A global Investment Bank was concerned with meeting the requirements of Sections 302 and 404 of the Sarbanes-Oxley Act (SOX). The client required assistance in documenting and supporting management’s assessment of the compliance risks across the Asset & Wealth Management (AWM) activities.

• Meet requirements of Sarbanes-Oxley Act, Sect. 302 and 404.

• Demonstrate financial transparency and good corporate governance to investors.

• Manage ongoing SOX compliance, with special focus on documentation of internal control environment.

• Leverage the SOX initiative to document, assess and prioritise business areas for improvement.

• Establish both global and local project governance and PMO structure.
• Define project scope, identifying “in scope” processes using materiality criteria.
• Utilise industry knowledge for detailed process mapping and control documentation.
• Outline risks inherent in the given process and map the controls identified to mitigate these risks.
• Assess existing processes and internal checks in place, and recommend feasible enhancements leading to compliance.
• Identify key controls (using assessment criteria based on expectancy, financial impact and reputation risk) to be tested and maintained by the business in the future.
• Assist the client in developing an approach for ongoing compliance with SOX.

• Documented critical processes including high-level control value chain.

• Detailed process flows and narratives, risk control matrix and test scripts.

• Performed gap analysis and assessment of internal controls.

• Identified remediation actions, as well as control enhancement opportunities.

• Enhanced self-assessment process enabling the client to identify gaps proactively and initiate required remediation on a timely basis.