Marel Q1 2024 Investor Presentation from May 8, 2024
SCS Presentation - Corporate Governance
1. The Importance of
Governance
In a Regulatory World
Dwayne Jorgensen, CIA, CFE
Consultant, Governance Services
Spirit Consulting Services
2. Agenda
Introduction/Sarbanes-Oxley
Brief history
Human nature and the need for governance
COSO overview
Your role
Spirit or Letter of the Law?
A Risk-based approach…
Q&A
3. The Cost of Poor Governance:
Sarbanes – Oxley in a Nutshell
The Act was signed into law on July 30, 2002 and includes eleven
titled sections:
Title I Public Company Accounting Oversight Board
Title II Auditor Independence
Title III Corporate Responsibility
Title IV Enhanced Financial Disclosures
Title V Analyst Conflicts of Interest
Title VI Commission Resources and Authority
Title VII Studies and Reports
Title VIII Corporate and Criminal Fraud Accountability
Title IX White Collar Crime Penalty Enhancements
Title X Corporate Tax Returns
Title XI Corporate Fraud and Accountability
4. Brief History
Thanks to Enron and the “.com implosion,”
Governance became an issue
COSO’s Framework of Internal Control was
published in 1992, but did not prevent the
need for the Sarbanes-Oxley Act… Why?
COSO was left “voluntary,” and therefore was
essentially ignored for ten years by the
business world, until made mandatory by the
Sarbanes-Oxley Act.
5. Human Nature -The Need For Governance
Maslow's Hierarchy of needs
– “Self-Awareness” is a desired, not required state.
Behavior styles and business management
– Governance tends to be viewed as “overhead,” and has
historically been minimized on a “cost/benefit” basis.
Why is governance important?
– Curiosity, greed, self-rationalization and pride, the key elements
of control breakdowns in historical business cases.
6. Human Nature The Need For Governance
The Competency Square
Unconsciously incompetent Unconsciously competent
Consciously incompetent Consciously competent
7. Human Nature The Need For Governance
Unconsciously Unconsciously
incompetent competent
Consciously Consciously
incompetent competent
8. Human Nature The Need For Governance
Unconsciously Unconsciously
incompetent competent
Consciously Consciously
incompetent competent
9. COSO - Overview
• COSO Definition of Internal Control
– Internal control is a process, effected by an
entity’s board of directors, management and
other personnel, designed to provide reasonable
assurance regarding the achievement of
objectives in the following categories:
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
• Key Concepts
– Internal control is a process. It is a means to an
end, not an end in itself.
– Internal control is effected by people. It’s not
merely policy manuals and forms, but people at
every level of an organization.
– Internal control can be expected to provide only
reasonable assurance, not absolute assurance, to
an entity’s management and board.
– Internal control is geared to the achievement of
objectives in one or more separate but
overlapping categories.
11. COSO – Overview
Dwayne’s “Hierarchy of Internal control needs”
(First published 1990):
Control
Self-
Assessment Proactive
Consulting Reactive
Operational
Compliance
12. COSO – Overview
Hierarchy of internal control needs – revised
(2004)
– New Foundational Layers:
CSA
Proactive
Consulting
Reactive
Operational
Compliance
Objectivity
Independence
13. Your Role as “Teacher”
Who is responsible for implementing the Internal
Control Framework?
– Management
Who should be responsible for overall Governance?
– Not your external auditors
What is the preferred solution?
– Senior management and internal auditors as teachers of Internal
Control
14. Your Role as “Teacher”
Internal control expertise can
provide assistance in every
layer of the cube
Compliance
Reactive Operational
Consulting
Proactive
CSA
15. Your Role as “Counselor”
Why should management, internal and
external auditors communicate?
– Ensures company assessments,
documentation, testing and reporting are
correct
– Lightens attestation load for external auditor
(SAS 65)
16. Governance: Spirit or Letter of the Law?
Sarbanes-Oxley: The “end” or “means?”
