|
Upside Software can help
Upside Software addresses all key areas of the Sarbanes-Oxley Act (SOX) that affect corporations. Upside Software’s solutions, including UpsideContract, have specific functionality to aid in SOX compliance in its key areas, with the benefit of additional business control and cost savings.
Upside Software addresses key sections of SOX
The following table provides an overview of the impacts that each relevant section of SOX has on corporations and how Upside Software addresses them.
download a printer friendly version
|
SOX
Section & Compliance Requirement
|
How Upside Software addresses the
Requirement
|
Key Deliverables
|
|
302—Corporate
Responsibility for Financial Audits
§
The
CEO and CFO need to attest that the financial
statements and disclosures released are accurate.
CEOs and CFOs could be held personally liable for
willful violations of this section. Signing
officers are responsible for establishing and
maintaining internal controls
|
§
The
rules engine within the system ensures that the
processes (including segregation of duties,
sign-offs, etc.) established by the corporation
are fully adhered to (managed automatically)
§
The
audit trail and log ensure accurate tracking
§
Management
of deliverables, compliance & performance are
automatically handled and reported on
§
Revenue
recognition rules are complied with systematically
|
§
Internal
system control
§
Full
contract visibility
§
Flexible
rules management
§
Accurate
audit trail
§
Integration
to external systems
§
Extensive
search capabilities
§
Managed
security & roles
§
Reduced
overhead in added management
|
|
401—Disclosures
in Periodic Reports—401(a),
§
Adequate
and comprehensive disclosures are required where
relationships with customers or suppliers are
disclosed where there may be some conflict, etc.
|
§
Specific
tracking information can be attached to
stakeholders (e.g. subsidiaries, company directors
own significant stakes in a company, etc.) and
when that stakeholder (company or supplier) is
engaged in a contract, a specific approval process
or rule can be triggered.
§
Unlimited
user defined field creation within the system
allows organizations to track any type of
information for a stakeholder that is deemed
important
§
Reporting
within the system allows for a quick view of
potential deals that need to be reported on
financial reports.
|
§
Flexible
and comprehensive reporting
§
Special
rule processing for defined
transactions
§
Variant
alerts based on certain transaction types or deals
with specific customers/suppliers
|
|
404—Management
Assessment of Internal Controls
§
Each
annual report must include an "internal
control report", which has to:
(a) Indicate that management is responsible for creating and
maintaining an adequate internal control
structure;
(b) Demonstrate an assessment of the effectiveness of the
internal control structure;
(c) The firm's auditor is required to attest to and report on
the company's internal control report as part of
the annual report (which means that they need to
be satisfied with this as well).
|
§
Setting
up business rules and processes within the Rules
engine allows for establishing internal controls
that are regulated automatically
§
Allocating
approval levels (delegation of authority) and
setting monetary values where specific approvals
are required ensures proper segregation of duties.
The Rules engine allows for regulating these
approvals
§
The
audit trail captures the approval levels and
transaction history allowing the auditors to be
able to quickly attest that the internal controls
are complied with
|
§
Special
rule processing for defined
transactions
§
Established
delegation of authority
§
Managed
approval chain
§
Audit
trail capture and tracking
§
Flexible
and comprehensive reporting
§
Automated
compliance of internal controls
|
|
409—Real
Time Issuer Disclosures
§
Issuers
must disclose information on material changes in
the financial condition or operations of the
issuer on a “real time” basis.
|
§
Information
that needs to be reported is readily available by
running the real-time reports within the system
§
Accuracy
of information reported is greater due to the
automated management and enforcement
|
§
Flexible
and comprehensive reporting
§
Managed
enforcement ensures accuracy
|
|
Key themes of SOX compliance
The following table provides an overview of some of the key themes regarding SOX compliance and provides some insight into how Upside software addresses the requirements in each of these areas.
