Sarbanes Oxley & Enterprise Quality Management
with CATSWeb

AssurX’s CATSWeb® for SOX (Sarbanes-Oxley) uses methodology that transforms static policy & procedure documentation into a real-time, closed-loop quality control process for an organization to help meet the stringent control environment requirements of COSO, Sarbanes-Oxley, the SEC and NASDAQ/NYSE.

Documentation & Dissemination

• Policies and procedures must be clearly documented and disseminated throughout the organization
• Policies and procedures should exist for all risk responses, including financial controls, Board oversight procedures, etc.
• To be effective it must be part of a closed-loop process that includes problem identification and resolution
  

Tone, Training & Testing

EQM starts with the proper “Tone from the Top” which means that:

• Management and the Board demonstrate their commitment to strong controls through their communication and actions
• Hands-on involvement in the internal control system from every member of an organization is required.
• Every employee is encouraged and given the ability to report policy exceptions which means
  • Employees are in the communication loop through resolution and corrective action
  • Employees have the ability to report policy exceptions anonymously to any member of the organization, including the Board of Directors

Issue Identification & Resolution

Issues and exceptions arise in an effective control environment, however, their resolution is often:

• Determined out of context with other issues in the organization
• Informally documented or undocumented (often through email or verbal directive)
• Informally approved or not approved by the proper level of authority

CATSWeb ensures that:

• Issues are documented and reported, with copies to relevant parties
• Resolutions are proposed, and approved or declined by appropriate supervisors
• Sensitive issues (e.g. reports of undue influence, fraud, etc.) can be reported anonymously
• Issues & exceptions can be analyzed for trends and materiality
• ID issues that immaterial in isolation, but material when associated with others
• Provides management & Board with real information to oversee the efficacy of the control environment

Closed-Loop Corrective Action

CATSWeb enables the organization to:

• Evaluate each issue to determine if a corrective action is required
• Initiate Corrective Action projects to manage continuous improvement
• Drive improvements that coordinate improvements to policies and procedures
• Manage approvals and notifications to ensure the proper level of management are involved throughout the process
• Provide management and the Board with visibility to all Corrective Action data to utilize in their oversight role

In summary, CATSWeb for SOX can be used to:

COSO Enterprise Risk Management Framework

Internal Environment Risk Management Philosophy – Risk Culture – Board of Directors Integrity and Ethical Values – Commitment to Competence – Management's Philosophy and Operating Style – Risk Appetite – Organizational Structure Assignment of Authority and Responsibility Human Resources Policies and Practices

Objective Setting Strategic Objectives – Related Objectives – Selected Objectives – Risk Appetite Risk Tolerance

Event Identification Events – Factors Influencing Strategy and Objectives – Methodologies and Techniques – Event Interdependencies – Event Categories Risks and Opportunities

Risk Assessment Inherent and Residual Risk – Likelihood and Impact – Methodologies and Techniques – Correlation

Risk Response Identify Risk Responses – Evaluate Possible Risk Responses – Select Responses Portfolio View

Control Activities Integration with Risk Response – Types of Control Activities – Generic Controls Application Controls – Entity Specific

Information and Communication Information – Strategic and Integrated Systems – Communication

Monitoring Separate Evaluation – Ongoing Evaluation