By: David J. Gruber, CPA- Director of Risk Advisory Services

The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practice on the enterprise, as well as improve the accuracy of corporate disclosures.  Section 404 of Sarbanes-Oxley mandates public companies to issue an internal control report that contains management’s assertions regarding the effectiveness of the company’s internal control structure and procedures over financial reporting.

Section 404 also requires the company’s auditor to attest to the effectiveness of the company’s internal control over financial reporting in accordance with standards established by the Public Company Accounting Oversight Board (PCAOB). The Committee of Sponsoring Organizations (COSO) published the 2013 Internal Control – Integrated Framework (The COSO Framework) which is an update of the original 1992 version. The COSO Framework is recognized as the leading framework for designing, implementing, and conducting internal control and assessing the effectiveness of internal control. The COSO Framework can be utilized as a guide in implementing and sustaining a successful SOX compliance program.

What are the key elements of a successful Sox compliance program?

The following items can be the foundation for your successful Sox compliance program:

• Properly plan and manage the project to ensure efficient use of internal and external resources.  Proper planning can include a risk assessment, discussions with client regarding processes and controls, and walkthroughs with the process owners.  Effective communication is often a key element in the proper planning and successful completion of a project.  Communication of the plan up-front, including timing and expectations, as well as ongoing communication of the progress during the project are essential to keep the project on track.
• Document the company’s processes through narratives, flowcharts, and / or matrices.
• Identify and document the key controls present to prevent financial statement errors.
• Evaluate the design of the key controls.
• Perform testing on the effectiveness of the key controls.
• Remediate control weaknesses uncovered through testing.
• Evaluate / communicate the results of the testing.

At Holbrook & Manter, we offer a risk-based approach to Sox compliance and offer a full range of services to help you with your Sox compliance program.