download a printer friendly version
|
Key
Themes of the Act
|
How
Upside Software addresses the
Requirement
|
|
Establishing
Internal Controls
|
§
Special
rule processing for defined
transactions
§
Audit
trail capture and tracking
§
Flexible
and comprehensive reporting
§
Automated
compliance of internal controls
§
Managed
security & roles
§
Full
contract visibility
§
Comprehensive
Alert & Notification engine
|
|
Delegation
of Authority
|
§
Established
delegation of authority based on
spending or other limits (e.g.
commodity based)
§
Managed
approval chain
§
Managed
security & roles
§
Can
integrate to existing systems where
spending authority limits are
maintained
§
Comprehensive
Alert & Notification engine
|
|
Communication
of Processes & Accounting for
Compliance
|
§
Comprehensive
Alert & Notification engine
§
Automated
regulation of company processes
ensures compliance and negates need
for additional training, etc.
§
Rules
engine indicates what steps a
transaction needs to take, so the
information is visible to system users
§
Compliance
items can be used as approval
conditions that must be met prior to
the contract being approved and
issued.
|
|
Enforcing
Established Processes
|
§
Automated
regulation of company processes
ensures compliance
§
Special
rule processing for defined
transactions
§
Variant
alerts based on certain transaction
types or deals with specific
customers/suppliers
|
|
Corrective
Processes
|
§
Specific
reporting demonstrates where potential
issues are and allows for corrective
measures
§
Variant
alerts based on certain transaction
types or deals with specific
customers/suppliers ensures compliance
§
Automated
regulation of company processes
ensures compliance and reduces errors
|
|
Risk
Assessment & Management
|
§
The
ability to manage contract risk (and
contract related risk) provides a
mechanism to identify, evaluate, track
and manage risk events, drivers, and
impacts.
§
The
system allows risk events to be
identified including a text
description of the event along with an
estimated probability of occurrence
and the estimated loss if the event
occurs (in time or dollars).
§
Records
details of actions taken to mitigate
risk events and stores historic
information on adjustments made to
probability estimates.
§
The
system provides extensive reporting
capabilities in the area to provide
stakeholders with an effective view of
their risks, supporting material and
associated mitigation plans.
|
|
Adequate
Reporting & Alerting
|
§
Flexible
and comprehensive reporting
§
The
task and event alerts allow the
contract manager and/or the finance
department to monitor the ongoing
performance of the contract to ensure
terms, conditions, and/or deliverables
are met according to original
expectations.
§
Response
time limits can escalate an action
when not acted upon.
§
Variant
alerts based on certain transaction
types or deals with specific
customers/suppliers
|
|
Upside Software functionality supports SOX compliance
The following is an overview of some of the primary functions within UpsideContract that supports SOX compliance.
Advance alerts for required tasks and events.
- UpsideContract's alert handler enables tracking and notification of a great number of data elements and activities and allows user definition of the following major elements:
- Data change events such as status changes, change of contract manager or any data element configured by the user.
- User definable audit logging. Any table in the system can be configured for audit logging of additions, deletions or changes to data.
- Time-based events such as contracts approaching renewal points, periodic monitoring, etc.
- User definable expression based alerts that allow things like invoice pricing exceeding contract rate by greater than X%.
- In addition to the above, the task and event alerts in UpsideContract allow the contract manager and/or the finance department to monitor the ongoing performance of the contract to ensure terms, conditions, and/or deliverables is met according to original expectations.
- Alerts can be set up by individual contract, type of contract, by department or organization, by contract value, by service provider, etc. with time limits that can escalate an action when not acted upon.
- Ensures that appropriate stakeholders are notified of upcoming events, pending deliverables, or compliance notices.
- Automatic reminders and notifications of various events such as monthly reports due, status reports, specific documentation being required at different points in time, etc. can be provided to various stakeholders.
- Establish outcomes for all scenarios relating to an event.
Automated, advanced email notification.
- Each user can define their personal preferences for notifications. Options include:
- Immediate notifications as events occur.
- Summary notifications on a scheduled basis (i.e. every 2 hours, daily, weekly).
- Different schedules for different event types (i.e. immediate notification of a required approval, daily summary of documents to review).
- Distribution lists can be associated with specific documents (Contracts, Templates, RFX, or Invoices) or general lists can be applied to classes of documents. Similar to the groups in Microsoft Outlook, users are able to define groups of one or more email recipients and can assign the group(s) to be notified on particular events / workflow processes.
Risk management.
- The ability to manage contract risk (and contract related risk) is a key feature in UpsideContract providing a mechanism to identify, evaluate, track and manage risk events, drivers, and impacts.
- UpsideContract allows risk events to be identified including a text description of the event along with an estimated probability of occurrence and the estimated loss if the event were to occur (in time or dollars).
- For each risk event:
- One or more Event Drivers can be identified, recording of reasons why the event may occur.
- One or more Impacts can be identified, documenting potential outcomes if the event were to occur, each with an assigned probability.
- Each Impact can have one or more Impact Drivers which document the elements contributing to the loss if the event were to occur.
- A specific user will be assigned to the event; this is the individual responsible for managing the risk event and taking steps to reduce the probability of occurrence.
- A specific event can be assigned to a contract or a project, including customer defined projects.
- UpsideContract records details of actions taken to mitigate risk events and stores historic information on adjustments made to probability estimates.
- The system provides extensive reporting capabilities to provide stakeholders with an effective view of risks, supporting material, and associated mitigation plans.
Performance monitoring.
- UpsideContract provides extensive performance monitoring and management functions including the ability to identify, evaluate, track, and manage Key Performance Indicators (KPIs) and other criteria.
- Allows for performance monitoring goals such as volume levels, monetary levels, etc. to be established across the organization.
- Allows stakeholders to monitor various key indicators such as percentage levels met, ratings, the pass or fail of a specific business rule, or a wide range of other user defined conditions.
- Establish alerts to provide notification when performance conditions are not met, where there is a high risk of failure associated with a contract, or to identify vendors not meeting performance expectations.
- Attach specific ‘details’ that relate to a particular deliverable to forecast expenditures. For example, in a lease contract where payment terms are fixed, a Contract Manager can do a forecast for the term of the contract on planned monthly expenditures. This feature provides the ability to aggregate a number of different contracts and, as an example, see a forecast of all lease payments for the next three years across the organization.
- These combinations of different performance management tools enhance an organizations ability to effectively manage the risk associated with a contract and provide adherence to corporate auditing policies.
- Performance conditions can drive escalation of notification and/or activity, and can even drive suspension of a contract or contractor (all contracts for the contractor).
- Performance criteria can be defined for a type of contract and will automatically be included in all contracts of that type. Criteria can also be defined at the contract level to define specific performance requirements for any contract.
- Reporting on vendor performance provides an organization with valuable management information.
- Ability to pull out strategic sourcing information for Procurement Managers to identify their best performing suppliers. This information can be based on specific commodities or particular services, and identify suppliers with the best price, quality, compliance to the terms of the contract, or other value adding components.
- The contractor performance report provides a concise view of a contractor’s performance across all contracts they have been a part of.
- The system also sports a graphical display of all Performance Metrics for a particular vendor/supplier. This is shown in the ‘Performance Tree’ view. This maximizes the visibility of performance issues as they develop and provides an easy link to drill down to the details of the issue.
Compliance monitoring.
- Establish Compliance Items for specific aspects of the contract. This is handled through the compliance monitoring functionality:
- Requirements such as the need for the vendor to validate that they have renewed their annual insurance can be flagged as a Compliance Item. Once identified on the contract, a notification is sent to the Contract Manger that documentation must be received by the vendor at certain points in time during the life of the contract.
- Compliance Items can take many forms. These can be items like a checklist of items that must be completed before the contract can be effective, minimum or maximum levels of products/services, etc.
- Compliance Items can be used as approval conditions that must be met prior to the contact being approved and issued.
- Reporting on Compliance Items can be shown at a contract level, a customer/ supplier level, across the organization, for a particular commodity or spend, etc.
|
 |
featured info: |
|
company:
