-
Uncategorized
-
Blog
- 2021: VP Harris Inauguration Elevates Diversity and Executive Leadership
- Covid Cyber Employment Fraud: $Millions in Job Fraud, $Billions in Unemployment Fraud. Recruiters and Jobseekers Paradigm shift
- Does Post Covid Demand, "Evolve or Fold" Data Strategy?
- World Talent Economy Forum on Global Competitiveness
- Jobs n Career Success: Employment News
- CMDB Corporate Governance for Publicly Held Companies
- Top Trends in Project Management
- Freshwork's Multichannel vision for FreshService (ITSM)
- Microsoft Teams Tripping Transcription Tenancy.
- Uber's Call Center Security Social Engineering Massive System Breach
- Community Crisis Resource Reference List
- Financial Services Operations
- AI: Knowledge Centered Support
- Review and Approve Knowledge
- Predictive Intelligent Situational Awareness
- ROI: Demand AI Service Management
- ChatGPT Ethics and FTC
- Imperative: Governance Risk Compliance
- Gamifying ITSM Excellence
- AI Revolutionizes Service Management
- GRC Industry Reference Matrix
- Walk Up Experience- Design-To-Deliver
- AI & GRC Defense Against Security-Data Breach
- 5-Star ITSM Solutions
- Remedy to ServiceNow Migration
- 5-Step Policy-Compliance Risk Management
- Vulnerability Remediation RACI
- Be Your Best-Self Strategies
- Knowledge is AI-Power
- Artificial-Intelligence in Employment-Fraud Exploits
- RIDAC Log Management
- Broad's AI COVID-19 Solutions
- KAUST: AI-Healthcare Innovation
- Embracing Equity in IT Service Management
- ITSMF: Erik Bock, Digital Business
- ServiceNow World: Chicago Wednesday, 11/02
- Today's HR Super Trends
- Empty Nester Creates Meaningful Mother's Day
- Constructive Feedback from Destructive Work Environment
- Noir and Grit: This is The Batman
- Jeffrey Nicoll, CEO of JIT and ServiceNow Executive Strategist
- March of International Women and Creating Ideas that bring Hope, Opportunity and Transformation
- IT Service Management News and Views
- Eye Strain: Modern Sources and Solutions
- Remembering Paradise by the iconic Meatloaf (Dead at 74 of COVID)
- Covid and Omicron 911, That was my Emergency
- Fresh Juicing for Healing: Dawn's COVID Part 2 (Omicron edition)
- Facebook's Response to "Whistleblower Protection Program" is new brand, MetaVerse
- Senate Hearing on Facebook Transparency an Accountability
- October 2021: Facebook's Platform Challenges
- Strategies to Stop Cyber Crime & Bullying
- San Francisco Bay Area: ITSMF News
- SNL lessons, hosted by Elon Musk
- 5 Ways to Create Opportunity with Social Leadership
- Happy Saint Patrick's Day
- INTERNATIONAL WOMEN'S DAY EDITION: Celebrating our World's Leaders
- Tribute In Memory: Heartland Rock Icon- Michael Stanley
- Middle East's Top CIO50 Innovation Leaders. #7 is the most visionary Healthcare CIO, I've worked with.
- TOP TIPS: Attracting LinkedIn Viewers
- Show Remaining Articles (44) Collapse Articles
-
ServiceNow
- Financial Services Operations
- Gamifying ITSM Excellence
- AI Revolutionizes Service Management
- GRC Industry Reference Matrix
- AI & GRC Defense Against Security-Data Breach
- Strategic Portfolio Management FAQs
- Service Catalog Process FAQs
- DevOps & Change Velocity
- Demystifying Taxonomy Categorization
- Email-to-Incident is Costly Inefficiency
- Role of CMDB-Management Service-Owner
- ServiceNow Virtual Agent Chatbot
- Vulnerability Response Workspace Module
- Best of ServiceNow Vancouver
- Enhancing End-User Service Experience
- Comparing ServiceNow-Strategic-PM to Microsoft-PM
- AI and Improved Knowledgebase-Search
- Washington ESC or Knowledge Portal?
