Sarbanes – Oxley (SOX) Compliance AuditsNext Steps Steve Phelps, Manager, SOX MTAC Meeting – February 16, 2011
SOX & USPS • Success in SOX • Unqualified opinion in first year of compliance • Identified cost savings in multiple business areas • Hundreds of systems / processes with thousands of controls • No Material Weaknesses • Stronger business and IT controls • Strengthened business mail process to prevent lost revenue • Strengthened controls over IT access and decentralized operations at 36,000 locations • Built base of documentation Integrate into everyday activities
FY 2011 SOX Strategy • SOX activities are continuous and focus on Documentation Changes, Testing, and Reporting of Results • Document processes • Identify risks • Identify key controls • Create test scripts • Test key controls for effectiveness • Remediate design and operating effectiveness gaps • Retest controls if necessary • Evaluate severity of risk ... Document Test Report • Quarterly 302 certification • Annual 404 certification
What SOX Means for Customers • Customers can help with compliance by following business mail policies and procedures • Complete Postage Statements and ensure correct mailing date is reported • For drop-ship mailings, filling out PS Form 8125 or 8017 is required • Forms must be unaltered and original • Prepare containers so that they are correctly labeled • Confirm location and time for mailing drop-off • Ensure payment and fees are accurate and up-to-date Ensuring that our revenue streams are well-managed will enable the Postal Service to provide the best possible services at the best possible prices!
Update on Business Reply Mail Initiatives • Evaluate standard operating procedures (SOPs) for Postage Due Clerks processing Business Reply Mail piece • SOP vs. actual process in locations do not match • Provide training to Supervisors and Postage Due Clerks on current policies and procedures related to Business Reply Mail • Additional communications to alert employees of changes to system or processing affecting Business Reply Mail • Business Reply Mail controls will be tested in FY 2011 to ensure SOX compliance • Revenue Recognition – PS Form 3582-C • Verification of Funds – PS Form 3584 • Annual Fee Verification
FY 2011 SOX Initiatives • Continue testing for SOX compliance in Quarters 2-4 • Reevaluate controls to determine key and non-key controls for continuous improvement • No BMA control changes expected • Proactively manage and respond to planned changes to IT systems and business processes: • PostalOne! / IMB • Phoenix • SEAM • Oracle upgrade • Solaris to Linux migration • RPW