Sarbanes-Oxley, Basel II software, Basel 2 software, AS/NZS 4360, AS/NZS 4360:2004, COBIT, COSO, ISO 17799, ISO/IEC 17799:2005, <acronym title="Basel 2">Basel II</acronym>

Methodware's software product range incorporates or is consistent with these Risk Management and Internal Audit Standards, Methodologies, Recommendations and Legislation:

AS/NZS 4360:2004 (Australian/New Zealand Standard)

The AS/NZS 4360 is the only internationally accepted risk management standard. The Standard provides a generic guide for establishing and implementing the risk management process involving identification, analysis, assessment, treatment and continuous risk monitoring. For more information please refer to www.standards.co.nz or www.standards.com.au

Methodware risk management products that incorporate this standard are:

Basel II

The Basel Committee on Banking Supervision is made up of members from 13 countries spread around the world, and has over 30 technical working groups looking at things from Capital Adequacy to Risk Management. While they do not hold any legal force, they are a very influential body, with many members coming from Central Banks and other regulatory bodies.

To see the latest reports from the Basel Committee visit the BIS (Bank for International Settlements) website.

While some of the reports are primarily focused on the banking community, there are a number of principles and ideas that are relevant to all of us in the Risk Management industry.

The reports cover topics such as:

Developing an appropriate risk management environment
Risk identification, measurement, monitoring and control

The Methodware risk management products that can assist you to meet the Basel II recommendations are:

Cadbury (UK)

Cadbury (the Committee on the Financial Aspects of Corporate Governance) was formed in 1991 by the UK Financial Reporting Council, the UK accountancy profession and the London Stock Exchange. The committee (chaired by Sir. Adrian Cadbury) produced the Cadbury Report.

The Methodware internal audit product that is consistent with the Cadbury guidelines is:

The COBIT Framework

The COBIT (Control Objectives for Information and Related Technology) framework was released in 1996 and updated in 1998 and 2000 by the Information Systems Audit and Control Foundation (ISACF) in response to the need for a reference framework for security and control in information technology. In 2000, the IT Governance Institute and ISACF developed the Management Guidelines for COBIT. These guidelines respond to a need by Management for control and measurability of IT, for the purpose of ensuring that IT activities achieve business objectives.

Methodware products that incorporate this standard are:

COSO (USA)

The COSO (Committee of Sponsoring Organisations of the Treadway Commission) framework was developed to help management better control their business activities. An internationally recognised standard, it provides a starting point for the individual assessment of internal control and applies a consistent approach to the review of business entities.

This standard is available from Methodware as a model which can be used in:

ISO 17799

ISO 17799 (in full: ISO/IEC 17799:2005) is a risk management code of practice framework for Information Systems security developed by the International Organization for Standardization.

The excerpt below is taken from the International Organization for Standardization's Website:

ISO/IEC 17799:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management:
security policy

organization of information security

asset management

human resources security

physical and environmental security

communications and operations management

access control

information systems acquisition, development and maintenance

information security incident management

business continuity management

compliance
The control objectives and controls in ISO/IEC 17799:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 17799:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.

This standard is available from Methodware as a model which can be used in:

PRINCE2

Prince (PRojects IN Controlled Environments) is a structured method for effective project management. It is a de facto standard used extensively by the UK Government and is widely recognised and used in the private sector, both in the UK and internationally. Prince, the method, is in the public domain, offering non-proprietorial best-practice guidance on project management.

Prince®, however, is a registered trademark of CCTA (Central Computer and Telecommunications Agency).

This standard is available from Methodware as a model which can be used in:

Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley Act of 2002 was signed into law by President Bush on 30th of July 2002. This Act introduces many reforms which impact on corporate governance.

The Sarbanes-Oxley Act of 2002 requires that SEC-registered annual reports need to contain an "Internal Control Report".

The Internal Control Report needs to include both an assessment of the effectiveness of internal controls, as well as the procedures of the issuer for financial reporting.

Internal Controls have to be established and maintained. These must ensure that material information regarding the company (including consolidated subsidiaries) is known by the certifying officer, as well as others in the company;
The effectiveness of the company's internal controls must be evaluated by the certifying officer. The report should include their conclusions with respect to the effectiveness of the internal controls;
Disclosure to the company's auditors and audit committee of all significant deficiencies with the company's internal controls;
Disclosure to the company's auditors and audit committee of any fraud (whether or not material) involving management or other company employees who play a significant role in the company's internal control system;
The report should disclose any changes that could significantly affect the company's internal controls since the date when such controls where last evaluated.

The penalty for a certifying officer who "knowingly" makes a false certification is a fine of up to US$1,000,000 and up to 10 years imprisonment, while a "willful" violation can result in a fine of up to US$5,000,000 and a jail term of up to 20 years.

Methodware provides tools that assist management to identify the top risks in the organisation, and determine the adequacy of internal controls. One of the largest challenges is to report on internal controls consistently and quickly across a number of business units, and geographic regions. With a framework that is developed by your company and applied reliably across the business, this task is simplified, and reports can be run in minutes instead of days.

Compatible with existing Frameworks (Methodware provides the COSO business models for you to use as a starting point) the software can be used to comply with accepted internal control practices.

Integration to Internal Audit for assessment and validation of the controls is important. An automated system can allow for this to be achieved easily, and follow-up of issues and problems is straight forward.

If you would like more information on how Methodware can help you monitor your Internal Controls, please send us an email

The Methodware risk management product to assist you to meet this Legislation is: