Deliverable: Basics
Purpose of a business processes
Business processes are the organisation’s mechanism
of creating and delivering value to its stakeholders. Inputs, processing
and outputs are functions of business processes. Increasingly, business
processes are being automated and integrated with complex and highly
efficient IT systems. These processes must also be robustly defined to
prevent the situations that gave rise to fraud, reputation damage or
collusion.
A process thus involves the participation of a number
of participants across the business. For it to be effective in practice
(converse to in theory), acceptance must be agreed from all participants
that they will fulfil their responsibility to the process.
The way this is achieved is by agreeing ownership as
early in the process as possible.
What Process and Ownership deliverable must achieve
 |
The deliverable, and hence its supporting template
will need to satisfy the following: |
|
To give the project sponsors a formal record that
ownership has been agreed |
|
To give process owner an understanding of the impact
of what they are signing off is |
|
To anticipate any SOX/Audit
requirements by assigning responsibility appropriately and assigning
controls to mitigate key risk areas. |
|
To present information in
a concise and consistent way and thus give assurance that stakeholders
can understand and agree process and ownership |
|
To provide clarity as such documents must be
understood by 3rd party |
|
To focus on agreement of “what” not “how” (i.e. keep
conceptual) |
But
not:
|
To present the sub-process in detailed way as this
duplicates any later process design. |
But note that:
|
SOX is not the only
driver to the template. It must still be a useful
tool to satisfy the client’s understanding of the process. |
Relationship to other deliverables
The following context model shows how the owner and
process document relates to the further deliverables. The impact of SOX
can generally be considered to increase as the programme enters into the
more detailed phases.
Figure
1: Context
The work instruction deliverable can thus be
considered as the process design – describing the “how” as apposed to the
process and owner deliverable’s “what”. As well as describing the steps
the process will follow in a SOX compliant manner, it must also describe
in detail the design of the controls, the impacted roles responsibility
and any informational needs. There will be a separate template to cover
how this is to be set out.
Audience of deliverable
It must be assumed that the signed off document will
be read by a wider audience. This is why it is important that it should be
written so that a 3rd party could understand it. Reviewers
might include:
| Project sponsor who will keep a record of ownership and
escalate any deviations through an established governance structure |
| Internal auditors who will use this as an early
identification of controls and SOX compliance |
| External auditors who will use this as evidence of above |
| Management (Process group owners) who review documentation
prepared by tester |
| Project team who assess the test results |
| Others such as any advisors or specialists engaged by the
auditors |
© 2002-2007 Codel Services Ltd
This paper has been prepared
by Codel Services Ltd to illustrate how structured business
modelling can help your organisation. Codel Services Ltd is an IT
Consultancy specialising in business modelling. If you would like further
information, please contact us at: Deryck Brailsford, Codel Services Ltd,
Dale Hill Cottage, Kirby-Le-Soken, Essex CO13 0EN,United Kingdom.
Telephone: +44 (0)1255 862354/Mobile: + 44 (0)7710 435227/e-mail: info@codel-services.com
