ICOFR
November 29, 2023
Broad Case Study & Related Facts
Preliminary facts of the case
- The Client was engaged in the gas and electric service to approximately 2 million customers.
- A large public energy company with $6 billion in revenue and multiple subsidiaries was required to document and implement internal controls throughout the company and at various locations for Sarbanes Oxley (SOX) requirements
Evaluation
- We provided SOX project management for the two largest divisions of the Company. We assisted in the execution of all aspects of a detailed SOX implementation project plan including below mentioned services.
Treatment
- Client discussion for initial understanding of Company process & flows
- Obtain and analyze the relevant data for the selected 2 divisions of the company
- Data Analytics on the provided data to uncover potential red flags or exceptions
- Sample selections & Controls Review
- Documentation Review
- Reporting, Remedial Planning & Implementation
Risk Exposures and Key Takeaways
Risk Exposures:
- Processing of unapproved transaction can lead to financial loss to the company.
- Entering into agreement / contract with the related party vendor having different business interest.
- Unauthorized access to the confidential information of the Business.
- Exceptional payments can be done in violation of the Delegation of Authority (“DOA”)
Key Takeaways
- It was found that controls were not drafted in a way to cover all the critical aspects of Business Process transactions
- Proper documentation/ supporting was not maintained for the defined controls.
- Appropriate approvals were missing on the documents i.e. contracts, vouchers, agreements