Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Governance, Risk, and Compliance Handbook for Oracle Applications

You're reading from   Governance, Risk, and Compliance Handbook for Oracle Applications Written by industry experts with more than 30 years combined experience, this handbook covers all the major aspects of Governance, Risk, and Compliance management in your organization with this book and ebook.

Arrow left icon
Product type Paperback
Published in Aug 2012
Publisher Packt
ISBN-13 9781849681704
Length 488 pages
Edition 1st Edition
Arrow right icon
Toc

Table of Contents (22) Chapters Close

Governance, Risk, and Compliance Handbook for Oracle Applications
Credits
1. Foreword
About the Authors
Acknowledgement
About the Authors
Acknowledgement
About the Reviewers
2. www.PacktPub.com
3. Preface
1. Introduction 2. Corporate Governance FREE CHAPTER 3. Information Technology Governance 4. Security Governance 5. Risk Assessment and Control Verification 6. Documenting Your Controls 7. Managing Your Testing Phase: Management Testing and Certifying Controls 8. Managing Your Audit Function 9. IT Audit 10. Cross Industry Cross Compliance 11. Industry-focused Compliance 12. Regional-focused Compliance

The Audit and Compliance process


The following figure explains the Audit and Compliance process starting with the establishment of the program office and ending with certified financial statements:

While there are many processes that support and feed into the audit processes process, it is important to realize who the players are at the end of top level process. The process has to make evident to investors and regulators that risks are managed. Once an Audit and Compliance process is established, it goes through a risk assessment, audit planning, documentation phase, a testing phase, and a reporting phase, before the results are combined with the financial disclosures and signed by the management.

Risk Assessment phase

In the Risk Assessment phase, you will be cataloging the risks to the objectives of the business and asking questions such as "What can go wrong?". There are many methodologies, tools, and focuses for this. One methodology is to review the financial statements by subsidiary and highlight the lines that are material and then start to investigate the risks to which that line is exposed. For example, if a subsidiary constitutes less than five percent of the revenue of the enterprise, its revenue line may not be material. For one of the subsidiaries, the revenue line may be subject to risks of mistatement. For example, if revenue is claimed when customers have vouchers outstanding. Other methodologies include facilitated workshop methods and survey methods.

Audit Planning phase

In the Audit Planning phase, you will create a set of audit engagements, each with a defined scope and projected timeframe. Scope may be defined in terms of process, business units, and subsidiaries. The scope sets a boundary around the set of risks and controls that will be tested. An engagement itself is a project that has an engagement manager and a set of auditors assigned. The audit and its scope is generally authorized through an engagement letter addressed to the management and authorized from the Chief Audit Executive or audit committee. It may well include a records request for access to records that are within the scope of the audit.

Documentation phase

As you kick off the program, you will probably establish a program office. The controls will need to be cataloged, but they are generally organized by processes, and the processes and procedures themselves may be controls in and of themselves. The testing phase will be performed within the legal entities and business units of the enterprise, so the enterprise structure needs to be documented.

Testing phase

The testing phase will include a risk assessment to prompt the management to think about the risks to the mission of the enterprise. When the risks have been cataloged, the scope of the audit and the audit plan can be set. The scope may be set in terms of the processes, business units, or individual controls. The audit plan is broken down into individual engagement projects that have their own scope, where controls are tested and the results reported back to the Chief Audit Executive. Management may also be testing controls themselves and providing self assessments of the effectiveness of those controls.

Reporting phase

The reporting phase brings together management testing and the results of audit operations to be able to arm management and the directors with the information they need to certify the financial statements.

The Chief Audit Executive will need to keep the audit committee apprised of the findings in the audit engagements.

Relationships between entities, accounts, process, risk controls, and tests

We should always remember that the end goal is that we can prove to the investors that management and directors have worked with due diligence to govern the company, assess risks to the enterprise and its mission, and comply with applicable laws and regulations.

We should look at an example of a process, a risk, a control, and a test:

In this example, a subsidiary of Infission runs the U.S. Operations. Part of the results for the subsidiary is the revenue line. The receivables management process has a material impact on what is reported as revenue. There is an inherent risk that we may apply improper revenue recognition policies. For example, we may recognize revenue, even though we have written into the contract that the customer has right of return if the product does not perform as specified, within 90 days. The control may be that every contract with revenue over 100,000 dollars is reviewed by the Revenue Recognition Team. That control may be tested by generating a report of all contracts over 100,000 and testing for revenue recognition approval.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime