Audit Committee: Having an audit committee consisting of non-executive board members is a must for every public company. Section 301 and Audit Standard 5, requires that the audit committee approve the hiring, scope and remuneration of the company’s auditing firm. All audit committees must have a documented audit committee charter which should describe the committee duties, responsibilities and its rights.
Code of Ethics: Implement a Code of Ethics for the key financial executives as well as other employees and stakeholders including vendors. It is a prudent practice to have key financial executives signs a declaration that they understand the code of ethics on an annual basis.
Implement a Hotline & Whistleblower Policy: Implement a hotline and ensure that your company has a whistleblower policy and it is communicated to all stakeholders. Companies should encourage their employees to raise serious concerns within the organization prior to seeking resolution outside of the organization.
Implement, Document, and Test Controls: The most important provision of the Sarbanes Oxley Act is Section 404. Companies are required to identify, document and test their key internal controls over financial reporting. CEO and CFO generally issue a Section 302 certification based on the testing of controls as required by section 404.
Implement a workpaper storage policy: Many companies are required to maintain their important documents for IRS purposes after the period end close. Sarbanes Oxley Act imposes additional responsibility on these companies. It is advisable that companies have a document policy and adequate storage facilities to preserve electronic and paper documents for a definite period of time.
How Prolianze Can Help?
Identify, Document, and Test Key Controls: Prolianzeadopts aunique approach towards identifying and documentingkey controls for small and emerging public companies. Small and emerging companies often have issues like segregation of duties and inadequate financial reporting controls due to lack of staff or multiple tasks performed by key individuals. We have experience working in these situations and our approach towards Section 404 compliance assist companies at a reasonable cost and get some value out of the SOX compliance.
We make an effort to understand the company’s business and evaluate what controls can be tested with the available documentation. This approach works best as we test only those controls that can be passed during the Phase I of our testing. Every effort is made to identify, any control gaps and opportunities to enhance controls during the planning phase and management is advised to address that so our professionals can test those new / enhanced controls prior to year end.
Prolianze has assisted several companies with their SOX assessment efforts, including documenting key controls, testing controls, assisting with the remediation of identified failure of controls, and so on. During the course of assisting our clients, we have worked with premier accounting firms, which has led us to develop an eight-step approach to ensuring compliance with Section 404.
Perform entity level control testing at front end to assess the control environment.
Identify materiality threshold, including qualitative factors, as defined by SEC Staff Accounting Bulletin 99.
Identify key accounts that could result in material misstatement of financials at both the financial statement and disclosure levels.
Map the business processes to key accounts, highlighting key control activities.
Identify controls that mitigate the risk of material misstatement in financials in the major processes.
Test key control activities for each business process and location that falls within the scope.
Evaluate control gaps in line with other mitigating controls and assess the overall exposure of material misstatement to the financial statements.
Assist management in mitigating the control gaps and test the remediated controls.
Help you establish Audit Committee? We can help your organization with the establishment of the audit committee. We have access to range of professionals who may be willing to accept a non-executive board position with your company for a retainer. Often times we reach out to our key professional at our existing clients and present a prospect of accepting a non-executive board position. Our role is just of a match maker. The final decision is between the company and the potential board executive.
Board Assistance: We help companies establish their T&E policies, audit committee charters, code of ethics, and so on. We have sample templates for all these documents which can be customized to suit your needs. We also help audit committees with the execution of its monitoring or corporate governance responsibilities as defined by it charter.
Following numerous accounting scandals including Enron, WorldCom and Tyco International, the U.S. Federal government passed the Sarbanes-Oxley Act of 2002. Sarbanes-Oxley, otherwise known as SOX, regulates financial accountability and information accessibility. It enhances standards for both public companies and public accounting firms. The Sarbanes-Oxley Act is designed to protect the interests of employees, vendors and investors. Any corporation failing to meet minimum compliance requirements, and any executive held accountable under its provisions, can now face criminal charges including, but not limited to, incarceration.
For those that do not know, SOX outlines several organizational and operational compliance mandates management must fulfill to demonstrate its control over financial reporting. These include external auditor affirmation as to whether or not the company and its management team has effective internal financial reporting controls in place and affirmation of the level of accuracy reflected in the company's financial statements. Extensive, and quite costly, regulations mean external auditors must clearly understand transaction flow. They also require routine fraud risk assessments, accurately evaluate and assess the effectiveness of internal, company-wide fraud detection and financial reporting controls.
Why IT Controls is So Important When Complying with Sarbanes Oxley
Just as significant as organizational and operational controls, if not more, so are the information technology mandates SOX introduces. Under the Act, ultimate responsibility for data management, security, reliability, integrity and accuracy reside collectively with the Chief Information Officer (CIO), the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO). Pursuant to Sarbanes-Oxley, the CIO is accountable for the systems that control and report financial data, while the CEO and CFO are accountable for actual financial reporting.
Electronic document archive and retention play a key role in SOX compliance, with everything from Word, Excel and PowerPoint files to instant messages and email communications in question. It's not enough anymore to simply store these documents. Public corporations must have an effective data management solution in place guaranteeing retrieval in a timely fashion. This means full lifecycle management, from document creation and retention to auditing and destruction. Under the Act, wrongful business record deletion can result in serious legal ramifications.
Here Are My Top Tips to Help You Comply with Sarbanes Oxley
While there are broad-reaching measures corporations could take to ensure compliance, the Act boils down to three core issues: 1. Documentation 2. Control 3.Accountability.
All corporations should take the following steps toward Sarbanes-Oxley compliance:
Develop a corporate accountability structure ensuring proper oversight and ownership
Implement a solid technological structure promoting effective and efficient compliance processes
Invest in one, united, web-based financial and non-financial information source offering real-time, or immediate, access to applicable stakeholders
Expand information flow and collaboration
Document accurate and timely financial reconciliations using Excel, Access or other customized technology solutions
Encourage employee evolvement and concern escalation
Document IT systems' usage rules and develop a financial information audit trail
Introduce in-house auditing procedures
Implement risk-rating processes for all financial accounts
Understand and map financial reporting process, IT systems and internal controls
Identify financial reporting, IT and internal control risks
Adopt a continuous improvement process
Document and test controls
Perform and update controls assessments corresponding with any financial reporting process changes
When corporations thoroughly understand Sarbanes-Oxley and implement strategic processes within both the IT and finance departments, they not only ensure compliance, but they also promote fairer, more uniform disclosure practices and clearer accountability lines.
Article Source :
About Author
Both Prahalad & Tim Rhodes are contributors for EditorialToday. The above articles have been edited for relevancy and timeliness. All write-ups, reviews, tips and guides published by EditorialToday.com and its partners or affiliates are for informational purposes only. They should not be used for any legal or any other type of advice. We do not endorse any author, contributor, writer or article posted by our team.
Prahalad has sinced written about articles on various topics from . About Author: The Author is the co-founder the Prolianze Group, LLC and heads up the Risk and Compliance Services at Prolianze. Based in Fort Lauderdale, he is responsible for. Prahalad's top article generates over 9900 views. to your Favourites.
Tim Rhodes has sinced written about articles on various topics from Software, Strategic Planning. Data Protection Expert, Tim Rhodes has helped hundreds of companies just like yours protect their most valuable asset online. Now, you can discover if you’re doing everything you can to. Tim Rhodes's top article generates over 9900 views. to your Favourites.