Home        Clients        Consultants        Staffing Services        Jobs         Contact         News & Events

Following is a list of capabilities SMJ Consulting Services has developed for financial and operational risk management to support Sarbanes-Oxley (SOX):

  1. Development of financial and operational risks management applications to support SOX.
  2. Implementation of corporate-wide solutions for the identification, collection, management and measurement of qualitative and quantitative operational risk application using Basel II standard.
  3. Implementation of financial risk-assessment and risk management application to support Sections 302 and 404 of SOX.  Functionality includes capturing of issues, risks, controls, action plans, management certification and attestation, and documents retention and management using Committee of Sponsoring Organizations of the Treadway Commission (COSO) and Basel II standards.
  4. Contributed to the restatement process of Fannie Mae and Freddie Mac's accounting errors. Developed a repeatable process in data management and control of restatement data to ensure timely completion of restatement.  Designed and developed restatement repositories for storing various restatement documents with real time replication to ensure strict business continuity process.
  5. Research and provide data to Legal to support Washington Mutual investigation and class action lawsuits.
  6. Established and managed Central Monitoring Operations team to monitor financial reporting applications to comply with Sarbanes-Oxley (SOX) controls guideline.  Monitoring includes privileged activities, which include database modifications, changes to system, network configuration, data store, user profiles, and application changes.  Monitoring also includes security events, which include authentication of user successful and failed logins, and authorization of access to application, platforms, and data.
  7. Full life-cycle implementation of a corporate-wide database security and auditing tool to log and monitor financial reporting applications’ database activities on Sybase and Oracle to comply with SOX database access controls.
  8. Provide disciplined project management focusing on the tools and methodologies to ensure compliance with Sections 302 and 404 of SOX.  Project management activities include developing and maintaining formal project plans, facilitating regular status meetings, and using a set of defined metrics to ensure rigor in the reporting to management.  Specifically, the phases are described below:
    1. Requirements & Planning
      1. Functional requirements capture initial project information, end user business requirements, and force company regulations compliance.
      2. System & software requirements serve as the business and technical specifications for the design and development teams. It collects all information needed to develop, track, and deliver the project successfully.
      3. IT operations project workbook is the project's passport into production.
      4. Microsoft project plan schedule development in the requirements phase with frequent updates throughout the life of the project.
      5. Requirements and planning phase end report for sign-off sheet to confirm the acceptance of all the requirements documents and project plans by all the stakeholders
    2. Design & Development
      1. Technical architecture documents architecture work product, and definition of the hardware and software components of the project.
      2. Application design documents the system design and captures how the system will meet requirements.
      3. Test plan and test environments include creating test plans that mapped to requirements and design.
      4. Design and development phase end report for sign-off sheet to confirm acceptance of Phase I (i.e., Requirements & Planning) and Phase II (Design & Development)
    3. Test & Transition
      1. This work product provides recommendations that will allow the project team to capture the outcome of tests conducted.
      2. Support plan defines how the system will be supported and maintained in a production environment.
      3. Deployment plan recommends an approach to define how, when, and by whom the system will be transitioned into the production environment.
      4. Test and transition phase end report for sign-off sheet with buy-in for all the above tasks.
    4. Launch 
      1. Application install and data conversion signoff to record the successful installation of the application and to record the successful loading and conversion of legacy data.
      2. Shut down of legacy system includes disposition of the data, hardware, and software for the system being replaced.
      3. Launch phase end report sign-off sheet for project sign off.
      4. Project end report summarizes the results of the project, post mortem and evaluation of the project.
  9. Provide compliance scope support by determining the documentation necessary and the nature, timing, and extent of testing of controls to be performed for each significant account, disclosure, and business process.
  10. Assist management in identifying the significant accounts, disclosures, processes, sub-processes, activities, risks, sub-risks, and controls as they relate to the five components of the COSO framework (i.e., control environment, risk assessment, control activities, information and communication, and monitoring).

Following is a list of capabilities SMJ Consulting Services has developed to support implementation of enterprise-wide applications, including PeopleSoft Human Resources and Financials:

  1. Provide support in setting up the Production environment for applications with the following capabilities:
    1. Review of application enhancements list.
    2. Familiarize with overall technical architecture and environment of applications to ensure the software will be fully operational.
    3. Ensure the implementation process be compliant with organization’s standard.
    4. Provide support in setting up the Development and Test environments for applications. 
    5. Configuration of web server.
    6. Configuration of application server.
    7. Interface infrastructure
      1. Middleware – ORB, Messaging, SQL
      2. Interface point – Ports, protocol
    1. Capacity planning for hardware and software support.
    2. Modify and verify the configuration files to link to applications.
    3. Modify and verify configuration file to link to database.
    4. Development support to comply with organization’s standards.
    5. Preparation of testing scenarios
    6. Conduct end-to-end test of applications with one up and one down.
    7. Support configuration management efforts for applications.
    8. Production implementation and verification as set forth by organization’s standards
    9. Production end-to-end testing and verification


  1. Develop training materials and conduct training. Produce three-ring binder with training material as a leave behind.
    1. Operations Support Training.
      1. Develop training materials to support Help Desk support, Desktops Support, and system administrator support.
      2. Schedule and conduct operations support training for Help Desk, Desktops Support, and system administrator support.
  1. Provide Production support for the applications after implementation.
    1. Production/Rollout Support.
      1. Real-time Production/Rollout support during the pilot phase. 
      2. Real-time Production/Rollout support during the full phase.
  1. Support of Post-Implementation tasks for applications:
    1. Participate in Security Assessment with Security Group.
      1. Support security assessment from the Security Group.
      2. Follow up with security assessment activities.
    1. Support Change Management Activities.
      1. Ensure change management activities are documented and under configuration management control using CM tools.
      2. Ensure image, JSP and HTML files, Perl scripts, executables are under configuration management control using CM tools.
      3. Ensure issues are documented and tracked per change management process.
    1. Document run, start and restart processes for Horizon application.
      1. Work with vendors to document the run, start, and restart processes.
    1. Disaster Recovery Plan
      1. Work with the Disaster Recovery team to develop application’s business continuity plan.
      2. Test application’s business continuity plan.
      3. Maintain application’s business continuity plan.

Other capabilities include database administration support for Oracle and Sybase, and data architecture support for restatement and financial data warehouse.


  •    Privacy Policy    Copyright © 2008 SMJ Consulting Services Inc.