The Sarbanes-Oxley Act of 2002 (often shortened to SOX ) is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practice on the enterprise, as well as improve the accuracy of corporate disclosures. Section 404 of Sarbanes-Oxley mandates public companies to issue an internal control report that contains management’s assertions regarding the effectiveness of the company’s internal control structure and procedures over financial reporting. The steps leading to the company’s assessment can include:
· Documenting the company’s processes through narratives, flowcharts, and / or matrices
· Identifying and documenting the key controls present to prevent financial statement errors
· Evaluating the design of the key controls
· Perform testing on the effectiveness of the key controls
· Evaluating the results of the testing
This compliance work of documenting and testing the internal control structure can be an arduous task. SOX is no longer in its infancy – large companies have been performing SOX work for over 14 years. Like with most things in life, after you have been doing things so long, it can be easy to fall into the trap of doing things “the way we always have”. With SOX procedures, this could mean assuming things have not changed from the prior year and continue on with the documentation and test procedures “the way we always have”. To combat this complacency, the following items are just some of the things that can be done prior to starting your SOX compliance project to insure there is a fresh and complete approach to your SOX compliance on an annual basis:
· Hold a detailed planning meeting:
-Have there been any major changes in the business that could have an effect on the control environment:
-Shift in business model?
-Changes in the economy and / or industry?
-Increase / decrease in division profitability?
-Any change in major customers?
-Have there been any changes in scope?
-Any changes in key personnel?
· Conduct a detailed review of the processes from a “fresh set of eyes” concept, including:
- Walk throughs of the documentation with the process owners, noting changes, where necessary
-Re-evaluate the design of the key controls
-Update test plans, as necessary
Making the above items an integral part of your Sarbanes-Oxley compliance project can help keep your SOX “fresh”! Contact me today for more information regarding SOX compliance. I would be happy to help.