- Introducing Security Incident Response
- Vulnerability Response Test Plan
- Efficient Workday to ServiceNow Integration
- AutomatePro AutoTest: Getting Started
- AutomatePro AutoTest Custom-Testing
- ServiceNow Executive Reporting Approaches
- SPM Gantt Chart Presentation
- CMDB Health Dashboard
- Incident On-call Best Practices
- BA Product Update Process
- Getting-Started ServiceNow Timesheet Management
- ServiceNow Service Catalog Builder
- 10 Cool Features Standard-to-Pro
- Comparing GRC & IRM
- Starting ServiceNow GRC Process
- Accelerate ServiceNow-Knowledge with Microsoft-Word
- Managing Incident Surge Problems
- High Volume Incident-Management Strategies
- SPM Risk Management Process
- Pinned KB-Articles & deflection
- ServiceNow Document Management System
- Mastering Knowledge Article Pinning
- Persona Use & Administration
- AI-Powered AutomatePro & ServiceNow
- AutoPlan Release Setup Simplified
- AI: Dawn’s Demos AutomatePro
- Raptor Workflow Data Platform
- ServiceNow Xanadu AI Advantage
- SPM Collaborative Workspaces
- AI-Powered Xanadu & RaptorDB
- Explore AutomatePro Release 8.0.0
- Accelerating IRM & GRC
- Roadmap CMDB-HAM-SAM Value Recognition
- AutomatePro & ServiceNow Automated-Test
- Remote Support Success Strategy
- CMDB Powered Digital Transformation
- ServiceNow's Generative AI Revolution
- Knowledge after-Party #100DaysOfServiceNow
- Generative AI in ServiceNow-SPM
- Knowledge is AI-Power
- ServiceNow World: Chicago Wednesday, 11/02
- Jeffrey Nicoll, CEO of JIT and ServiceNow Executive Strategist
- AI-powered ServiceNow Tests
- Xanadu Upgrade: ServiceNow SPM
- Xanadu Upgrade: CMDB Plan
- AI Test-Powered ServiceNow
- Transforming Healthcare Software Catalogs
- Predictive Intelligence in ServiceNow
- California Wildfires: Lessons in Public-Sector Portals
- Impactful Incident Management Knowledge
- Show Remaining Articles (53) Collapse Articles
-
Getting Started
- Introduction to Knowledge Management
- Knowledge Categorization "Find-ability"
- Productivity: Service Operations Workspace
- Conduct A Windows-Security Scan
- Burp Suite Professional & Web Security Process
- BMC Remedy ITSM Reference
- AI: ServiceNow Virtual-Agent Chatbot
- COE for Human Resources
- Getting Started: Engagement Manager
- One-IT: Effective Ticket Handling
- Service Catalog Order Guides
- Employee Journey Management ServiceNow
- Productivity Tips for Knowledge-Users
- Strategies for Manual Test
- TikTok for Digital Leaders
- Master Social Video Editing
- Understanding Security Encryption Standards
- Persona Use & Administration
- AutomatePro A-Z Terminology Glossary
- Predictive Intelligence in ServiceNow
- TPRM: Solving Vendor Risk
- Agent Assist Setup
- Show Remaining Articles (7) Collapse Articles
-
FAQs
- Knowledge Categorization "Find-ability"
- FAQs: Governance Risk Compliance
- Understanding Clop Ransomware Mitigation
- ServiceNow IRM SOX FAQs
- Strategic Portfolio Management FAQs
- Chat GPT FAQS
- Ticket Handling Infographic FAQs
- Service Catalog Process FAQs
- DevOps & Change Velocity
- Role of CMDB-Management Service-Owner
- Vulnerability Response Workspace Module
- How-To Import ServiceNow Stories 🚀
- Best of ServiceNow Vancouver
- Enhancing End-User Service Experience
- Washington ESC or Knowledge Portal?