– Act originally thought limited in life, now basis for many global
governance initiatives
Positive/negative effects of the intent for creating the
ideal control environment
– Too much focus on “letter of the law” (reporting requirements)
than “spirit” (corporate governance)
Ongoing debate over role of External Auditor
– Act was direct result of audit firms acting as consultants, yet lines
are still blurred on using external auditors for consulting needs.
– “4 – 3 – 2”
17. Spirit or Letter of the Law?
4-3-2
Section 404
– Can external auditors “independently” test and opine
on management’s report on internal controls if they
played any role in preparing the document?
18. Spirit or Letter of the Law?
3
4- -2
Section 302
– Is management comfortable with this decision in light of
pending guidance on disclosure protocols, and the
subsequent potential harm if something was deemed
“inappropriate” about the external auditor’s role at a later
date?”
19. Spirit or Letter of the Law?
4-3- 2
Section 201
– Since this assistance of operating management in
preparing their assertion falls outside the scope of
actual external audit work, does it require audit
committee approval, and is management therefore
comfortable asking for it?
20. In the true “spirit” of the Act…
Independent Internal Audit (IA) function
Board-approved charters
Risk assessments – management & IA
– Key Controls Determined by management assessments
– Audit plans developed based on output of assessments
Testing and reports of effectiveness by IA
– Correction of deficiencies by management
Management/IA as “teachers of internal control”
Management/IA as part of continuous improvement
process
21. In the true “spirit” of the Act…
Thought-leading organizations were
doing most, if not all, of the
previous prior to the Act, and were
not even necessarily publicly
traded!
23. Enterprise Risk Framework
Four objective categories –
Strive to achieve
Eight components – Needed
to achieve
Entity and organizations
units
24. Enterprise Risk Framework
Is a process- is a means to an end,
not an end and itself.
Is effected by people-is not merely
policies, survey and forms, but
involves people at every level of an
organization.
Is applied in strategy setting.
Is applied across an enterprise, at
every level and unit, and includes
taking an entity-level portfolio view
of risks.
Four objective categories-Strive to
achieve
Eight components-Needed to achieve
Entity and organizational units
25. Enterprise Risk Framework
Is designed to identify events
potentially affecting the entity
and manage risk within its risk
appetite.
Provides reasonable assurance
to an entity’s management and
board.
Is geared to the achievement of
objectives in one or more
separate but overlapping
categories Four objective categories-Strive to
achieve
Eight components-Needed to achieve
Entity and organizational units
27. Who’s Watching the Store?
Frequency
Role Responsibility
COSO SOX 302 SOX 404
Owner of internal controls
Management Ongoing Quarterly Annually
and ongoing monitoring
Validators independent of
Internal
management, but part of Periodically Quarterly Annually
auditors
company
External Validators independent of
Annually Quarterly Annually
auditors company
28. Cost of SOX Implementation: 2005
2005 SOX Expenditure by US firms: $6 Billion
– Internal expenses: $2 Billion
– Hardware/Software: $2 Billion
– Consulting: $2 Billion
Source:
Gartner
29. Cost of SOX Implementation: Ongoing?
A study from Foley & Lardner LLP shows that while the total cost of SOX compliance dipped in
2006, spending on so-called out-of-pocket costs rose by double-digit percentages.
According to the Chicago-based law firm's study, public companies with more than $1 billion in
annual revenue spent an average $10 million on costs such as board compensation and audit and
legal fees in 2006. That's a 12% increase over spending in 2005. At public companies with revenue
under $1 billion, the increase was 13%.
External audit fees claimed the biggest chunk of money, accounting for more than 47% of the out-of-
pocket spending on compliance by the smaller public companies. At companies with more than $1
billion in revenue, a whopping 60% of the money goes to external audit fees.
"Some experts predicted that external audit fees would decrease after the initial implementation of
Section 404 audits, as external auditors became more familiar with their clients' accounting controls
and, therefore, more efficient in conducting their audits," said Thomas E. Hartman, a partner at
Foley & Lardner and director of the report. "Our study results do not support this prediction. Indeed,
external audit fees have been the only cost our study has shown to increase every year since the
Sarbanes-Oxley Act was passed."
