Sarbanes-Oxley 合规 服务
Since it was enacted, the Sarbanes-Oxley (SOX) Act has resulted in significant changes to the corporate governance 和 financial reporting requirements of public companies. Section 404 of the SOX Act requires public companies to certify to the effectiveness of their internal control over financial reporting. The external auditors of public companies must then provide an opinion on the effectiveness of each company’s internal control.
To prepare for this certification, public companies must develop a compliance plan that includes the appropriate steps to ensure that significant risks have been identified 和 assessed 和 that key internal controls are in place to mitigate the significant risks.
The process of preparing for Section 404 requires public companies to have specialized knowledge of the requirements of the SOX Act, the COSO Framework, 和 the internal control auditing methodologies followed by financial statement audit firms.
LBMC has extensive experience with both Section 404 of the SOX Act, the COSO Framework as well as external auditing st和ards. We have assisted numerous companies of various sizes 和 in a variety of industries with their SOX compliance requirements since the initial year of SOX compliance for accelerated filers in 2004.
LBMC SOX 合规 服务
LBMC provides a variety of readiness services based on the needs of each company. The services that we typically provide include one or more of the compliance phases described below:
- Documentation 和 Assessment of 合规 with the COSO Framework
- Risk Assessment Facilitation
- Documentation of Significant Processes 和 系统s
- Financial Reporting Risk 和 Internal Control Assessment
- Internal Control Testing 和 Reporting of Testing Results
- SOX Readiness Team
Featured Blog Posts
Documentation 和 Assessment of 合规 with the COSO Framework
We assist clients with documentation 和 assessment of compliance with the COSO Framework, completion of the COSO Framework templates, 和 assessment of control gaps. 除了, we provide entity-level control testing services for key governance controls identified when assessing compliance with the COSO Framework.
Risk Assessment Facilitation
When assisting clients with a risk assessment, we follow a top-down, risk-based approach to ensure that future compliance efforts focus only on critical processes 和 systems. The purpose of the risk assessment is to identify the significant financial processes 和 systems that will be documented 和 tested as part of the SOX compliance process.
We work alongside your internal audit department to underst和 the systems that generate your financial reporting 和 assess your risks related to reliability 和 accuracy of financial reporting. 然后, we develop a list of internal controls that are or should be in place to safeguard the financial reporting process.
Documentation of Significant Processes 和 系统s
We can effectively document an organization’s significant processes 和 systems in an efficient manner. This phase of the SOX compliance process is often cumbersome due to the detailed interviews 和 documentation efforts that are necessary for all significant processes 和 systems.
By maintaining continuity on your SOX audit engagement year after year, our auditors develop a deep level of familiarity with your processes 和 systems, 和 you don’t have to waste time re-training our team members. This level of familiarity enables not only the most efficient SOX compliance but also strong working relationships.
Financial Reporting Risk 和 Internal Control Assessment
As we develop our underst和ing of our clients’ critical processes 和 document the related systems, we will assess the key risks inherent within each process to determine which key risks would most likely prevent the related processes from meeting their objectives. We will then underst和 和 assess the key controls in place to mitigate those risks. We will then report any control gaps for remediation.
Internal Control Testing 和 Reporting of Testing Results
After the key internal controls are identified, we work with our clients to develop testing plans to assess the operating effectiveness of those controls. 在这一阶段, we will communicate frequently with the related financial statement auditor to ensure we agree to the controls being testing, the frequency 和 timing of the testing, the documentation to the testing 和 the related testing sample sizes. Communication is critical during this phase to ensure all parties are on the same page.
During the testing, we provide frequent updates to client management to ensure all control deficiencies are known 和 corrected as soon as possible. 除了, 在测试之后, we will provide formal reporting to management 和 the related audit committee, 如果请求.
