Tony Bennett8th February 2005

Surviving Sarbanes Oxley: Emerging Practices & Pitfalls

• Introduction• Impact of s.404• Approach to s404• Pitfalls / Lessons learned• Recurring SOX requirements

• Pharmaceutical Company• Regulated by Food and Drug

Administration (FDA)

• Clearly Defined Control Policies in Place• Applied to Production and Manufacturing

areas • Standard Operating Procedures• Application to Financial systems

• Centralised approach from Corporate • Defined the parameters that were to be

used to select the impacted systems • Established a central Project Management

Office in the US• Set up a central database which was

accessible to impacted parties

• Testing matrices created• Rolled out to sites world-wide• Populated Spreadsheets/Narratives• Agreed with Corporate• Corporate Audit visit in conjunction with

external auditors.• Remediation• Reporting to Central Project Office

• Better working relationships with other sites world-wide

• Top management support• Timing is very important• Availability of Resources

• Systems identified• Controls in place • Regularly audited

Thank You.