The Sarbanes-Oxley Act of 2002 (often shortened to SOX ) is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practice on the enterprise, as well as improve the accuracy of corporate disclosures. Section 404 of Sarbanes-Oxley mandates public companies to issue an internal control report that contains management’s assertions regarding the effectiveness of the company’s internal control structure and procedures over financial reporting. The steps leading to the company’s assessment can include:
· Documenting the company’s processes through narratives, flowcharts, and / or matrices
· Identifying and documenting the key controls present to prevent financial statement errors
· Evaluating the design of the key controls
· Perform testing on the effectiveness of the key controls
· Evaluating the results of the testing
Proper planning for Sox projects is the key to making them run smoothly and efficiently. This compliance work of documenting and testing the internal control structure can be an arduous task, and can be very time consuming for both the client and the SOX service provider. Proper planning can ease the pain of of this work and help avoid any unnecessary bumps in the road.
Keys to proper planning:
· Effective communication is often a key element in the proper planning and successful completion of a project. Communication of the plan up-front, including timing and expectations, as well as ongoing communication of the progress during the project are essential to keep the project on track.
· Well in advance of starting the project, hold a detailed planning meeting with all key personnel covering various topics such as: changes in the business that could have an effect on the control environment (i.e. change in major customers, major acquisitions, etc.), changes in key personnel, discussion of the company’s risk assessment (have this document updated with the latest financial information prior to this meeting to allow for analysis), and changes in scope.
· Plan the fieldwork around the work load of the client – avoid being on-site during the busiest times for the client, such as, month-end close, quarter-end filing deadlines, etc.
· Properly plan the staffing of the project – ensure knowledgeable well-trained staff are ready and available to meet the client’s needs (i.e. plan for success and succeed in meeting the plan).
· Do the little things well that will ensure the proper completion of the project with as little disruption to the client as possible. One good example of this – during fieldwork, compile a list of questions / issues to discuss with client personnel and go over them all at once, instead of interrupting the client multiple times for each individual question. Another example is to coordinate sample selections between the Sox service provider and the external auditor to minimize management and staff time in pulling information and answering information.
In short, proper planning can help your SOX project run as smoothly as possible to the benefit of all parties involved. Contact me directly for assistance with your planning and your SOX project. Shoot me an email now at DGruber@HolbrookManter.com or call me at 614.494.5300