SOX IT Compliance - Do we have enough IT Automation?

Do we have enough IT automation to avoid corporate frauds?
Following are certain IT SOX compliance areas which deserve to be prioritized for IT automation within each organization.

What is SOX?

Sarbanes Oxley (SOX) Compliance monitors controls for key enterprise-wide processes that have a direct impact on an enterprise's financial reporting. SOX Compliance documents, standardizes, tests and reports on these key controls in IT and the business to meet annual legislative requirements.The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. These scandals, which cost investors billions of dollars when the share prices of the affected companies collapsed, shook public confidence in the nation's securities markets.

The rules and enforcement policies outlined by the SOX Act amend or supplement existing legislation dealing with security regulations. The basic outline is as follows:

     1. Establishment of a Public Company Accounting Oversight Board, where public companies must now be registered.

     2. Strict auditor regulation and control by means of auditing committees and inspecting accounting firms.

     3. Heightened corporate responsibility for any fraudulent actions taken.

     4. Stricter disclosure within company financial statements, and ethical guidelines to which senior financial officers must adhere.

     5. Authorities available to the Commission and the Federal Court, as well as required broker and dealer qualifications.

What are Key Financial Controls?

§  Financial Controls are those controls that primarily:

Act as “checks and balances” to ensure that the information on a company’s financial statements is correct.

Relate to the preparation of reliable external financial statements as published in SEC filings (10Q’s, 10K’s, annual reports) or earnings releases.

§  Key Financial Controls (KFCs) are the Financial Controls deemed most essential to a process.

§  SOX compliance only requires documentation and testing of KFCs.

The controls are generally 'programmed' into application systems with the objective of ensuring integrity of transactional and master data related to financial reporting that is initiated, recorded, stored and reported on in the application system or between multiple systems by executing automated functions related to completeness, accuracy and validity of the data.

Application controls are classified into two types:

§  Combo controls: control activity includes both a manual portion and IT system dependent portion

§  Automated Controls: control activity is 100% IT system dependent (i.e. has no human involvement)

     General examples of application controls are:

§  Embedded controls: controls programmed into a system e.g. calculations, edit checks, automatic holds etc

§  Reports: system generated reports e.g. application custom reports or standard reports and business object reports

§  Interfaces: data transfer between systems

§  Workflow: system generated workflow specific to a business process e.g. transaction approval routing.

What is User Access Controls (UAC)?

User access controls protect organizations information resources and the integrity of financial data entered, authorized, stored, processed and reported on, in applications used for financial transactions and reporting.

What is Segregation of Duties?

Segregation of Duties (SOD) is a key internal control that, at the most basic level, attempts to ensure that a user’s access to two or more phases of a transaction or operation does not create risk.

Within any flow of transactions, the same person should not be responsible for conflicting tasks, because this creates RISK. By dividing responsibilities, no one person has the ability to perpetrate fraud or cause errors in the financial statements.

What is Restricted Access (RA)?

Many processes and controls are fully or partially automated. It is impossible to think about the division of responsibility without examining the power that is given through user access to applications. “Who has access to what” is a critical part of examining opportunities to commit fraud or cause errors in the financial statements.Through the proper restriction of access to applications by roles and job functions, an organization can help minimize these risks. 

Tatkal Passport for Minor

This is based on my experience of November 2011 - Minor's TATKAL Passport @ Pune Passport Office.

 If you thought getting a tatkal passport is a BIG deal then you are wrong. You can easily get your tatkal passport on your own, that is, without engaging any travel agent.

Here are my suggestions for getting Tatkal Passport for Minor:

Documents Required :

(a) Birth Certificate of the Minor - Ensure that the name is correctly spelled on the birth certificate.

(b) Residential/ Address proof of the parent(father or mother or both) - You have to prove that you are staying at the current address since a year (or more). If you are not staying at the current address for more than a year then you need to give address proof of the previous residences (where you have stayed during the last one year). You can provide (any two) :
(1) Electricity Bills ( for example : Electricity Bills of Oct 2010 and Nov 2011 )
(2) A letter from your company confirming your residential address
(3) Your bank account statement of last one year (displaying your address)


(c) Passport of Parents (either or both). If you dont have one then first apply for it and then mention the file number of your passport application in your Minor's passport application. Having a passport is not a must but if you have it or apply for it then it will speed up the processing.


(d) Annexure H : This is a declaration from the parents on a plain paper. You can get the format from the passport website. No need to get it notarized.


(e) For TATKAL : You either need Annexure 'F' or you need the following 3 document proofs out of the 14 documents listed on the passport website and Annexure 'I' which should be notarized. In my case, I provided the following :
(1) PAN card
(2) Driving License
(3) Index II (property deal registration proof)
(4) Annexure 'I' - This should be in the format provided at the passport website. It is a declaration by the applicant and should be notarized. It should have photographs of the applicant and parents.


TIPS :


(a) Include your marriage certificate.
(b) If mother's name on the passport is the maiden name (that is, the name before marriage) but the minor's birth certificate has her new name then in the passport application for the minor you will still need to give the same name as on her passport (dont use her new name anywhere in the application for minor's passport).
(c) Register online at least two days ahead of the day when you want to submit the application.
(d) Reach the passport office at 9 AM or 9.30 AM coz there is a queue, even if you have registered online the time of appointment doesnt matter (it is first come first serve).
(e) All xerox copies should be self attested.

Also, refer minor passport annexure h on http://passport.gov.in/

Intention is that you don't have to visit a travel agent to get Tatkal Passport for Minor. You can do it on your own.

Useful Tips to Buy a Used Car in USA

What are the key considerations to buy a used car in USA ?

(read : What all things do you need to consider when you are new to USA and you need to buy a used car)

Following is some gyan which I acquired when I was going through the drill :

- We should prefer Honda, Toyota, Nissan.

- Mileage should preferably be less than 100K.

- Clean Title(Obviously).

- KBB value matters.

- You got to take it to a mechanic to ensure everything is okay at a high level.

- You need to pay certain % amount to DMV based on the buying price, so if you buy the car for 8K USD then you should think of showing it as 3K USD so that you can save some money. Remember to talk to the seller on this point before you sign the deal.

- Seller doesn't need to be present in person at DMV for the transfer or ownership. Seller just needs to sign the document and give it to the buyer. The buyer needs to go to DMV with required document.

- You should buy and activate your car insurance on the day on which you take ownership of the car in your name.

- You don't need a driver's license to buy a car insurance. However, if you don't have a license then the insurance premium will be on the higher side.

- If you are ready to buy start hunting on craigslist

- Also ensure to run a carfax report to check that the title is clean.

These were the points on top of my head, please add your suggestions.

Hope this helps.