The Sarbanes-Oxley Act
(Sarbox) is said to have the single
biggest impact on companies publicly
listed or exchanged in the US
since the 1930s. Sarbox applies
to every US registered public
company and its subsidiaries anywhere
in the world.
The Act is about:
|
Corporate
governance |
|
Financial reporting |
|
Executive conduct |
|
Internal controls |
|
Section 302 Certification
of disclosure controls |
|
Section 404 MD&A
internal control attestation |
Sec. 302 (Quarterly
Statement)
|
Signing officers
are responsible for |
|
Designing of internal
controls |
|
Establishing and maintaining
of internal controls |
|
Evaluating the effectiveness
of internal controls |
|
Presenting conclusions
of internal controls |
|
Signing officers must
confirm that they have disclosed |
|
Significant deficiencies |
|
Fraud |
|
Significant changes |
Sec. 404 (Annual Statement)
|
Management
states responsibility for
establishing and maintaining
internal controls |
|
Statement contains an
assessment of the effectiveness
of internal controls |
|
Outside auditor performs
attestation of managements
assessment |
Section 404 requires the management
of public companies specified
by the Act to assess the effectiveness
of the organizations internal
control over financial reporting
and annually report the result
of that assessment.
The US Securities and Exchange
Commission (SEC) has mandated
the use of a recognized internal
control framework. The SEC in
its final rules regarding the
Sarbanes-Oxley Act made specific
reference to the recommendations
of the Committee of the Sponsoring
Organizations of the Treadway
Commission (COSO).
The Sarbanes-Oxley Act requires
organizations to select and
implement a suitable internal
control framework. COSO, Internal
ControlIntegrated Framework,
has become the most commonly
adopted framework.
COSO
|
3 primary
objectives |
|
Operations business
processes, asset protection,
security |
|
Compliance legal, regulatory,
industry |
|
Financial reporting
legal, regulatory, industry |
|
5 primary components |
|
Control environment |
|
Risk assessment |
|
Control activities |
|
Information & communication |
|
Monitoring |
Note: As COSO is a broad framework,
COBIT (Control Objectives for
Information and related Technology),
published by the IT Governance
Institute, is used as the basis
to establish further IT control
detail.
SafeComs helps companies to
comply with section 404 of Sarbox.
Issues you may be facing
|
You do not
have the expertise, quantity
of resources or skills in-house
to plan and deliver a major
controls project |
|
You have not yet started
your readiness efforts and
require support to initiate
the project and meet the
deadlines |
|
While you have decided
to undertake the project
in-house, you require technical
support and guidance |
|
Your initial attempts
at documenting and evaluating
controls have produced inconsistent,
often poor quality results
and your staff need support |
|
You want to understand
what constitutes best practice
in this area and learn from
other projects |
How we can support
you
|
Avoiding damage
to shareholder value resulting
from failure to achieve
a clean certification |
|
A properly planned and
executed project will increase
the likelihood of achieving
compliance within the timescales
set |
|
Involvement of experts
in documenting controls
will improve the quality
of your documentation and
increase the potential for
deriving value from the
process |
|
Involvement of an external
firm helps to release internal
resources to concentrate
on your core business activities |
|
Involvement of experienced
outside resources will help
you understand the issues
more quickly, and will help
properly embed this legislation
within your business |
SafeComs' Sarbox readiness
services include
|
Project management
activities |
|
Technical support - scoping,
documentation, evaluation,
reporting |
|
Risk assessment |
|
Change management |
|
Training |
|
Assessing the control
environment |
|
Documentation support |
|
Design and execution of
solutions |
|
Quality assurance and
review activities |
|
Process improvement |
|