- TikTok for Digital Leaders
- Mastering Telecommuting Efficiency
- Essential Laptop Migration Hacks
- AutomatePro A-Z Terminology Glossary
- Show Remaining Articles (4) Collapse Articles
-
Strategic Portfolio Management
- Understand ServiceNow's 2 SPMs
- Comparing ServiceNow-Strategic-PM to Microsoft-PM
- Efficient Workday to ServiceNow Integration
- ServiceNow Executive Reporting Approaches
- SPM Gantt Chart Presentation
- Strategic Portfolio Management Foundations
- Timeline: ITBM to SPM
- SPM Project Templates
- SPM: Starting a Demand
- AutoMatePro AutoPlan Demand Management
- Strategic PPM Risk Management
- SPM Risk Management Process
- Xanadu Upgrade: ServiceNow SPM
-
AutomatePro
- AutomatePro AutoTest Reference
- AutomatePro AutoTest: Getting Started
- AutomatePro AutoTest Custom-Testing
- Autotest: Test-Run Defects
- Quality Assurance Test Process
- AutoTest Case Planning
- AutomatePro Functions and Permissions
- AutoMatePro AutoPlan Demand Management
- Introducing AutomatePro Control Console
- Troubleshoot AutoTest Run Issues
- QuickStart-AI Service Catalog Test
- 8.2 New AutoTest Features
- AutomatePro AutoTest Operations Process
- Persona Use & Administration
- AutomatePro A-Z Terminology Glossary
- AI-Powered AutomatePro & ServiceNow
- AutomatePro Accelerated Agile Sprints
- Advanced ServiceNow Test Automation
- Costly Habit: Manual Test
- Transforming Healthcare Software Catalogs
- Show Remaining Articles (5) Collapse Articles
-
Glossary Reference
- Security and IT Glossary
- Guided After-Action Report
- Security-Operations GRC Glossary
- Artificial Intelligence A-Z Glossary
- Business Process Improvement Glossary
- HR Glossary
- Strategic Portfolio Management Glossary
- Service Catalog/Portal A-Z Glossary
- AutomatePro A-Z Terminology Glossary
- Healthcare Compliance Simplified Framework
-
ITSM
- ITSM Capability Model- L1
- One-IT: Effective Ticket Handling
- Service Catalog Order Guides
- Email-to-Incident is Costly Inefficiency
- CMDB Health Dashboard
- Incident On-call Best Practices
- Managing Incident Surge Problems
- High Volume Incident-Management Strategies
- Pinned KB-Articles & deflection
- Stockroom Asset Management Mastery
-
Service
-
Overview
- Productivity: Service Operations Workspace
- GRC Managed Risk
- GE Change Acceleration Process
- Overview: Employee Center Pro
- SOX Control-Management and Attestation
- RIDAC: Strategic Portfolio Management
- Artificial Intelligence A-Z Glossary
- Advanced Program Management
- AI: ServiceNow Virtual-Agent Chatbot
- Business Process Optimization Reviews
- Proper Ticket Handling Imperative
- Public Sector Digital Services
- Employee Journey Management ServiceNow
-
UAT
-
Healthcare
- GRC Industry Reference Matrix
- Broad's AI COVID-19 Solutions
- KAUST: AI-Healthcare Innovation
- Eye Strain: Modern Sources and Solutions
- Covid and Omicron 911, That was my Emergency
- Fresh Juicing for Healing: Dawn's COVID Part 2 (Omicron edition)
- Transforming Healthcare Software Catalogs
- Healthcare Compliance Simplified Framework
-
Chat GPT
-
Security Operations (SecOps)
- SecOps Vulnerability Response Lifecycle
- Vulnerability Response Workspace Module
- Vulnerability Remediation RACI
- Security Incident Response Introduction
- Introducing Security Incident Response
- Vulnerability Response Test Plan
- High Volume Incident-Management Strategies
- Understanding Security Encryption Standards
- TPRM: Solving Vendor Risk
-
Agile
- Agile Scrum Master Guide
- DevOps Automated Test
- Quality Assurance Test Process
- Getting-Started ServiceNow Timesheet Management
- Optimized Sprint Capacity Plan
- Persona Use & Administration
- AutomatePro A-Z Terminology Glossary
- AutomatePro Accelerated Agile Sprints
- Advanced ServiceNow Test Automation
- AI-powered ServiceNow Tests
-
Knowledge Management
- Productivity Tips for Knowledge-Users
- AI and Improved Knowledgebase-Search
- Washington ESC or Knowledge Portal?
