About BWise

Blog

Sarbanes-Oxley 302 made easy

January 10, 2011 by
Filed under: General, Governance, Risk and Compliance

For many years BWise has been a leader in providing companies with easy to use tools to support their SOX attestations. We are continuously working on evolving and revolutionizing our software and helping our customers and prospects to better understand the possibilities and what offering we have that can help their life easier. Let's be honest, the less time you need to spend on regulatory compliance related questions, the more you focus on the stuff that really matters ;)
This month BWise releases Service Pack 2 for the 4.1 version of our suite. There is some exciting new functionality included as blogged earlier. There is one in particular that I'd like to explain a bit in more detail today which is the Configurable Assessment Workflow. And to do so, I'm going to apply it to the SOX 302 Assessments to explain what exactly it does (knowing up front that a lot more is possible with it but you'll find out soon enough!) and I'd like to start simple using a fictional company as an example ;)

The 302 section of the SOX Act requires that the signing officers (typically the CEO and CFO) have reviewed the corporate financial statement and their internal controls, agree that it is a complete and fair representation of the company's current state of affairs.
But how in practice does the 'officer' knows if is internal control is effective? If all possible Fraud incidents have been properly recorded? And if their processes have not significantly changed in the past period to possible have an impact on the financial statement recordings?

The shortest answer would be: Implement BWise but let's dig a bit deeper....Although the officer is in the end responsible for signing the 302 statement, he delegates a lot of what's going on their organization to other employees. Consider the following example:
To know if everything is 'in control', that the deficiencies listed are complete and accurate and that all possible fraud cases are consolidated to the top mgt. level, the CEO will have to ask the Directors who in turn will have to ask the Process Owners. The typical CEO will want a formal internal statement that provides more assurance than 'just' an email thread.

This is of course a simplified picture since many of our customers have 100+ subsidiaries, different country operations and many more processes which all make the 'roll-up' of the individual attestations very difficult. Every person in the hierarchical tree will want to see an aggregate of the results below that helps him to determine what his statement should contain. The underlying statements serve as a final 'sign-off' and much more information is typically required (supported by other parts of BWise) such as control test results, risk assessments and process design documentation updates.

The new Configurable Assessment Workflow functionalities of Service Pack 2 make this aggregation and roll-up of information even simpler. The organization structure including responsibilities is already documented in BWise. We can now send out a personalized questionnaire in a workflow that allows every person to track and trace the progress of the underlying delegates in signing off. Once everyone is done, it reaches their level automatically and they fill-out whatever needs to be documented as part of their sign-off. This is made easy since for instance the director can directly see the underlying results of all his process owners and these go up, up and up depending on the levels in your organizational structure, processes structure and your personal requirements on what levels sign-offs are required.This can all be done with setting up one assessment!

The features that this updated configurable assessment workflow module offers are quite comprehensive:
  • Updated styling on question elements;
  • Multi-page questionnaires;
  • Roll-up and aggregation in a variable number of level;
  • Single assessment creates many sessions (depending on IC framework elements (e.g. Control Owners, Process Owners and the likes));
  • Workflow.
I'm convinced that these features can be used to make many types of assessments that are typically done in BWise more efficient. The 302 assessment is just an example; these same features are applicable to Code of Conduct/Ethics investigations, Process Reviews, Insider Trading statements, Personnel integrity assessments, Policy Management and many other questionnaires that our existing customers use.

Tags: BWise, SOX

More Information

What is GRC?

Read the definition of Governance, Risk and Compliance


Gartner ORM report

Nasdaq's BWise has been positioned as a Leader in Gartner's Magic Quadrant for Operational Risk Management Report, 2015. 


Forrester report

Forrester positioned Nasdaq BWise as a Leader in New Report, The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016.


Why BWise

Download the brochure: Three Key Reasons why Hundreds of Customers Rely on Nasdaq BWise.

Scroll up