|
ISOxsm Suite of Products |
||
|
| Welcome |
Background | Products|
Contact
|Tutorial |
||
|
McAllister Consulting L.L.C. offer a suite of products focused on Sarbanes-Oxley (SOx) Section 404 compliance. These products address a wide array of client needs, from full-blown "soup to nuts" preparation and test to less-encompassing review and remediation services. The product offerings are appropriate for organizations with and without formal management systems like ISO 9001. They also work well for both publicly-held companies and private service providers (e.g., those involved with e-commerce transactions, web security, etc.) who need to demonstrate adequate internal controls. These services are listed on the ISOxsm RFQ Short Form and include:
Deliverables are customized to the individual client needs. In every case, assistance can be extended to include implementation leadership and in-depth support from McAllister. In general terms, these deliverables include: Orientation: Training sessions to familiarize management and staff with operational controls related to SOx requirements, whether or not these controls are based on a quality management system (QMS) like ISO 9001, AS 9100, and ISO/TS 16949. Review: A report linking previous work on financial controls done by others (e.g., internal auditors or accountants), to related operational controls and procedures. The goal is to encourage full utilization of existing systems and to avoid redundant controls. It seeks to clarify these linkages, not determine the thoroughness of the design or implementation of existing controls. Remediation: Hands-on help in correcting previously-identified internal control deficiencies, especially as these link to existing operation controls. This could include incorporating additional checks into an existing internal audit program, whether or not based on an ISO system. Any additional deficiencies are also identified, as these come to light during remediation. Interface: Hands-on help consolidating and streamlining internal controls. This service is appropriate where internal controls put into place for SOx 404 compliance duplicate or overlap with existing operational (ISO) controls. This includes help on streamlining both the controls themselves and the related documentation. Marketing Support: A report, mapping client product features and offerings against the applicable COSO components of control. (See www.coso.org). The goal is to support client sales to its’ customers. This mapping stresses how client products might help to address customer internal control needs/deficiencies and their value in providing objective evidence to public accountants auditing customer financial systems. Service Provider Support: A report, similar to the gap analysis (see below) but limited to internal controls as related to the financial services provided to the customer. Where customers have already requested this evidence, the report is structured to address specific customer inquires. This information is also useful in preparing a service provider for a Type I or Type 2 audit by a public accounting firm. (See SAS No. 70 "Reports on the Processing of Transactions by Service Organizations" and related documents issued by the Auditing Standards Board of the American Institute of Certified Public Accountants. See www.aicpa.org) ISOxsm Internal Auditing/Test: A structured audit of existing controls related to significant accounts and assertions as previously identified by others. This service is most appropriate for organizations who have already identified their internal controls but are looking for a thorough "outsider" opinion to support management assertions required by SOx. This auditing is similar in structure to an ISO 9001 audit of key business processes but it takes the auditing "upstream" and "downstream" into financial controls. Testing (e.g., the sampling of account balances) may also be included, if desired. The report separately reports ISO vs SOx 404 non-conformances, so that the respective authorities (operational/QA versus financial) can determine appropriate action. Gap Analysis: A comprehensive identification and mapping of existing controls using the COSO components, existing systems, and procedures. The overall goal is to help management identify existing applicable internal controls and to suggest areas where additional or strengthened controls may be necessary. It references work previously done by public accountant identifying significant accounts and related assertions, where available. It is normally may be done in conjunction with others (e.g., the internal financial people). The gap analysis provides a comprehensive starting point for further compliance work. Make Ready and ISOxsm Internal Auditing/Test: This "soup-to-nuts" full blown activity assumes little previous work towards 404 compliance. The make ready output aligns key business processes (i.e., those identified as processes in an ISO 9001 system) with the related significant accounts and assertions. Like the Gap Analysis, it is normally done in conjunction with financial staff. Controls are identified, where they exist. Then the work is referred internally to management, so that management may determine if/where internal controls related to financial reporting are needed. Once management has identified these internal controls and where, organizationally, they need to be audited, then the ISOxsm internal audit/test phase can begin. Remediation and other services may follow. This most comprehensive offering provides the highest level of support for management assertions required by SOx and the most complete preparation for public accountant auditing. It maximizes the efficiency of public accounting activities and increases the likelihood they can rely on this work to support their own work. |
||
 |
||
|
| Welcome |
Background | Products|
Contact
||Tutorial |