SOX is comprehensive legislation entailing 11 titles consisting of 66 sections. While most of the attention has been on Section-404 pertaining to financial reporting controls, the reality is that this is simply one of 66 sections. Still, SOX-404 remains a ripe opportunity for companies to streamline their efforts thus saving money while still being able to effectively conclude on the adequacy of their financial reporting controls.
Contact us now to learn about our cost-effective Sarbanes-Oxley approach and results!
Conquering Section 404 in a Cost-Effective Manner
Under Section 404 of SOX, management is responsible for assessing their internal controls over financial reporting to identify material weaknesses, remediate them, and conclude if any still exist as of the end of a public company’s fiscal year. This responsibility includes compliance planning, documenting internal control design, risk identification and assessment, evaluating the design, testing the controls, correcting weaknesses, and reporting on the results. A key challenge is identifying all material weaknesses over financial reporting, correcting them, and retesting to help ensure that the external auditor will be able to render an unqualified ‘clean’ opinion. The delicate balance management faces requires walking a fine line between noncompliance and over-compliance. An adverse audit opinion can have negative public relations and valuation consequences, while over-compliance can be a waste of resources. The key is finding the optimal balance and securing resources who can add business value beyond strict-compliance.
Kral Ussery LLC provides a full range of SOX-404 services including:
Do not leave your SOX compliance efforts in the hands of a consultant looking to simply bill hours. Instead look towards Kral Ussery LLC as a CPA firm to provide advice, training and tools to clients to become more self-reliant. We are passionate about your success, knowing that our success follows.
Knowing that the scope of Section 404 is internal control over financial reporting, one must also consider the technology ramifications. Information technology (IT) is a key foundation of an effective system of controls and is therefore very relevant to the 404 process. The SOX 404 attestation process by external auditors requires confidence in the IT systems which house, move, and transform data. Many of today’s concerns center around general IT controls such as data backup, recovery procedures, access security, and change-management procedures to protect the integrity of business records as it rolls up into the financial statements.
Now more than ever the accounting side of the house must closely work with the IT shop on the intricacies of internal control documentation, risk assessment, testing and remediation. An integrated approach for addressing both IT controls and non-IT controls, while also facilitating a continuous-monitoring environment for periodic management certifications (Sections 302 & 906) and current reports (Section 409), is a best practice.
A Comprehensive Understanding Well Beyond Section-404
SOX has an impact on all types of organizations, especially public companies. SOX does not have to be painful and destroy value. On the contrary, SOX should be implemented in a cost-effective manner to add value and provide reasonable assurance in mitigating a wide variety of risks. Kral Ussery LLC is here to work with your team, as an advocate for you, and we can provide you with assistance as you need it.
Kral Ussery LLC works with companies to plan and execute SEC, SOX, XBRL and other compliance requirements in an effective manner. We take a holistic approach rather than working in silos. Identifying roles and responsibilities to address the applicable sections of SOX from the universe of 66 sections is critical. This is what separates us from many competitors as we provide a full range of SOX services to help ensure that companies comply fully with the relating SEC rules and regulations.
While SOX-404 garners the most attention, our team also provides comprehensive SOX-302 services such as designing disclosure controls, disclosure control documentation, and evaluation assistance. Indeed disclosures within the management discussion and analysis (MD&A) sections of period reports, as well as proxy statements, continue to receive significant SEC scrutiny. Having robust disclosure controls can be the difference between keeping within the good graces of regulators and being subject to a wide range of adverse regulatory and legal actions.
It is a misperception to believe SOX only applies to publicly traded companies. True, most sections, like 301, 302, 401, 404, 406, 409, and 906 explicitly apply to companies that file reports with the SEC under the 1934 Act. However other sections, such as altering, concealing and destroying documents (802 & 1102), criminal fraud offenses, including mail and wire fraud (902 & 903), Federal Sentencing Guidelines (905 & 1104), and retaliation against informants (1107) apply to all companies and nonprofit organizations.
We understand the comprehensive nature of SOX and help organizations prepare for all SOX sections. This includes:
Call upon us for the advice, training and support to help make your SOX efforts more efficient and effective.