Optical Maker - SOX Compliance Project

IT standards and controls implemented for Japan branch of US public company, to bring Japan branch into SOX compliance, as required by law.

Team Members - PM x 1, Consultant x 2

Users -100

Project Duration (Months) -12 Months

Project Effort (Months)-18 Person-Months

Sites -Japan

Problems -

• IT processes non-standard, inconsistent, or non-existent.
• Legacy system extremely difficult if not impossible to secure, and integrity of system very difficult to assess.
• SOX a new requirement in general world wide, and therefore not clearly defined. Not rolled out for the Japan branch, yet.
• Besides system controls, financial controls are very weak, as well.

Solution -

• Use COSO and COBIT to assess risk and general status, then designed compensating controls supplemented by documentary RCM "Risk:Control Matrix".
• Created narrative SOPs and policies to govern activity execution.
• Performed remediation of weaknesses found, after which we implemented the agreed controls.
• Designed appropriate test plans to test controls.
• Implemented Lotus Notes based document management system.

Benefits -

• Areas of weakness discovered, allowing client to address prior to any audit.
• Full, controlled documentation created over duration of project, including RCMs, Admin matrices, narrative SOPs
• IT control now possible.
• Better integration between IT and Finance departments.

Technology -

• Lotus Notes document management
• Project collaboration via MS Groove and Wiki technology