Introduction - Writer landing. 1525

  • Hello everyone. My name’s Chris. I’m a technical writer for an IT consulting firm in California. My company sometimes consults on SOX compliance, but that’s not really why I’ve dropped in.
    Our president is giving a speech in November on 7 areas companies need to address for SOX compliance. It’s going to be over an hour long. It has to go over each area, multiple subtopics, use case studies, PowerPoint…
    So naturally, the president handed it to me.
    I’m here to research your volume of posts, maybe gain some on-the-job insight from you experts. I know little of SOX compliance nuances, so this will be a learning process all the way until November.
    Thanks for reading. Now, to start digging. (Don’t be surprised if I start asking silly questions.)
    P.S. - In case you were wondering, these are the 7 areas:

    1. Defining what’s in Scope
    2. Change Management
    3. Reporting and Evidence
    4. Segregation of Duties
    5. Streamling SOX 404 IT Controls and Aligning Controls with Actual IT Processes
    6. Writing Your Risk Matrices
    7. Control Deficiencies - What Do You Do?

  • Hi,
    An oxymoron if there was ever one, ‘PowerPoint Presentation’. Being that as it may, I offer the following thoughts about presenting SOX focus areas to companies.

    • KNOW your audience - Most companies are already compliant with SOX requirements and in Year 2. A presentation about SOX requirements and the key areas for consideration has been done many times, sometimes, in painful and often, boring detail.
    • USE existing resources - The Big-4, small SOX consultancy practices, and most of the Fortune 500 have developed SOX overview presentations that are freely available on the internet. If you use them, give credit where it is due and obtain the proper copyright permissions before ‘repackaging’ canned PowerPoint presentations about SOX.
    • AVOID information overload and always consider the Value-Add - A tremendous amount of material has been said, written, and catalogued about SOX and complying with the Act. Everyone has an opinion. It might be a good idea to simply present the highlights of SOX to the audience. This will enable you to schedule a follow-up targeted presentation that is more specific to the audience or to offer a detailed hands-on working session. This format generally offers a greater value add to the participants.
      If you do use PowePoint, the following thoughts from G. Kawaski might be helpful as you develop your work product.
      Good Luck,

  • An oxymoron if there was ever one, ‘PowerPoint Presentation’.
    Very much agreed, milan. I NEVER use PP unless I’m required to. Too limiting and too clunky. I’m hoping to wring some case studies out of my company, as I’m better at those and find they’re much better received by audiences.
    Thanks a ton for the input. Great things to keep in mind while I plumb these immense archives here.

  • Hi Chris – Many of the points in this 30,000 foot overview of SOX might tie into the presentation needs. Key points to emphasize include: Training, Education, Planning, Teamwork (IT, Users, Audit partnering together), Risk Management Approach, Inventory of Systems, Documentation, Sampling, Senior Management commitment.

Log in to reply