The Client was engaged in the gas and electric service to approximately 2 million customers.
A large public energy company with $6 billion in revenue and multiple subsidiaries was required to document and implement internal controls throughout the company and at various locations for Sarbanes Oxley (SOX) requirements
Evaluation
We provided SOX project management for the two largest divisions of the Company. We assisted in the execution of all aspects of a detailed SOX implementation project plan including below mentioned services.
Treatment
Client discussion for initial understanding of Company process & flows
Obtain and analyze the relevant data for the selected 2 divisions of the company
Data Analytics on the provided data to uncover potential red flags or exceptions
Sample selections & Controls Review
Documentation Review
Reporting,Β Remedial Planning & Implementation
Risk Exposures and Key Takeaways
Risk Exposures:
Processing of unapproved transaction can lead to financial loss to the company.
Entering into agreement / contract with the related party vendor having different business interest.
Unauthorized access to the confidential information of the Business.
Exceptional payments can be done in violation of the Delegation of Authority (βDOAβ)
Key Takeaways
It was found that controls were not drafted in a way to cover all the critical aspects of Business Process transactions
Proper documentation/ supporting was not maintained for the defined controls.
Appropriate approvals were missing on the documents i.e. contracts, vouchers, agreements