Meanwhile, all the manpower and money that companies have invested internally on SOX
compliance is beginning to pay off. According to the Foley study, most of that dip in total SOX
spending in 2006 was due to efficiency improvements in internal financial reporting -- and thus a
gain in productivity.
IT departments shouldered a big part of the internal work done in preparation for SOX -- cleaning up
and documenting processes. Can CIOs give themselves a pat on the back?
"CIOs will be able to pat themselves on the back when they sit down and help the rest of the
business automate the internal controls as much as they can, and help get down the external audit
fees, which are out of control," said analyst French Caldwell, who covers compliance at consultancy
Gartner Inc. in Stamford, Conn. "It's not over yet. Don't even stop to catch your breath."
Caldwell said the Foley findings are consistent with other research. During the last three years,
companies have seen about a 35% reduction in overall SOX compliance costs, almost all of which
have come from savings on internal labor and on fees paid to consultants.
But a reduction in internal labor costs or one-time consultants doesn't equate with "any great
efficiencies," he said, precisely because the external auditing fees have hardly budged -- indeed
they're "out of control."
"That indicates to me that there is just as much to audit. That indicates to me that many companies Source: Linda Tucci, 16
haven't really rationalized the controls. They haven't automated a lot of the controls," Caldwell said. Aug 2007,
Nor have companies yet heeded the advice this spring from the Securities and Exchange SearchCIO.com
Commission (SEC) to take a more risk-based approach to SOX compliance.
30. So What’s a Corporation to Do?
Continuous monitoring (CM) offers the only
practical, cost-effective solution.
– Build a system that provides a perpetual inventory
of governance
– Leverage IT to maximize automation and reduce
staffing loads
31. Proposed CM Solution Pyramid
Oversight Component
Oversight Component
“Tone at the top”:
“Tone at the top”:
Executive buy-in, “spirit” vs. “letter”
Executive buy-in, “spirit” vs. “letter”
Planning Component
Planning Component
SOX methodology:
SOX methodology:
Assess, document, test, report
Assess, document, test, report
Co-sourcing component?
Co-sourcing component?
Independent IT test services
Independent IT test services
Software Component
Software Component
Various vendor process automation products:
Various vendor process automation products:
Ex.: Documentum®,, Movaris OneClose®,, ACL CCM®
Ex.: Documentum® Movaris OneClose® ACL CCM®
Hardware/Data Integrity Component
Hardware/Data Integrity Component
EMC: Centera®,, Proofspace encryption, record management automation
EMC: Centera® Proofspace encryption, record management automation
32. Sarbanes-Oxley’s Impact on the COSO
Cube
Section Section
404 302
Section
409
IT Components
Server Logs, Database Logs, Firewall
Logs, Intrusion Detection, Incident
Response, Awareness Training
Monitoring
IT Policies, Standards & Procedures
Email, Scorecards, Dashboards, Project
Control, Help Desk
Information & Communication
Firewalls, Security, DRP, Business
Continuity, SDLC, Change Control,
Operations
Control Activities
IT Risk Management,
IT Risk Assessments,
Business Impact Analysis
Risk Assessment
“Tone at the top”, IT Governance,
Regulatory Compliance Control Environment
33. CM Solution Requirements
Tool or process
needed
(examples Resources
only): needed
One Close® Monitoring
)
SW
Documentum® W/ Information & Communication
(H
ACL CCM/
gy
Control Activities
olo
One Close®
t.)
hn
gm
, m le
op
Risk Assessment
c
Te
One Close®
Pe
aff
Organizational
Control Environment
(st
Consulting
34. Key Recommendation
Validate methodology through execution on a
pilot process (assess, document, and test)
Remediate consistently and constantly
Work with external auditor to ensure
approach is satisfactory via a full trial on a
key process before rollout
35. Internal Control Maturity Model
Initial Repeatable Defined Managed Optimizing
Initial Control structure is not defined. Control occurs incidentally.
