hello, please see attached assignment I need help with thanks

Required Bottom-Up Approach a) What were the strengths and weaknesses of Trinity's practice-based bottom-up approach? How effective was it? b) What would you recommend it should have done differently in Year 1? Defend your response. c) Compare and contrast the strengths and weaknesses of a bottom-up versus a top-down risk approach to compliance. d) Which approach is more appropriate in completing a compliance project successfully for Trinity's first year? e) How does each approach affect a company's internal control structure? f) Identify the chief insights from the pilot project. How does the pilot project for the EDP system compare to SOX requirements? g) Identify the testing processes Trinity performed and whether Trinity took the appropriate approach in designing their controls. h) Based on the substantive tests, which testing process proved to be most useful in assessing Trinity's accounting system? i) Compose a short memorandum that communicates the results of the first year of testing along with recommendations as to what Trinity should do differently in subsequent years. IV. SOX-Related Expenses a) Formulate recommendations for how Trinity could further reduce SOX-related expenses in 2008. Be sure to consider the barriers the company may encounter with each of your recommendations. b) What are the major sources of cost in Trinity's compliance maintenance and testing? c) Rank each of the major sources of cost in terms of value. d) Compare the choice of Oracle as the selected software system against two other systems of comparable size and scope. Evaluate each software system's advantages and disadvantages. e) If you determine that another software system would have been a better choice through your analysis, defend the decision. If Oracle is the choice after analysis, defend that decision. I will be attaching what I did so far please review to ensure all questions please ensure that all questions were answered and create heading for each question so I can identify where each begin Thanks RUNNING HEAD: Comparative Systems Report 1 Comparative Systems Report A bottom-up approach was used by the Trinity industry in their audit of the corporate internal controls. According to (Zahra and Said, 2014) bottom-up approach is "a census of the processes of the company establishes the starting point of the process." For Trinity Industries, this meant that each BU would report and "document their processes and controls."(Schultze, 2011) afterward the BU's then are to report back to the PMO and the steering committee on what processes and internal control structure that each BU was using. "The purpose of this project phase identifying the AS-IS state of processes and controls through a bottom-up analysis of the organization's work practices." (Schultze, 2011) The compliance gaps would then be evaluated by the steering committee, the PMO and the teams in charge of recording the controls. It was discovered that even the corporate officers knew about the SOX compliance requirement that were upcoming and still gaps existed between the AS-IS and SOX way of conducting business. Alternatively, instead of using bottom-up way of auditing Trinity Industries, SOX compliance may serve as well used top -down audit risk assessment. This method is a requirement by the PCAOB that is under auditing standards No.5; the method begins at the financial statement level with the auditor's awareness of the general risks of internal control over financial reporting. The auditors then concentrate on entity -level controls and work down to important disclosures, accounts, and declarations that present a realistic possibility of material misstatement to the financial statements and related discoveries. The auditor will then verify his understanding of the risks in the company's procedures and selects for testing those controls that adequately address the evaluated risk of misstatement to every significant assertion. (Public Company Oversight Board, 2015) The bottom-up approach used by Trinity has some advantages especially in the preliminary stages of SOX compliance, this is because there are more details on the controls and processes that are being used operationally, there is addition of information on the operational procedures of the particular Comparative Systems Report 2 BU's and the individual BU's management feel involved in the process. (Zahra &Said, 2014) However, the bottom-up approach consumes a lot of time because it entails collecting and analyzing all the data and it is expensive because it requires a lot of human resources and money. Whereas the top-down approach is faster, easier and even cheaper, it has fewer details with less information on the operational and entity level controls, reporting and processes. (Zahra & Said, 2014) In the preliminary phases of the compliance project for Trinity Industries, the greater degree of detail about their processes and controls seems applicable. The documentation of processes and controls resulted in the discovery of a lot of compliance gaps in the structure of the company. The tests mostly focused on the monitoring process and showed a split between "operational effectiveness and documentation." (Schultze, 2011) the gaps revealed were; not gathering enough evidence in support of an assertion, lack of applying control changes promptly and not maintaining the SOX binders. The pilot project showed that most of the problems found in the early stages of evaluation of Trinities' SOX compliance also existed in their EDP system. The main one being there were no centralized system for either their IT systems or their internal control processes and documentations. For internal control processes, the pilot program revealed the individual BUs almost operated as detached, independent companies reporting back to the headquarters, the IT systems were dissimilar, and they were not centralized or even standardized. Memorandum-to-the-File Date: February 3, 2017 From: Davelia Ross-Henry Re: First Year of SOX compliance implementation Comparative Systems Report 3 Facts: During the 2003Q3-2004Q4 year of SOX compliance plan, the industry developed and implemented a complete project plan that phases included "management assertion, conduct validation testing, roll-out organizational assessment, documented control environment and finalize gap analysis."(Schultze, 2011). Throughout the project plan many control gaps were identified. By the end of 2004, no material weakness was discovered but some deficiencies were revealed. This is according to Ernst and Young's audit. Issues: Although the initial year of the SOX compliance project indicated that there was no material weakness and no major SOX compliance insufficiencies, what was discovered is that both the internal control structure and the IT systems are not centralized or standardized thus making the company inefficient, cost effective or compliant as it is supposed to be. SOX compliance cost is very high which is only infuriated by the methodology approach of the audit and decentralized non-standardized internal controls and IT systems. Conclusion: during the initial year of the SOX compliance program it was revealed that Trinity Industries would have conformed with the SOX requirements. Moving ahead Trinity ought to move away from the one method or the other of auditing methodology. For a while, the "top -down, risk - based approach under AS5 makes the audit process more efficient and on time"(Mitra, Song &Yang, 2015) my belief is that going ahead Trinity should think through these two methods as complementary and if possible combine them according to the resources and deadlines. They can be steered either in a sequence or simultaneously (Zahra &Said, 2014) As stated in the above memorandum SOX compliance costs are expensive, and although the management has been able to cut down the cost, the management still feels like there are areas in which the company can reduce costs. (Schultze, 2011) At first the external testing hours were the primary source of cost related to SOX compliance, however, as time has increased the testing hours has virtually split between external and internal auditors. The company's management feels that they are Comparative Systems Report 4 testing a few controls possible given the corporation's current technology and oversight structure. Lack of a centralized IT infrastructure has resulted in the issues on time and subsequent cost associated with SOX compliance, most of the controls are tested manually, and many BUs are using various IT systems and have different procedures and monitoring processes. A standard centralized ERP system would substantially reduce the time that is spent on testing controls and might also lessen the number of controls that are to be tested. If Trinity would like to reduce the issues associated with SOX compliance which is the hours spent testing, the number of tests and the number of controls they should integrate a universal ERP system, and further use the knowledge that was gained in implementing SOX compliance measures in the putting into practice of the system. Comparative Systems Report References Schultze, U. (2011). The SOX compliance journey at Trinity Industries. Journal of Information Technology Teaching Cases, 91-113. Trinity Industries, Inc. (2015, October 5). About Us. Retrieved from trinityindustries.com: http://trinityindustries.com/aboutus/default.html Trinity Industries, Inc. (2015). 2014 Annual Report. Dallas. Retrieved from http://www.trin.net/AnnualReport.pdf 5