Object Module, Inc has developed a robust, fully functional SOX Compliance and Document Management application to assist companies in taking control of the requirements for SOX compliance and completing the requirements with a minimum amount of hassle at a reasonable cost.

In the wake of the SOX Compliance requirements, many companies have scrambled around searching for a way to store, maintain, and control their list of risks, controls, objectives and assertions.

Some companies have developed extensive spreadsheets to meet the requirements. Others have developed their own in-house custom applications for this purpose. All in all, each company uses a different way to store and maintain their requirements for SOX compliance and consistency, security and ease-of-use have been thrown out the window.

The ConTrak SOX Compliance application will alleviate the headaches of managing and maintaining multiple spreadsheets for tracking all of the necessary compliance information. It will also alleviate any fears associated with developing an in-house solution that might not capture all of the necessary information or appropriately present that information for auditors to review.

One of the largest impacts to companies from complying with SOX requirements has been in the form of dollars. When it is time for a SOX audit, companies must ramp up their internal temporary staffing as well as hire an external audit firm to assist in the onerous task of meeting all the requirements. The costs for the additional staff and the external consulting firm can add up rapidly and many of your smaller public companies can barely afford this.

Taking advantage of the ConTrak SOX Compliance application will not only help you organize and streamline the process of gathering all the necessary information, it will save you money. Once you go through the relatively simple set-up procedures and validate that you are capturing all of the necessary information, the audit becomes a fairly seamless and automated process.

 The ConTrak SOX Compliance application is designed to make setting up your SOX Compliance Plan an easy and intuitive process. You first define the basic building blocks of your plan like the Organization, the various members, the member types, the different business units, the Compliance Document Types and the Deficiency Types.

Once you have this foundation built, you start defining the main points of your Compliance Plan. The application logically divides the tracking and compliance procedures into groupings known as Entities. The Entities are:

• Accounts – this section allows you to record what areas of the business must meet SOX requirements.
• Objectives – this entity allows you to record your company’s objectives to meet the SOX requirements.
• Risks – this entity allows you to identify the risks in each specific business area.
• Controls – this entity allows you to record what controls are in place to show that the risks have been mitigated.
  
  

Once you have set up the basics and the main components of your Compliance Plan, you can define Initiatives to make your Financial Statement Assertions. Initiatives allow you to associate high-level processes and then define more specific sub-processes underneath. You can link multiple assertions to each sub-process and assign multiple COSO Objectives to address each assertion and include a signoff throughout the entire process.

 Sign Off

 The ConTrak SOX Compliance application allows you to set required signoffs for many different actions in the system and it allows you to assign multiple people to a Control, Process or Activity and require multiple signoffs before it passes. Sign off can only be entered by the person assigned to the action as well as to the upper level Controls. Sign off for a Control cannot be performed until all Control Tests have been completed and signed off on.

Entities

Accounts The accounts entity is designed to allow companies to designate high-level areas that must meet SOX requirements and then to subdivide these areas into more manageable blocks that will then be associated with risks, objectives and controls as you continue setting up your Compliance Plan. Each accounting area from your balance sheet can be defined as an account and then multiple sub accounts can be associated to each Major account.

Objectives

The Objectives section allows you to list all of the objectives you must meet to satisfy all areas of risk. First, you decide on the risks that will be addressed for the SOX audit and then enter the objectives in this section that you must then demonstrate to the SOX auditors.

When defining your objectives, each of them must also be associated with an Objective Type that refers directly back to the Accounts defined earlier. This association will aid in tracking requirements and demonstrating compliance. For ease of viewing and organizing, you can filter the objectives by clicking the Objective type shown on the left side of the screen.

Risks

The Risks entity allows you to list all of the risks associated to the accounts defined in the accounts section. After defining the risk, you can associate an objective for demonstrating that the risk will be mitigated.



You should now be seeing how each entity allows you to segregate large amounts of information into more manageable parts and tie those parts together to meet your SOX requirements. You should also start seeing the relationship between the Risks we just defined, the objectives defined earlier and, finally, how the accounts we created are associated to both the objectives and the risks.

Controls

The Controls entity allows you to tie together all of the previously defined data in logical groupings to demonstrate that all risks are addressed and mitigated. Once you define a control, you associate objectives and the corresponding risks to the control; define a test plan; and create the specific Control Test. Creating the Control Test consists of assigning the test to an individual in the organization and allowing them to upload test results documentation; record any deficiencies and any remediation plans; track notifications related to the Control test; and if the test fails, the system automatically creates the retest section where you can record your subsequent test results.

You can link multiple assertions to each sub-process underneath the associated processes. Once assertions are linked to a sub-process, you can assign multiple COSO Objectives to address each assertion and include a signoff throughout the entire process. As you will see throughout the assertion process, you can view the status, the associated control, the sub-process description and any changes made this period, the Assertion and the COSO Objectives assigned to address the assertion.

Initiative Reports


You can run the Objective Report to view a listing of the Company Objective Documentation Report. This report shows you the list of Objectives and the associated Control, any Tests assigned and any Deficiencies noted, the Account/Risk, COSO Objective, the assertion and any Remediation, changes made this period, any planned changes and the signoff status.

You can also run Outstanding Reports and view the portions that have not been signed off on for the initiative. You can view the Outstanding listing for Controls, for Sub-Processes, for Processes and for Assertions.



Initiative Audit Program

You can create an Audit Program that applies to an initiative and you can associate the related Processes and sub-processes. You can also add any Steps necessary for actions to be performed for the Audit.

The ConTrak SOX Compliance application provides robust functionality to ensure that your corporation meets the minimum requirements for SOX compliance. The application also provides excellent reporting capabilities. The main reporting page segregates the reports by topics similar to the entities discussed early on.

• In the Account section we have: The account listing that allows users to view accounts and the associated processes and signoffs.
• The sub-account Process listing that allows users to view sub-account process activities.
• The sub-account Assertion listing that allows users to view sub-account Assertions and COSO Objective Activities.
• In the Objective section we have: The objective/risk/control listing that allows users to view a list of objectives, associated risks and controls for each SOX compliance initiative.
• The company documentation listing that allows users to view a company document report of objectives.
• In the Process section we have: The process listing that allows users to view a list of processes, associated sub-processes and signoffs.
• In the Risk section we have: The risk assessment listing that allows users to view a report of risks and associated controls. The risk objective listing that allows users to view a report of risks and associated objectives.
• In the Control section we have: The control assertion/COSO Objective listing that allows users to view a report of control assertions and COSO Objectives. The control/risk/objective listing that allows users to view a report of controls, objectives and risks.
• In the Auditing section we have: The audit listing that allows users to view a report showing all of the active audit programs.

All reports allow you to drill down to corresponding supporting data that provides a more granular level of detail. This allows you to know right where you stand at any given time without having to search around for the control owner to get an update.

If you host the application within your own environment, you can alleviate any internal concerns about security and data integrity. The ASP model provides for a monthly maintenance schedule as well as seamless upgrades and telephone support available from Object Module Inc.

Another unique option with the application is that you can purchase only the parts you need and do not have to acquire the entire application before you are able to utilize it. ConTrak SOX is scalable to fit a variety of situations and is robust enough to handle large as well as small scale applications.



The application provides a secure connection using 128-bit encryption. It is built on Microsoft Sequel technologies and is easily integrated with other applications. Object Module, Inc provides complete implementation, training and support services and will customize them to fit your needs.