• 24/7 real-time status of compliance and testing
• A map of your compliance status
• Historic reports and audit trails
• Notification of non-compliance
• Notification of non compliance
• Notification of changes to processes and controls
• Ability to drill-down into control and test details
• Remote access, reports and alerts for auditors

Hosting Security

• Hosted on secure servers
  • 24/7 access
  • Secure remote back up
  • SAS 70 compliant site
• Customary hierarchical access controls
  • By person
  • By module
• Audit trail of changes