Repeatable Control structure is not defined, but control processes may occur
based on past success and management oversight.
Defined Control structure is documented, standardized and integrated into
control processes for the organization.
Managed The control process is regularly assessed and tested. Detailed
measures of the control process are collected and reported.
Optimizing Continuous process improvement is enabled by quantitative
feedback from the control process.
Predictability, effectiveness and efficiency of an organization's
internal controls improve as the organization moves through these five stages.
36. COSO-Driven Methodology: Assess
ASSESS
ASSESS DOCUMENT TEST REPORT
Remediate
Ongoing coordination between management,
external auditor, and consultant
Process Outcomes
Define overall SO requirements Management support
Form
Form Identify and form team
team
team Partner with external audit firm Internal champion
Trained team
Confirm audit universe
Perform risk
Perform risk Define risk weighting Consensus on objectives
assessment
assessment Conduct assessment Risk-ranked universe
The plan
Analyze assessment results
Confirm
Confirm Confirm risk rankings
results
results Map to knowledge base of mitigating practices
Present findings to management
Develop
Develop Develop plan for documentation phase
work plan
work plan Review plan with external auditor, management
37. COSO-Driven Methodology: Document
ASSESS DOCUMENT
DOCUMENT TEST REPORT
Remediate
Ongoing coordination between management,
external auditor, and consultant
Process Outcomes
Define target maturity level by process COSO maturity ranking
COSO
COSO Assess COSO maturity by process
alignment
alignment Consensus on end state
Identify where improvements are needed
Improved controls environment
Document
Document Define control objectives
Ongoing monitoring
control
control Determine tool approach
activities
activities Map assessment to objectives and identify gaps Documented controls
Develop plan to address gaps with control changes
Improve
Improve Assess and implement changes in controls
controls
controls Test new processes and train users
Define
Define Confirm the role of the internal audit department
monitoring
monitoring Assess current monitoring environment
process
process Implement monitoring process
38. COSO-Driven Methodology: Test
ASSESS DOCUMENT TEST
TEST REPORT
Remediate
Ongoing coordination between management,
external auditor, and consultant
Process Outcomes
Management
Management Educate management on controls Management control monitoring
controls
controls Develop framework for management monitoring
Independent monitoring
monitoring
monitoring Facilitate management monitoring of controls
Management reporting process
Independent
Independent Develop framework for independent monitoring Ongoing reporting
internal audit
internal audit Facilitate independent monitoring of controls
Testing
Testing
Identify weaknesses from management test
Material
Material Develop action plan for weaknesses
weakness plan
weakness plan Reiterate if necessary
Implement process for ongoing quarterly reports
Ongoing
Ongoing Define process for development of IC report
report process
report process Partner with external auditor on report requirements
39. COSO-Driven Methodology: Report
ASSESS DOCUMENT TEST REPORT
REPORT
Remediate
Ongoing coordination between management,
external auditor, and consultant
Process Outcomes
Management reports on role in controls Management report
Management
Management Management reports on testing process
report
report External audit report
Management delivers final controls report
External assertion
External
External External audit commences
audit
audit
External External auditor tests controls per requirements
External
control testing External auditor reviews management report
control testing
External auditor issues final report
External
External
auditor
auditor External auditor issues final assertion
assertion
assertion
40. Benefits/ROI
ROIs are easily calculated, by the determination of
FTE reduction due to PCAOB’s Standard II regarding
the testing of automated controls once, versus
reiterative testing necessary for manual controls.
Secondary benefit, especially in the ability to store
the results of continuous monitoring in an
authenticated, digital format, should have a
significant impact on future third-party litigation
revolving around alleged misconduct by
management, in proving the validity of the
effectiveness of key control activities.