- Knowledge Management Pro Features
- Accelerate ServiceNow-Knowledge with Microsoft-Word
- Pinned KB-Articles & deflection
- ServiceNow Document Management System
- Mastering Knowledge Article Pinning
- Impactful Incident Management Knowledge
-
Workday
-
Network Connectivity Solutions
-
Business Process Methodologies
-
Service Catalog & Request Management
-
Artificial Intelligence
-
Integrated Risk Management
-
Microsoft
-
AI: Generative Artificial Intelligence
- Mastering iPhone 16 AI
- AI-powered Service Management Operations
- AI Video Editing Hacks
- AI Workflow Reengineering Requirements
- AI: Dawn’s Demos AutomatePro
- AI Powered Career Resilience
- Raptor Workflow Data Platform
- AI-Powered Xanadu & RaptorDB
- AI Assist's Rockstar-Agent
- Advanced ServiceNow Test Automation
- AI-powered ServiceNow Tests
- Optimize Productivity with Siri
- AI Test-Powered ServiceNow
- Predictive Intelligence in ServiceNow
- California Wildfires: Lessons in Public-Sector Portals
- Impactful Incident Management Knowledge
- Agent Assist Setup
- Show Remaining Articles (2) Collapse Articles
-
Global News & Views
-
Digital Business Process
- AutoPlan Release Setup Simplified
- AI Video Editing Hacks
- AI Workflow Reengineering Requirements
- SPM Collaborative Workspaces
- CMDB Powered Digital Transformation
- Connect Collaborate Create Knowledge
- Lessons Learned: CrowdStrike Incident
- CrowdStrike Outage: Global Chaos
- MasterCard's AI-Powered Fraud Detection
- Effortless QR Code Creation
- AT&T Big Data Breach
- Transformation: Success from Setbacks
- LinkedIn Digital-Success Enablement
- Digital Excellence Through Collaboration
- Digital-Transformation Leader: David Pultorak
- Business Process Design Excellence
- California Wildfires: Lessons in Public-Sector Portals
- TPRM: Solving Vendor Risk
- Show Remaining Articles (3) Collapse Articles
-
Generative AI
- AI-powered Service Management Operations
- AI Video Editing Hacks
- AI Workflow Reengineering Requirements
- AI: Dawn’s Demos AutomatePro
- ServiceNow Xanadu AI Advantage
- AI-Powered Xanadu & RaptorDB
- Yale: Top-CEOs on AI
- ServiceNow's Generative AI Revolution
- Predictive Intelligence in ServiceNow
- California Wildfires: Lessons in Public-Sector Portals
- Agent Assist Setup
-
Jobs n Career
-
Design
-
Success & Motivation
-
Team
-
Cyber Security
-
Success and Miotivation
-
Apple
-
TikTok
-
Governance, Risk, Compliance
SOX Control-Management and Attestation
SOX Control-Management and Attestation: Step-by-Step Guide of Sarbanes-Oxley Act (SOX) compliance requirements. Embarking on the journey of Sarbanes-Oxley Act (SOX) compliance demands a thorough understanding of its core provisions, particularly Sections 302 and 404.
