| The Sarbanes Oxley Act of 2002 (SOX) has set in | | | | framework and repository for that crucial compliance |
| place some of the toughest corporate governance | | | | work. |
| standards in the world. In light of the ongoing | | | | McDonald's knew it wanted to use an industry |
| enforcement of such accountability legislation, the | | | | leading, risk-based framework built on standards from |
| need for software solutions to help organizations | | | | the Committee of Sponsoring Organizations (COSO), |
| manage the challenges associated with Sarbanes | | | | since the COSO framework was already well-known |
| Oxley compliance is tremendous. There are a number | | | | and had the support of important regulatory boards |
| of points to be considered when seeking out | | | | such as the Public Company Accounting Oversight |
| Sarbanes Oxley software. | | | | Board (PCAOB). The solution needed to be able to |
| A good Sarbanes Oxley software solution should | | | | be easily bolted onto McDonald's systems and allow |
| provide an integrated platform with specific modules | | | | SOX project managers to work immediately. |
| designed to meet all of your SOX 302 and 404 | | | | Paisley Consulting, the recognized global leader in |
| needs. Integration points for document management, | | | | corporate governance, enterprise risk management |
| control monitoring, business intelligence and internal | | | | and audit management, offered the proven solution |
| auditing are key. Adopting an integrated architecture | | | | that McDonald's was looking for. Risk Navigator® |
| reduces the time and effort involved in gathering and | | | | would let McDonald's Global Sarbanes Oxley team |
| reporting on Sarbanes Oxley compliance, risk | | | | load a standard set of controls into the tool, and |
| management, and other governance data. | | | | then coordinate a global compliance effort where the |
| Such a tool should also help organizations meet | | | | core team could direct specific business units to |
| additional governance responsibilities including the | | | | focus on specific controls at certain times. |
| standards set out in the COSO ERM framework and | | | | The Risk Navigator solution was initially phased in |
| emerging Basel II requirements. It should identify | | | | starting in the fall of 2003 beginning with a pilot |
| problems, monitor process performance, assign | | | | program in Great Britain. Excel spreadsheets were |
| responsibilities and prioritize action items. It goes | | | | used to load the global standard COSO framework |
| without saying that an ideal Sarbanes Oxley software | | | | into Risk Navigator for each market. Managers then |
| solution should be able to be customized to meet the | | | | used the framework to do their documentation and |
| unique needs of your organization. | | | | testing. Once the pilot proved successful, McDonald's |
| Case Study: McDonald's Corporation | | | | brought Risk Navigator into its North American and |
| New requirements for internal auditing and operational | | | | European operations. Asian operations were brought |
| risk management demand the development of | | | | onto the system in 2005, and McDonald's plans to |
| powerful solutions to address the specific needs of | | | | include Latin American locations in late 2006. |
| Sarbanes Oxley as well as broader governance | | | | With the global SOX team collaborating with local |
| requirements. This is true as much for mid-market | | | | teams in an ongoing, sustainable effort, an estimated |
| organizations as it is for multinational corporations. | | | | several hundred McDonald's managers use Risk |
| For example, McDonald's Corporation, the fast-food | | | | Navigator today in some capacity. Risk Navigator |
| giant, has been in business for 50 years and is worth | | | | cleared a path for one of the world's most prominent |
| a reported $19 billion. With more than 32,000 locations | | | | and geographically diverse businesses to comply with |
| in 120 countries around the world, McDonald's is | | | | a complicated regulatory measure by the required |
| perhaps the most visible corporate brand. The | | | | deadline while empowering them to build a global |
| corporation owns nearly 30 percent of its locations | | | | repository of best practices for financial operations. |
| directly, and employs more than 435,000 people. | | | | Summation |
| As early as 2003, well before the final regulations | | | | Keeping up with complex regulations such as the |
| enforcing the Sarbanes Oxley Act were written, | | | | Sarbanes Oxley Act and sustaining those compliance |
| McDonald's executives knew they faced a | | | | activities with constrained time and resources is a |
| tremendous challenge in complying with sections 302 | | | | daunting task for even the most visible businesses. If |
| and 404 of the law. Its auditors and managing | | | | you're looking for a more efficient alternative to |
| executives would be busy enough just working with | | | | first-generation Sarbanes Oxley compliance software, |
| local business units to ensure that deadlines were | | | | spreadsheets and other manual approaches to |
| met and correct data gathered. The company | | | | Sarbanes Oxley, Paisley Consulting can help. |
| needed a proven IT platform to serve as a | | | | |