Sarbanes-Oxley (SOX) Readiness & Compliance
Several large accounting scandals in the early 2000s spurred the need for additional regulation of public companies. In response to these scandals, the Sarbanes-Oxley Act Of 2002 (“SOX”) was signed into law July 30, 2002 in an effort to provide greater investor confidence and reduce accounting fraud and malpractice.
Public companies are required by U.S. law to be in compliance with SOX, though the level of compliance required varies depending upon company size and stage of growth.
We establish your IT Controls using a risk-based approach. When first establishing internal controls, start by looking at your financial statements and determine the areas that are at greatest risk for material misstatement. Use this knowledge to guide you as you determine the needed number and type of controls for your company. Establishing IT controls using this top-down approach should help to reduce the overall number of controls needed and should help reduce the risk of scope-creep.
Hire A Professional Services Firm To Help You Create A SOX Program
The cost of hiring a professional service firm to aid in the creation of your SOX plan and the subsequent implementation of that plan may seem expensive at first. However, foregoing the help of properly trained professionals can result in even higher costs than what would be incurred from hiring professionals in the first place. To be more specific, the combined costs of the initial setup without the help of professionals, and the subsequent corrective changes, will likely exceed the costs of setting up a system correctly the first time with the assistance of third-party professionals. These subsequent changes often need to be made to fix a system that has been set up incorrectly or inefficiently.
BOLD&Digital can help you
BOLD&Digital utilizes the following five steps as a guide to make your company SOX compliant :
- Plan, perform risk assessment and define scope
- Document significant processes and related entity-level, financial, application and IT General controls
- Identify key internal controls covering financial statement assertions
- Assess design effectiveness of internal controls, including document walkthroughs for reliance by auditors
- Perform and document internal control operating effectiveness testing
- Evaluate individual and aggregate deficiencies and consult on remediation actions
- Report results to process/control owners, management, and Audit Committee
Our methodology to make your company SOX compliant
We find out how you are currently doing. We should perform a test of your controls to find errors.
We make a plan to fix all of the errors we have found and set a specific timeline to finish the remediation.
We perform walkthroughs and that will allow us to determine the nature of your controls, and to better understand your processes. This provides a map for understanding and establishing better controls as well.
We use all of the work we have completed up to this point to now fix any control deficiencies that were discovered.
We determine how successful your efforts were, and if there are any other areas that still need to be addressed.