Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley Act of 2002 established new or enhanced standards for corporate accountability as well as penalties for corporate wrongdoing.  The evolving regulations encompass a wide range of areas ranging from corporate financial reporting and disclosure standards to white collar crime penalties.  The Sarbanes-Oxley Act has set a new precedent with regards to Corporate Responsibility, Financial Reporting and Disclosure and accountability to shareholders.

Amongst its 11 Titles, the Sarbanes-Oxley Act established the Public Company Accounting Oversight Board, PCAOB, to oversee the audits of public companies and protect the interests of investors. Significantly impacting all SEC registered companies; the Act provides guidance in the following areas:

• Audit committee expertise, oversight and accountability

• Corporate responsibility for financial reports

• Enhanced financial reporting disclosures

• Management’s assessment of the effectiveness of the entity’s internal controls

• External auditor attestation of internal control effectiveness assessment report

• Disclosure of significant deficiencies and material weakness in the internal control environment

• White collar crime penalties

• Corporate tax returns

The PCAOB recently proposed accounting standards related to the requirements of Section 404 that covers internal controls over financial reporting. Section 404 of the Act requires the management of a public company to assess the effectiveness of the company’s internal control over financial reporting. A critical component of this assessment is the evaluation of underlying information technology controls. IT controls help to ensure that all transactions are accurate, valid and properly authorized. Additionally, Section 404 of the Act requires management to report on the effectiveness of internal controls and procedures for financial reporting as part of their annual report to shareholders.

Companies considered accelerated filers (seasoned US companies with public float exceeding $75 million) are required to comply with the internal control reporting and disclosure requirements of Section 404 for fiscal years ending on or after June 15, 2004. Other companies (including smaller companies, foreign private issuers and companies with only registered debt securities) have until fiscal years ending on or after April 15, 2004 to comply.

Adherence with the Sarbanes-Oxley Act clearly requires that a compliance process be established with ultimate accountability for compliance resting with the entity’s Officers and Audit Committee. Companies must have a robust internal control framework starting from the documentation of its internal controls through the evolution of their effectiveness and efficiency. The internal control framework must address financial as well as information system controls. Additionally, there must be a process in place to continuously monitor its control framework and report to management and the audit committee. The Committee of Sponsoring Organization (COSO) has been long recognized in the US as providing an effective framework to assess the entity’s control environment.

Enterprise Risk Management (ERM) provides risk management services including development and implementation of a Sarbanes-Oxley compliance process. Our consultants will facilitate an assessment of the company’s internal control framework and assist you with the development of business processes and control structure to ensure compliance. Additionally, we can evaluate the business risk environment and facilitate the development of action plans to mitigate these risks in an effort to minimize significant deficiencies and/or material weaknesses. ERM consultants’ expertise in the information technology area including application and general technical controls provides management the tools to assess the effectiveness of the company’s accounting and financial reporting systems.

Let Enterprise Risk Management help you navigate the myriad of requirements related to the Sarbanes-Oxley Act. If you would like detailed information on how Enterprise Risk Management’s team of professionals can assist you in achieving compliance, please call us directly at (305) 789-6662 or e-mail us at info@emrisk.com.