February 16, 2006
Catherine Connally, CEO of Issues Central Presents Views at Deloitte CEO/CFO Certification Seminar
February 15, 2006 - Toronto Congress Centre, Toronto, ON
As a panelist on the Internal Controls Documentation for CEO/CFO Certification, Connally was asked her views on areas such as:
Q. In your experience, should companies wait to implement technology until they are part of the way through the documentation process?
A. To take advantage of various technology solutions such as Compliance Playbook(tm) and Compliance Partner(tm), we recommend that companies begin right away. While data originally created "manually" in spreadsheets, word documents and Visio flowcharts can be converted, the benefits of using technology are to accessing a best practice database of controls and risks and store this information. Further, the double advantage of management reporting and automatic generation of flowcharts, narratives and risk control matrices.
Q. Do many companies assign key control status to far too many controls, when they first start this process?
A. In general, that is the tendency. Companies want to make sure that they capture all controls so they may designate too many as KEY controls. While some controls may be great operational controls, they may not be key controls for financial reporting. A rule of thumb might be 5-10 key controls in a process. If you have 15-20, you may want to review the functions of these controls and see if they trully have impact as key controls.
Q. What are CFO's biggest concerns around technology selection when they begin these types of projects?
A. That the technology and process are sustainable. We look at this in two ways: 1.) Are you buying from a company who is going to be around for the long haul and has the vision to continue to take the product forward 2) Are you following a structured sensible methodology for risk review, controls documentation, testing and remediation? We find that use of Compliance Playbook(tm) and Compliance Partner(tm) allow companies to follow a structured methodology that provides external auditors the comfort that a rational process is being followed. This makes documentation more reliable.
Q. How do companies lower their risk when they go to choose a technology solution?
A. First of all, they should have criteria for their selection before they begin the process. Secondly, good companies should be able to provide credible references for prior success stories and Third, we have found that providing a 30 day money back guarantee allows customers that one more comfort even after they have purchased to assure that this is the right solution for them.
Q. What final words of wisdom do you have for companies who are going to embark on this journey of SOX 404/302 and Bill 198/MI-52-111?
A. We have a great presentation for customers and prospects called "Top Ten Lessons Learned". This gives new entrants to this process some tips on what we learned in the past two years with Accelerated Filers in the US. This really helps identify the key pot holes and how to avoid them. Just email us at seminars@issuescentral.com and put "top ten lessons learned" in the subject line and we will email this receive this information.
For more of Catherine Connally, CIA, see our next overview after the March 2nd 2006 Deloitte CEO/CFO Certification Seminar in Calgary, Alberta.
To learn more about Compliance Playbook(tm) click here. To learn more for Canadian companies, find out more about Compliance Partner(tm), click here.
As a panelist on the Internal Controls Documentation for CEO/CFO Certification, Connally was asked her views on areas such as:
Q. In your experience, should companies wait to implement technology until they are part of the way through the documentation process?
A. To take advantage of various technology solutions such as Compliance Playbook(tm) and Compliance Partner(tm), we recommend that companies begin right away. While data originally created "manually" in spreadsheets, word documents and Visio flowcharts can be converted, the benefits of using technology are to accessing a best practice database of controls and risks and store this information. Further, the double advantage of management reporting and automatic generation of flowcharts, narratives and risk control matrices.
Q. Do many companies assign key control status to far too many controls, when they first start this process?
A. In general, that is the tendency. Companies want to make sure that they capture all controls so they may designate too many as KEY controls. While some controls may be great operational controls, they may not be key controls for financial reporting. A rule of thumb might be 5-10 key controls in a process. If you have 15-20, you may want to review the functions of these controls and see if they trully have impact as key controls.
Q. What are CFO's biggest concerns around technology selection when they begin these types of projects?
A. That the technology and process are sustainable. We look at this in two ways: 1.) Are you buying from a company who is going to be around for the long haul and has the vision to continue to take the product forward 2) Are you following a structured sensible methodology for risk review, controls documentation, testing and remediation? We find that use of Compliance Playbook(tm) and Compliance Partner(tm) allow companies to follow a structured methodology that provides external auditors the comfort that a rational process is being followed. This makes documentation more reliable.
Q. How do companies lower their risk when they go to choose a technology solution?
A. First of all, they should have criteria for their selection before they begin the process. Secondly, good companies should be able to provide credible references for prior success stories and Third, we have found that providing a 30 day money back guarantee allows customers that one more comfort even after they have purchased to assure that this is the right solution for them.
Q. What final words of wisdom do you have for companies who are going to embark on this journey of SOX 404/302 and Bill 198/MI-52-111?
A. We have a great presentation for customers and prospects called "Top Ten Lessons Learned". This gives new entrants to this process some tips on what we learned in the past two years with Accelerated Filers in the US. This really helps identify the key pot holes and how to avoid them. Just email us at seminars@issuescentral.com and put "top ten lessons learned" in the subject line and we will email this receive this information.
For more of Catherine Connally, CIA, see our next overview after the March 2nd 2006 Deloitte CEO/CFO Certification Seminar in Calgary, Alberta.
To learn more about Compliance Playbook(tm) click here. To learn more for Canadian companies, find out more about Compliance Partner(tm), click here.