41. Illustrative Assessment Work Plan
Week Number 1 2 3 4 5 6 7 8 9 10
Weeks Remaining: 10 9 8 7 6 5 4 3 2 1
# T ask Description:
1 Initial planning and information gathering
2 Conduct initial interv iews
3 Rev iew Engagement Letter
4 Finalize interv iew list
5 Finalize specialists required
6 Prepare letter for interv iewees to ov erv iew project/ team
7 Prepare interv iew objectiv es and general questions
8 Finalize workplan
9 Dev elop ov erv iew of client business/industry
10 Finalize tailored questions by functional interv iew
11 Draft format for deliv erables
12 Schedule interv iews (approx . 25-35 interv iews)
13 Perform interv iews (approx . 25-35 interv iews @ approx . 1.5 hrs each)
Interv iews led by IA with client internal audit personnel inv olv ement
14 Document results of interv iews / confirm with interv iewees
15 Dev elop risk ranking
16 Dev elop audit plan
17 Determine resource needs to ex ecute audit plan
18 Obtain client management consensus on risk profile
19 Finalize and present deliv erables
42. Control Assessment Structure
General Controls Control COSO Control
Capabilities Com ponent Risk Factors
Control
Control Capabilities Authorization Environm ent Delegation of Authority
a) Authorization Authority and approval levels is not delegated to the low est levels.
b) Processing and Recording Authority is delegated to the front lines how ever executive management is involved.
c) Safeguarding Authority is delegated to the front lines and decision making resides at that level.
d) Reporting
e) Compliance Processing and Control
Recording Environm ent Skill sets
f) Risk Management Employees possess the know ledge and skills necessary to effectively execute their job.
g) Resource Availability Employees possess some of the skills required to effectively execute their job.
Employees generally do not have the know ledge or skills to effectively execute their job.
Processing and Control
COSO Control Com ponents: Recording Environm ent Volume of transactions
a) Control Environment Low volume of transactions and minimal interventions and hand-offs.
b) Risk Assessment Average volume of transactions and considerable number of manual interventions.
c) Control Activities High volume of automated and manual transactions and hand-offs.
d) Information & Communication
e) Monitoring Risk Control
Management Environment Organization Structure
Operations are highly centralized with effective communication systems.
Operations are fairly decentralized with fairly effective communication systems.
Operations are very decentralized with ineffective communication systems.
43. Framework for Risk Assessment
Identify
– What are the risks?
Measure
– What is the relative degree of risk? (Determined by
Severity and Likelihood.)
Prioritize
– Which risks are most important?
44. Risk Assessment: The Big Picture
Internal and external risks faced by all organizations.
Requires linked and consistent management
objectives.
Identified/analyzed to manage and achieve objectives.
A system to address organization impact of external
and internal condition changes.
IIA Definition-“… a systematic process for assessing and
integrating professional judgments about probable adverse conditions
and/or events. …organize and integrate professional judgments
for development of the audit work schedule.”
45. Enterprise Risk Assessment
Driven by enterprise strategies and overall
goals.
Risk rank audit universe, applying the same
risk factors to all audit entities.
Top-down focus begins at the enterprise level.
Bottoms-up begins at the entity level.
• Approach dependent on management’s objectives and
other initiatives in place.
46. Enterprise Risk Assessment Defined
Enterprise Risk – Potential exposures which could
significantly impact or impede an enterprise’s ability
to succeed in accomplishing its overall financial and
operational goals and objectives.
Risks can be categorized as follows:
– Strategic – relating to high-level goals, aligned with and
supporting the entity’s mission/vision.
– Operations – relating to effectiveness and efficiency of the
entity’s operations, including performance and profitability goals.
– Reporting – relating to the effectiveness of the entity’s reporting.
– Compliance – relating to the entity’s compliance with applicable
laws and regulations.
47. Ways To Look At Risk
Quantitative
• Assign a value to each control risk times a probability
of the threat of the risk
• Higher value/greater risk
Qualitative
• High, medium, low or adequate/inadequate
48. Approaching Risk Assessment
Solicit executive management’s enterprise strategies, goals,
objectives and concerns.
