Sarbanes-Oxley Related Services
The Sarbanes-Oxley Act has implications for almost everyone associated with US public companies, including related companies in Europe and other parts of the world.
What is SOX
The Sarbanes-Oxley Act of 2002 (‘SOX’)” entrusts the management of SEC registrants with the responsibility of annually reporting the effectiveness of their internal control structure and procedures for financial reporting, and attesting the financial statements. Senior management must provide assurance on the existence, adequacy and effectiveness of internal controls – and SOX also requires each firm’s external auditor to attest and report on management’s assessment.
Recent corporate scandals have eroded investor trust to some extent in corporate reporting. To reduce corporate malfeasance and protect investors, Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley) and Revised Clause 49 of Stock Exchange Listing Agreement were promulgated by the regulators in the Unites States and India, respectively. These legislations defined a new system of checks and balances to rebuild investor confidence.
Today’s corporate stakeholders expect greater assurance, more oversight and clear evidence of internal controls. The confidence of the investing community will only be restored after the gap between investor expectation, in terms of corporate governance and reporting, and what they have received in the past is bridged.
Sarbanes-Oxley and Clause 49 provides impetus to close the expectation gap by altering and expanding the responsibilities of key participants in the corporate reporting process. These legislations focus on improving the accuracy and reliability of corporate reporting.
IMPORTANT SECTIONS OF SOX
SECTION 302 – ‘Corporate Responsibility for Financial Reports’
This section makes it mandatory for the signing officers to certify that they have personally reviewed the statutory reports and are free from material misstatements and omissions. This has been included to bring an element of accountability on the part of top management, hence increasing the investors’ confidence in the reports. Top management also needs to certify that they have reviewed the internal controls existing in the organization and that has been done within a period of 90 days before the reporting date.
SECTION 401 – ‘Disclosures in Periodic Reports’
With the Enron Scandal, attention was drawn towards the Off Balance Sheet items and how Special Purpose Entities (SPEs) were used to inflate the stock prices. So this section comes into play and requires financial statements to present true and fair view of entity’s position. It requires financial reports to include all the off balance sheet (OBS) transactions.
SECTION 404 – ‘Assessment of Internal Controls’
This section is one of the most important sections as it speaks of the detailed assessment of internal controls in financial reporting process. As per section 404, management and external auditor are required to report about the adequacy of internal controls and its operating effectiveness over financial reporting. Based on their detailed analysis “Internal Control Report” is generated annually and produced before the shareholders. They are also required to comment upon the IT issues related to accounting matters. The costs involved with compliance of this section are very high which is justified with the long term results it brings by boosting the investors’ confidence in the entity.
SECTION 802 – ‘Criminal Penalties for Altering Documents’
SOX impose strict penalties in case of violation. Any kind of alteration of original documents can lead to imprisonment up to 10/20 years depending upon the facts of the cases. Further penalties can be levied by way of imposition of fines as well.
Our team have a range of certifications and qualifications including:
- Certified Information Systems Security professionals (CISSP)
- Certified Information Systems Auditors (CISA)
- Certified Information Systems Security Managers (CISM)
- ISO 27001 qualified lead auditors
- Certified International Privacy Professionals (CIPP)
How We can Help:
Companies struggle to meet the challenges of increased regulatory compliance while focusing on core business issues and cost reduction in a challenging marketplace. Vittoba can help an organization focus on core value-added processes.
Vittoba has a good history of providing internal audit services, including those with a focus on an organization’s financial statements and internal control environment. To date, Vittoba is providing similar services to major corporates across EU.
The significant experience gained by our professionals through previous US SOX advisory services, including project management, control documentation review and ICOFR testing, and other internal control assistance has helped Vittoba deliver quality and relevant services as an independent service provider.
Our services can be tailored to individual client needs through readiness assessments, documentation and testing assistance and sustainability assessments. We can assist with the scoping of an overall US-SOX plan and approach, test the design and effectiveness of internal controls to evaluate your current state, and management reporting on evaluation of ICOFR. In each of these services, Vittoba will work closely with clients to establish compliance programs, transfer knowledge and provide training to support a successful SOX compliance program.
Our service offerings cover the entire SOX Compliance lifecycle, including continuous monitoring and review:
PROJECT MANAGEMENT :
We can help your Project Management Office in executing a project charter, building the project team and performing an enterprise risk assessment, providing ongoing service to manage your SOX compliance including control executions, audit coordination, evidence collection and necessary compliance reporting.
TECHNICAL ADVISORY :
Our experts will help you provide the required inputs to design controls, implement them and manage them to address the related risks.
DOCUMENTATION & REVIEW :
We can assist you in documenting controls, SOPs, flowcharts and narratives, defining test cases& test plans, creating risk and control matrix and planning any remediation / mitigation activity that may be needed. Alternatively, we can provide an independent review of existing documentation, assisting corporates to document and evaluate internal controls.
CONTROL TESTING :
We can assist you by providing assistance in developing Internal Control Framework, performing key controls testing, providing assistance in developing Risk Management Framework and also carry out an independent evaluation of both the design and the operational effectiveness of internal controls.
ONGOING SOX COMPLIANCE :
Our flexible resource pool can also help you to cope with the fluctuating resource demands of ongoing testing and certification – riding out the peaks and troughs of SOX activity with minimal impact on your business, SOX Compliance lifecycle, including continuous monitoring and review.
TRAINING PERSONNEL :
Training personnel on COSO, COBIT, Organization’s internal control framework, methods of documenting controls, SOX control awareness etc.