Sarbanes-Oxley Consulting and Implementation
Implementation - Planning and Documentation
The Sarbanes-Oxley Act of 2002 ("Sarbanes-Oxley" or "SOX") requires all public companies to comply with its provisions. With the exception of a delayed compliance date for non-accelerated filers, no exceptions were made for small businesses. Many small to mid-sized public companies do not have formal risk management programs that address the financial reporting internal control requirements of Sarbanes-Oxley. Also, these companies often do not have an internal audit department to test financial and operational compliance with rules and regulations, both internal and external. Additionally, many small to mid-sized public companies do not have the resources available to commit to the SOX implementation, or choose not to redeploy current individuals who are addressing strategic goals.
I will work with you to develop and implement your SOX plan for the initial year of compliance and the years that follow with as little disruption to your operations as possible. The goal is not to turn every employee into an auditor - but to have them understand their role within the company's control environment with their actions and the decisions that they make each day.
Just as the culture of each organization differs, my approach to SOX implementation will take company culture and resources into consideration. I will develop a SOX implementation plan that takes measure of the availability and experience of a client's employees so that the project may be completed efficiently and effectively. The development of the SOX implementation plan will include discussing the current control environment with management, the audit committee and/or board or directors and your external auditors. This is done so that the project is based upon mutually agreed-upon objectives and management has the information they need to assess the control environment within their organization.
Implementation - Test Design and Testing
The test design and testing of the identified internal controls by the company is required under the Sarbanes-Oxley Act of 2002. The testing results help management determine if the identified controls are working as intended. Any changes to the design of internal controls or improvements in the evidence that controls are in place and working as designed will be implemented based upon the results of testing. Testing is scheduled so that control deficiencies may be identified and resolved by management prior to the testing by the external auditors.
Implementation - Deliverables
I will deliver the following documents to each client. The list is not all-inclusive and will be tailored to each client's requirements.
- Sarbanes-Oxley Implementation Plan
- Planning Document
- Calculation of Materiality
- List of key accounts mapped to significant accounts and financial statement assertions
- Timeline and key delivery dates
- Control Environment Questionnaires
- Written Process Narratives
- Test Designs
- Written updates for the audit committee (if desired)
- Project Summary Report
On-Going Sarbanes-Oxley Services
Sarbanes-Oxley is not a one-and-done activity. Public companies need to continually monitor and evaluate their internal control structures. For small to mid-sized public companies without a dedicated Sarbanes-Oxley manager or internal audit department, this may be problematic. I offer on-going SOX services that include the re-evaluation of financial materiality, a review of significant accounts or operations, an update of process narratives and the related risks, controls and test designs and testing of internal controls.