Streamlining Security Audits

Client Profile
Multi-national automobile manufacturer based in Germany, with major operations in the US, and publicly traded on US exchange.

Problem/Scenario
On an ongoing basis, as a result of quarterly audits, new areas of the business are required to provide documentation and develop testing plans to ensure compliance with the requirements of Sarbanes Oxley Act Section 404. These requirements for the business unit are further complicated by having both US-based auditing staff and German-based corporate Finance organizations providing direction as to how to attain compliance, with sometimes mixed messages.

Solution
In this project, business personnel with a strong understanding of internal procedures were interviewed, and ISO-related documentation reviewed. The project required navigation between Auditing staff (who reported into the Finance organization), and the business unit project sponsor, who was the client. Their views of the required deliverables were quite different, and in order to address this, we completed the following key tasks:

• Developed high-level process flowcharts tying together the business processes as well as the ISO procedures and the auditing matrices.
• These formats provided elements that were familiar to the auditors, but which provided a strong graphical understanding to any novice external auditor who may need to develop a speedy understanding of the processes.
• Developed detailed documentation for any new procedures or existing procedures not previously documented.
• Sponsored meetings between business unit and auditing teams to bring views together.

Results
The auditing team is converting the documentation of all business processes into a similar format to make the audit process itself more efficient.