If applicable, obtain external auditor’s perspective of the
company.
Also consider insurers, outside counsel, other third-party
service providers.
Capture organization, products, processes, functions,
locations, systems, support areas, etc. relevant to auditable
entities.
Develop a model using risk factors, weightings and scoring
criteria.
Objective is a risk-ranked audit universe.
49. An Enterprise Risk Assessment Tool
Provide analyses regarding risk exposures
at an audit universe (enterprise) level.
No pre-defined database of standard
questionnaires, risk factors and set risk
weightings.
Information compiled by experienced
professionals.
Information/analyses as good as the
information compiled.
50. Types of Risk Factors
Assets at risk Systems
• Cash • Information quality
• Inventory • Security
• Intellectual property • Disaster planning
Operational • Equipment/software
• Procurement Financial
• Production • Data accuracy
• Material Handling
• Available information
• Sales
• Completeness of data
• Service
• Human Resources • A/R, A/P, Cash flow,
etc.
• Planning
• Legal
• Environmental
51. Risk Weighting and Scoring
Weigh risks based on customized criteria.
• Relative importance of individual risk factor.
• Risk factor impact on business units based on
likelihood of occurrence and severity of impact.
• Facilitate with management and process owners.
Risk weighting results reviewed by
management and the process owners.
• Risk score is assessed for each risk factor.
• Scores summed for a total risk score.
• Supports risk ranked audit universe.
52. Risk-based Approach: Examples
Functional Risk Conversion Risk Strategic Risk
Business Processes Authority
Alignment Bench Strength Capital Availability
Business Continuity Budgeting & Planning Competition
Financial Reporting Financial Markets
Compliance Financial Assessment Capacity
Contracting Commodity Flexibility
Evaluation Industry
Empowerment Financial Statement Communication
Environmental Cycle Time Leadership
Falsification Legal
Fraud Regulatory Reporting Efficiency
Health and Safety Human Resources Regulatory
Taxation Product Life Cycle
Illegal Activities Organization Structures
Management Information Performance Metrics Product Development
Obsolescence/Shrinkage Pricing Reputation
Product/Service Quality Finance Resource Allocation Trademark Erosion
Relevance Collateral Supplier Sovereign
Unauthorized Use Counterparty Technology Selection Strategic Assumptions
Credit Technology Deployment Valuation
Currency
Technology Derivatives
Availability Interest Rate
Access Liquidity
Functionality Reinvestment
Integrity Settlement
Usability
53. Risk-based Approach: Process
Executive Management Input Company Strategies
Risk Factor Model Audit Universe Risk Exposure Audit Plan
Development Development Scoring Development
• Executive Management • Input Obtained from • Scoring Occurs from • Compute Risk-Ranked
Input and Buy-in Many Sources Interviews with Senior Audit Universe from
Management Completion of the ERA
• Extract Risk Factors • Organizational Charts,
Responsible for the model
from Strategies Internal Management
Auditable Entities
Reports, Company • Develop Audit Plan
• Identify & Define Risk
Directory, Annual • One Person may be Based on Risk-Ranking
Factors to be Used
Report, General Ledger, Responsible for and Available
• Define Related Scoring Location Listings, Major Scoring Multiple Resources
Criteria for Each Risk Projects or Contracts, Entities
• Obtain Executive
Factor Information Systems,
• Many Persons may be Management Approval
etc.
• Weight the Risk Factors Responsible for
• Execute Audit Plan
• Cost Centers, Profit Scoring One Entity
Centers, Investment • Reassess Risk
Centers, Locations, Exposures
Functions, Processes,
etc.
