IT standards and controls implemented for Japan branch of US public company, to bring Japan branch into SOX compliance, as required by law.

Team Members - PM x 1, Consultant x 2
Users - 100
Project Duration - 12 Months
Project Effort - 18 Person-Months
Sites - Japan

Problems

• IT processes non-standard, inconsistent, or non-existent.
• Legacy system extremely difficult if not impossible to secure, and integrity of system very difficult to assess.
• SOX a new requirement in general world wide, and therefore not clearly defined. Not rolled out for the Japan branch, yet.
• Besides system controls, financial controls are very weak, as well.

Solution

• Use COSO and COBIT to assess risk and general status, then designed compensating controls supplemented by documentary RCM "Risk:Control Matrix".
• Created narrative SOPs and policies to govern activity execution.
• Performed remediation of weaknesses found, after which we implemented the agreed controls.
• Designed appropriate test plans to test controls.
• Implemented Lotus Notes based document management system.

Benefits

• Areas of weakness discovered, allowing client to address prior to any audit.
• Full, controlled documentation created over duration of project, including RCMs, Admin matrices, narrative SOPs
• IT control now possible.
• Better integration between IT and Finance departments.

Technology Highlights

• COSO and COBIT
• Lotus Notes document management
• Project collaboration via MS Groove and Wiki technology