Sarbanes-Oxley
Harlaw Associates has been working with Sarbanes-Oxley projects since 2003, and can bring a wealth of expertise to your company's compliance project. Read on for more information about Sarbanes-Oxley, or find out about our approach. If you have any questions or would like to know more, please contact us.
What is Sarbanes-Oxley?
Major corporate accounting scandals in early 2002 resulted in very significant investor losses, with public markets suffering significant declines in share value across the board due to loss of investor confidence
To restore investor confidence, the Securities and Exchange Committee (SEC) and U.S. Congress implemented the Sarbanes-Oxley Act, which makes significant provisions on how companies must operate. In brief, Sarbanes-Oxley:
Prohibits accounting firms from providing certain services to audit clients.
Requires board of directors approval of permitted non-audit services performed by auditors.
Requires management to certify completeness and accuracy of all disclosures of business activity.
Requires the company to certify that it has adequate internal controls over financial reporting.
Requires the company auditor to attest that the board's internal control certification is accurate.
What does this mean for my company?
Public US companies and non-U.S. companies with a US presence are affected by SOX. SOX is all about corporate governance and financial disclosure — all publicly-traded companies in the US are required to submit an annual report of the effectiveness of their internal accounting controls to the SEC. Additionally, any companies that have US debt must comply with the Sarbanes-Oxley act.
One of the key requirements of Sarbanes-Oxley is that a company must assert that it has adequate internal controls over financial reporting. In order to support this assertion, your company must maintain adequate documentation of control procedures and performance. These documents will be required by any SOX auditors to perform independent assessments of your assertion.
What this means in practice, is that you must:
Establish a standard to measure the effectiveness of control procedures
Establish a process to evaluate control effectiveness and to monitor internal control performance
Our approach to Sarbanes-Oxley
Process documentation and process testing are fundamental to any SOX attestation. We will minimise the burden on your operations by gathering all the necessary information to produce your SOX process documentation, without any major impact to your operational resources.
We'll produce your SOX process documents "off-line", again with minimal interruption to your day-to-day business processes. The documentation we deliver will include an evaluation and testing plan: once we have confirmed the documentation with you, we will then perform the testing on your behalf.
After the initial documentation and testing phases are complete, ongoing process evaluation and testing are required as part of your annual SOX attestation. Again, we will agree a testing schedule with you, perform the evaluation and present the results.
Initially we will review your financial process universe and perform a three-dimensional Boston square analysis on your processes with the three axes of impact, probability and value. We can then prioritise which processes to document and test first.
We will use our project / programme management expertise to develop an encompassing programme to meet your needs. For mature SOX clients, we'll develop a testing schedule with you and then implement the tests as per the agreed schedule before presenting the process evaluation results.