54. Risk-based Approach Re-cap
Risk-based approach
Defined model of enterprise risk factors
Customized to fit our client’s needs
Efficient direction of audit resources
Supported by an electronic tool that provides for
data analysis
Provides sufficient information to build an audit plan
Performed by experienced professionals
Cost effective solution to improve enterprise risk
management initiatives
56. Dwayne Jorgensen, CIA, CFE
Consultant, Governance
Spirit Consulting Services
Dwayne Jorgensen, CIA, CFE, is a recognized expert in governance, risk and
controls. Mr. Jorgensen created the Sarbanes-Oxley Services & IT Governance
global practice for CTG, a 39-year old IT staffing solutions firm. He is respected for
his ability to assess a clients’ current state of compliance with Sarbanes-Oxley
(SOX) and then guide them in meeting their compliance goals, especially those
related to Sections 302, 404, and 409 of the act. In addition, Mr. Jorgensen has
developed a “continuous monitoring” solution for corporate governance and
speaks on the role of IT in that endeavor. Mr. Jorgensen is an expert in COSO,
risks and controls, specifically as these areas pertain to the impact of SOX on
corporate governance. He has over 20 years’ experience in internal audit, system
controls, practice development, capital acquisitions, and risk management.
Before CTG, Mr. Jorgensen was North American Practice Director of internal audit
services for Jefferson Wells International. He oversaw the growth and
development of the firm’s internal audit service line in the United States and
Canada post-Sarbanes-Oxley, especially in the areas of 301, 302, and 404
compliance. He also directed the business process outsourcing practice for the
Atlanta office of Arthur Andersen, LLP, and was elected a principal of the firm. He
was a senior manager for Coopers & Lybrand, LLP, and director of internal audit
and secretary of the audit committee for a Flagler System, Inc. Mr. Jorgensen is a
member of the Institute of Internal Auditors and the Association of Certified Fraud
Examiners, and has a Bachelor of Arts degree in pre-law with a major in
accounting and finance from the University of Illinois-Urbana.
57. Dwayne Jorgensen, CIA, CFE
Consultant, Governance
Spirit Consulting Services – Referrals
“I had the opportunity to work with Dwayne during an extremely critical period as our
company attempted to address Sarbanes Oxley concerns. Dwayne and his team were
simply the best of the best. I highly recommend Dwayne and would welcome the
opportunity to work with him again.” April 1, 2008 Top qualities: Great Results, Expert, High
Integrity Mike Pulaski - hired Dwayne as a Business Consultant in 2004, and hired Dwayne
more than once
“Dwayne was directly responsible for developing Jefferson Wells approach to provision of
Sarbanes Oxley services just after the act was passed by congress. He was on the leading
edge of the service. His leadership was instrumental in subsequent success the company
enjoyed.” January 7, 2008 Bob McDonald, Director Construction Services, Jefferson Wells
International - worked indirectly for Dwayne at Jefferson Wells International
“Dwayne took a leading role in developing the regulatory compliance practice in the UK
operation. I found Dwayne to be very commercially focused and felt his strengths were in
developing a lasting relationship with the client.” January 8, 2008 Martyn Smith, Senior
Consultant, CTG (UK) Ltd - worked with Dwayne at CTG
“Dwayne was the key provider in the delivery of an excellent Sarbanes-Oxley assessment
audit of our business processes and provided specific and creative recommendations for
implementation of corrective actions.” January 4, 2008 Top qualities: Personable, Good
Value, On Time John Ponzo - hired Dwayne as a IT Consultant in 2004
“I encountered few people in the three years I was selling SOX and GRC applications that
truly understood the intertwined nature of a control environment and technology. Dwayne
understood the pro's, the con's and the yet to be challenged status quo. Dwayne knew early
that complex control issues could be tackled efficiently using technology and at a reduced
overall cost. Simply put Dwayne "gets it"!” January 28, 2008 Brian Tietje, Senior Sales
Consultant, Movaris - was with another company when working with Dwayne at CTG
58. Contact Information
Dwayne E. Jorgensen, CIA, CFE
Consultant
Spirit Consulting Services
1851 Baltusrol Trail
Duluth, GA 30097
Office: 678/957-0838
Mobile: 770/789-7581
E-mail: dej@spiritconsultingservices.com