The bottom-up approach is forward looking, thus it begins with the basic processes and transactions …show more content…
91). Hence, Trinity Industries chose to use the bottom-up approach in complying with year one of SOX, In my opinion, this was the correct choice, because when SOX first became law, The Sarbanes-Oxley Act did not provide detailed guidelines on how to achieve compliance. The act only stated the various regulatory requirements. With the numerous challenges that faced Trinity Industries, a clear starting point was not …show more content…
Even with its huge price tag, Oracle has shown continued compliance savings each year after implementation. In addition, Oracle has top-notch security features and does not have third party or partner modules, which lessens risk. While Trinity has centralized standard financial transactions, the company is diverse and Oracle has proven that it has the capability to address this.
Memorandum
January 31, 2004
To: Timothy Wallace, Chief Executive Officer
From: Tammy A. Brugger
RE: Summary – SOX Compliance Year One
In order to meet compliance with Section 404 of The Sarbanes-Oxley Act, the SOX compliance project team conducted a bottom-up analysis of all internal controls of the financial processes for Trinity Industries. Management assertation was completed six months ahead of schedule and within budget. At the end of fiscal year 2004, 2,440 controls were tested and 327 gaps were identified. Upon completion of E&Y’s external audit, the result was no material weaknesses and fourteen deficiencies.
Beginning in year two, it is my recommendation that Trinity Industries shifts to a top-down approach of analysis of internal controls, resulting in significant cost savings of approximately $.5MM each year. In addition, I would research transitioning from the three versions of BCPS to a single ERP system, such as NetSuite, to allow for standardization of production and cost