The following video by KPMG focuses on the process excellence lessons learned after 20 years of SOX. Focus on Continuous Improvement, Data Analytics, data enabled process to identify where process deviations exist.
These sections lay out the stringent requirements for financial reporting, internal controls, and management assessment. As a dedicated SOX compliance manager, your role is pivotal in ensuring strict adherence to these regulatory mandates. This step-by-step guide is designed to equip you with the knowledge and tools needed to effectively manage and attest to SOX controls, safeguarding your organization’s financial integrity and regulatory compliance.
Understand SOX Control-Management and Attestation Requirements
Deloitte offers a great overview Sarbanes-Oxley Sections 302, 404, and 906 requirements in: ” SOX compliance: Are you ready?“ As a SOX compliance manager, it’s crucial to be well-versed in key Sarbanes-Oxley Act provisions, particularly Sections 302 and 404. These sections delineate requirements for financial reporting, internal controls, and management assessment.
Identify Applicable Controls
Collaborate with stakeholders such as process owners, finance, internal audit, and IT teams to pinpoint relevant controls for financial reporting. These controls should target risks associated with accurate financial reporting, data integrity, and fraud prevention.
ServiceNow offers how to effectively manage internal controls to comply with SOX Regulations
Document SOX Control-Management and Attestation Activities
Provide detailed documentation of control activities, including purpose, objective, description, and risk mitigation. Include the control owner’s information, execution frequency, and any required supporting evidence.
Control Attestation is a survey that is conducted to validate a control is working as expected. A question bank, attestation types let you use the questions to build questions, attestation designer can create and edit attestation.
Following is the ServiceNow Control Attestation Activities
Test SOX Control-Management and Attestation Effectiveness
Devise a testing plan to evaluate the effectiveness of each control. This may involve sample testing, walkthroughs, data analysis, or independent evaluation by qualified individuals like internal or external auditors.
ServiceNow explains Integrated Risk Management Test Control Attestations, Indicators, and Control Test, and how they are used. As a result of not understanding how they were designed, many organizations make more work for themselves. In this video, ServiceNow explains the common mistakes, and how to make the most of your Early-Stage usage best practices.
Remediate Control Deficiencies
In case of identified deficiencies, collaborate with control owners and stakeholders to create remediation plans. This may encompass process enhancements, system improvements, additional training, or control redesign. Ensure timely implementation of remediation actions.
Perform Management Assessment
For Section 404 compliance, coordinate with management to assess the effectiveness of internal controls over financial reporting. This typically entails evaluating design and operating effectiveness of identified controls.
Obtain External Audit Assistance
Engage external auditors for an independent audit of internal controls. Provide necessary documentation, including control descriptions, testing results, remediation plans, and management’s assessment.
Issue Control Attestation Report
Based on external audit findings, prepare a control attestation report summarizing compliance with SOX requirements. Include assessment scope, testing results, identified deficiencies, and an overall conclusion on internal control effectiveness.
Thirdera has produced a demonstration on how to use ServiceNow Integrated Risk Management to manage Control Attestations.
Communicate to Stakeholders
Share the control attestation report with relevant stakeholders, including executive management, the board of directors, and the audit committee. Discuss identified deficiencies, potential impact, and remediation plans. Address any questions or concerns raised.
Monitor and Update SOX Control-Management and Attestation Controls
Establish a process for ongoing control monitoring and periodic documentation updates. This includes assessing changes in processes, systems, regulations, or risks that could impact control effectiveness. Regularly review testing results, address new deficiencies, and ensure timely remediation.
Note: Remember, this process is a general guideline. Specific implementation may vary based on organizational size, industry, and internal control framework. Consult with your legal, compliance, and audit professionals to ensure full regulatory compliance.
Resources
- Application Impact Analysis Risk Based Approach to Business Continuity and Disaster Recovery
- GRC Framework CIO Insight
