Contracts Management Software as a Tool for SOX Compliance



Similar documents
Achieving Better Contract Management through Automation

Five Steps to Getting Started with Contract Management

Self-Service SOX Auditing With S3 Control

Emptoris Contract Management Solution for Healthcare Providers

How To Get A Tech Startup To Comply With Regulations

engage. empower. evolve. SARBANES-OXLEY COMPLIANCE

Improving sales effectiveness in the quote-to-cash process

Thought Leadership White Paper

Contract management's effect on in house counsel

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies

Sarbanes-Oxley: Challenges and Opportunities in the New Regulatory Environment

Vendor Management. Minimizing Value Leakage. Deloitte Consulting LLP. November 19, 2013

Leveraging Sarbanes-Oxley (SOX) to Build Better Practices

Sarbanes-Oxley Control Transformation Through Automation

Driving performance and value through strategic vendor management

CITY OF SAN ANTONIO INTERNAL AUDIT DEPARTMENT

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

White Paper Achieving SOX Compliance through Security Information Management. White Paper / SOX

White Paper. Ensuring Network Compliance with NetMRI. An Opportunity to Optimize the Network. Netcordia

Achieving Regulatory Compliance through Security Information Management

Ensuring Contract Compliance through integration of Ariba Contracts and SAP ECC Michael Chavez and Sean Rhoades, Deloitte Consulting LLP

OBLIGATION MANAGEMENT

Best Practices in Contract Migration

Surviving SOX with Scrum. Integrating Scrum in IT Governance at Allianz

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

Contract Life-Cycle Management

The Challenges and Myths of Sarbanes-Oxley Compliance

Relevant COSO Principles. Policies and procedures are maintained. Policies and Procedures. Roles and responsibilities are identified

Feature. Log Management: A Pragmatic Approach to PCI DSS

Privileged User Monitoring for SOX Compliance

Sarbanes-Oxley Compliance: Section 404-Past, Present, and Future

IT Governance Dr. Michael Shaw Term Project

Protecting the Single Source of Truth: Effective Contract Management as a Core Business Strategy

Growing Vendor Management

Is your Contract Management just Good Enough?

Policy Management Compliance 360 GRC Software Suite

White Paper: The Seven Elements of an Effective Compliance and Ethics Program

Security Information Lifecycle

One source. One amazing service. Procurement Process and the Sarbanes-Oxley Act

Product Lifecycle Management in the Medical Device Industry. An Oracle White Paper Updated January 2008

Emptoris Contract Management for Healthcare HIPAA Compliance

Measuring Sarbanes-Oxley Compliance Requirements

BUSINESS TECHNOLOGY OPTIMIZATION A TOUR OF MERCURY SARBANES-OXLEY IT ASSESSMENT ACCELERATOR

Business Intelligence & Data Warehouse Consulting

ACCELUS COMPLIANCE MANAGER FOR FINANCIAL SERVICES

Third Party Risk Management 12 April 2012

Streamline Enterprise Records Management. Laserfiche Records Management Edition

Compliance Management, made easy

A tour of HP Sarbanes-Oxley IT assessment accelerator. White paper

Solving.PST Management Problems in Microsoft Exchange Environments

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

The Sarbanes-Oxley Act and Incentive Compensation Management. What Sarbanes-Oxley Means for the Future and How Companies can Prepare for it Now

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

Board of Directors and Management Oversight

The Intersection of Internal Controls and Cyber Security

SOLUTION BRIEF: CA IT ASSET MANAGER. How can I reduce IT asset costs to address my organization s budget pressures?

HITRUST CSF Assurance Program

How to use identity management to reduce the cost and complexity of Sarbanes-Oxley compliance*

WHITEPAPER. Identity Management and Sarbanes-Oxley Compliance. T h i n k I D e n t i t y. September 2005

AMBIT LOAN ORIGINATION A New Approach

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

Internal Auditing Guidelines

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL

Information overload: How to make data analytics work for the internal audit function

Complying with the Federal Information Security Management Act. Parallels with Sarbanes-Oxley Compliance

DELAWARE GOVERNANCE PRINCIPLES Steptoe & Johnson LLP (Overview) David Roll Richards, Layton & Finger, P.A. Samuel A. Nolen

Charter of the Compliance and Operational Risk Management Office (CORMO)

Improving Unstructured Data Governance. Ryan Jancaitis Product Management Symantec

Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, :00 AM

TrakSYS.

PEOPLESOFT CONTRACTS. Gain control and visibility into contracts. Tailor contracts to meet specific customer needs.

Understanding the Significance of SOX Compliance.

Integrated Governance, Risk and Compliance (igrc) Approach

RSA ARCHER AUDIT MANAGEMENT

agility made possible

Enterprise Risk Management in Compliance 360

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement

2011 NASCIO Nomination Business Improvement and Paperless Architecture Initiative. Improving State Operations: Kentucky

Managing Governance, Risk and Compliance with Enterprise Content Management

Moving from Paper to Electronic Records: Hardwiring Compliance into Product Development Using technology to incorporate quality system regulation

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

White Paper: The Sarbanes-Oxley Act Public Company Accounting Reform and Investment Protection Act

Surviving an Identity Audit

PerfectSource SM. PerfectProcure PerfectSource PerfectPIM The OSN

IMPLEMENTATION FRAMEWORK

15-Minute Guide to Contract Lifecycle Management

CONTRACT LIFECYCLE MANAGEMENT. Streamline organizational processes and save resources

IAITAM s Certified Software Asset Manager Course Syllabus

Optimizing Automation of Internal Controls for GRC and General Business Process Compliance

Governance, Risk, and Compliance (GRC) White Paper

Director, Value Engineering

EXAM PREPARATION GUIDE

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

STAFF QUESTIONS AND ANSWERS

How To Use Cautela Labs Cloud Agile.Com

VISA COMMERCIAL SOLUTIONS BEST PRACTICES SUMMARIES. Profit from the experience of best-in-class companies.

February Sample audit committee charter

CFPB Consumer Laws and Regulations

Transcription:

Contracts Management Software as a Tool for SOX Compliance White Paper (281) 334-6970 sales@prodagio.com www.prodagio.com

In 2002, following the scandals involving corporations such as Enron, WorldCom, and Tyco International, the Sarbanes-Oxley Act became law, mandating for the most comprehensive corporate governance reform in decades. New duties addressing the corporate internal control structure fall upon both managing agents and auditors. Specifically, SOX addresses internal controls in its Sections 302 and 404. Section 302 requires that officers signing periodic financial reports certify that they are responsible for internal controls, have evaluated those controls within the previous 90 days, and have reported on what they found in that evaluation. They are required to list the deficiencies in those controls, any significant changes in those controls, and factors that could negatively impact those controls. Section 404 contains similar requirements, but this time is directed to the business entity and its auditors. Specifically, the reporting business is to publish information about its internal controls scope, adequacy, and effectiveness. The auditors are to report on the business assessment of its controls effectiveness. Ok. So what are Internal Controls? SOX itself does not define internal control, though the term is featured prominently in several of its operative sections. The Committee of Sponsoring Organizations of the Treadway Commission (COSO,) however, has. Its candid definition begins as follows: This disclaimer having been made, COSO frames internal control as a process designed to provide reasonable assurance regarding the effectiveness and efficiency of operations, reliability of financial reporting, [and] compliance with applicable laws and regulations. This process is proposed to have five interrelated components : (1) control environment, (2) risk assessment, (3) control activities, (4) information and communication, and (5) monitoring. Component #3: Control Activities COSO elaborates upon control activities as follows: (281) 334-6970 sales@prodagio.com www.prodagio.com 2

This definition begs an important question: how are control activities to be identified? The range of activities can only be circumscribed once the specific business objective to be controlled is determined. The development of industry best practices has addressed many of the risks to achievement of the entity s objectives. In the case of contracting, commonly identified risks that lead to increased liability exposure, inflated obligations, and/or minimized benefits include: Contracting officers use of unapproved, inapplicable language during drafting; Absence of, or non-compliance with, internal requirements for approval of contracts before execution; Lost contract benefits due to slow and/or inefficient workflows for drafting, editing, approval, and execution; Risks associated with variances among internal business units in contracting procedures; Inability to take advantage of economies of scale, manifest in redundant contracts, multiple obligations and/or minimized aggregate benefits; Risks of off-contract dealings, including maverick buying ; Risks of non-compliance with industry regulatory requirements; Inability to locate contracts due to absence of centralized or systemic storage; Absence of checks and balances in contract management authority within the business entity; Breach of confidentiality or trade secret integrity due to lax security controls; Risks of insurance coverage denial due to non-compliance with policy requirements for contracting; Inability to leverage bargaining power due to inadequate visibility into contract groups; Unknown contract benefits, obligations, and risks due to inadequate reporting; Tested best practice measures that minimize these risks have included the following: Contracting processes that are implemented uniformly across the entire business entity; Enforced use of vetted and standardized language for contract templates and clauses; Robust searching and reporting capacities, both within that repository and throughout the entity s entire universe of contracting information; Use of automated systems for alerting to contract milestones and deadlines. Use of a centralized contract repository; Use of systems that support collaboration in the authoring, monitoring, analysis, and reporting functions; Alignment of contract administrators according to functional groups; Uniformity and coordination in contracting decision-making; and Proactive compliance enforcement. (281) 334-6970 sales@prodagio.com www.prodagio.com 3

Component #3: Control Activities About information, COSO said: The regulatory organization birthed by SOX, the Public Company Accounting Oversight Board, has acknowledged that SOX is not directed to broad IT changes or information security controls. However, SOX does come to bear upon controls around accounting and financial processes, and by extension the information technology used in those areas. In that light, an indispensable element of SOX compliance is a contract management system that affords uniformity, integrity, and visibility into the contract lifecycle. How does Prodagio Contract maximize value extraction? Goldman Sachs estimates that a typical Fortune 1000 organization has between 20,000 and 40,000 contracts. Contract management for such a company can consume 100 basis points of revenue for sell-side contracts, and 25 basis points for buy-side agreements. Goldman estimates organizational savings realized by using software to manage contracts at 40 basis points of revenue. PricewaterhouseCoopers calculates that savings to be 2% of total organizational costs. More specifically, Goldman estimates that implementing contract management software could result in (a) negotiation cycles that are 50% shorter, (b) reduction in payment errors by 70% to 90%; (c) processing costs that are 10% to 30% smaller; and (d) a 10% to 20% headcount reduction. Prodagio Contract has been designed to serve as an integral part of corporate SOX compliance. Its functionality closely adheres to current best practice standards. It is updated with each release to keep pace as those standards evolve. Initial Drafting. Prodagio Contract s drafting functions ensure uniformity in content, and therefore consistency in contract bargaining, benefits, obligations, and risk exposures. Begin creating new contracts within Prodagio s template library, which houses language that has been tailored to your business rules and vetted by your legal advisors. Based upon these templates, your people can complete a contract that not only contains conditions that you demand, but also accommodates differing contract types and transactions. Document Control after Drafting. Whether through error or fraud, businesses are exposed to risk as they grow larger and more complex. Prodagio Contract ensures that each action on every contract is date and time stamped, and that the identity of the person taking the action is recorded. New versions must be created with each document edit; meanwhile, the prior version remains in the system. As each action on a document is taken, an audit trail is created the document s audit trail never needs to be forensically reconstructed. Reporting. A centerpiece of Prodagio Contract s functionality is its capacity to render reports tailored for specific uses. Even before any client-specific configuration, Prodagio can report on around 20 different contract variables. (281) 334-6970 sales@prodagio.com www.prodagio.com 4

Moreover, during configuration, Prodagio analyzes your specific enterprise rules and business requirements, so that the software will report around user-specific contract variables in a form generated according to that client s organizational preference. Contract Lifecycle Management. After a contract is executed, Prodagio Contract tracks obligations, conditions, critical dates, and the course of performance. Alerts let contracting officers take advantage of time-sensitive terms and conditions. Document Association and Searching. According to an IDC study, an average knowledge worker spends 475 hours per work year searching for information. Of those, 175 hours are devoted to fruitless searches that are ultimately unsuccessful. Information must then be re-created, resulting in additional wasted time and unreliable results. With Prodagio, when a critical document or pivotal language must be found, a powerful search tool allows you to easily locate it within any contract in the system. Trips to the file room are eliminated, paper reduced, and productivity increased. Moreover, Prodagio links contracts and other documents with one another according to enterprise business parameters, so that master agreements, related agreements versions, amendments, and attachments can be accessed in seconds. Document Retention. In this era, courts and auditors impose drastic costs on business by requiring the production, sorting, and analysis of vast numbers of documents. Prodagio Contract enables uniform adherence to document retention policies and archiving practices, eliminating time-consuming searches through filing cabinets and shared computer drives. Security. In addition to each of the measures discussed to this point, Prodagio Contract can restrict the access to and use of documents according to the enterprise s own security rules and requirements. Different users or different user groups can be disallowed the access rights required to delete a document, edit it, view it, or even know that it exists. The same control exists around the document and clause templates used during contract creation. Enterprise Control through Designated User Administrators. As Prodagio Contract maintains the process integrity using the functions discussed up to this point, it affords the enterprise extensive control over its functionality. It is highly user-configurable; control over that configuration rests in the hands of those the enterprise designates as its Prodagio administrators. Those administrators can exercise control over: The template language from which all contracts are created; Organizational workflow structures for each contract type; The enterprise s reporting criteria, forms, and functions; The extent to which Prodagio s life-cycle management functions are available to each user or user group; Enforcement and modification of document retention policies and document access. In short, the control activities COSO and SOX address are undertaken by Prodagio Contract itself. As a corporation s auditors assess its internal control policies and practices, they will find that Prodagio Contract satisfies their search for implementation of best practices, for a standardized IT framework around contract management, and ultimately for assurance that adequate controls around accounting and financial processes exist. Such best practices, framework, and controls are built into Prodagio Contract s design. Learn more at www.prodagio.com (281) 334-6970 sales@prodagio.com www.prodagio.com 5

2525 South Shore Blvd. Suite 202 League City TX 77573 (281) 334-6970 sales@prodagio.com www.prodagio.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information