SOX Section 404: Management Assessment of Internal Controls
All annual financial reports must include an Internal Control Report stating that management is responsible for an "adequate" internal control structure, and an assessment by management of the effectiveness of the control structure. Any shortcomings in these controls must also be reported. In addition, registered external auditors must attest to the accuracy of the company management’s assertion that internal accounting controls are in place, operational and effective.

Thousands of companies now face the task of ensuring their accounting operations are in compliance with the Sarbanes Oxley Act. Auditing departments typically first have a comprehensive external assessment by a Sarbanes-Oxley compliance specialist performed to identify areas of risk – that is where ATIBA Technology Solution’s consulting specialists can help.

Preparing for a first SOX audit can be a daunting and time consuming task, undoubtedly it will be the most difficult you will undergo. And, once you have put in place your initial SOX compliance framework, the processes, technologies, and controls need to be kept up to date and current in order to remain in compliance for future audits.

By synchronizing people, technology and business processes, compliance with Sarbanes-Oxley can be readily accomplished. Frequently, specialized software is installed that provides the "electronic paper trails" necessary to ensure Sarbanes-Oxley compliance. Certification and specific public actions are now required by companies to remain in SOX compliance.

ATIBA’s SOX consulting professionals can provide you with the guidance you need to prepare your organization for your annual SOX audit. 

A typical Design Assessment for SOX readiness includes:

• Assisting the Client with its selection of the appropriate internal control framework by which the achievement of control objectives will be measured and provide training and education regarding the selected framework.

• Assisting the Client with its development and documentation of its control objectives, including those control objectives related to the Client’s disclosure controls. 

• Assisting the Client with surveys and interviews with process owners and subject matter specialists to understand and document the Client’s existing business processes, associated risks, and controls.

• Assisting the Client with the design of its initial assessment of control effectiveness and providing recommendations on ways that management may address/remediate control weaknesses.

• Assisting the Client with its deployment of a customized database or spreadsheet that is intended to serve as a repository for the documentation of the Client’s key business processes, potential control deficiencies, management’s prioritization, and follow-up action/remediation plans (the “Repository”).  ATIBA populates the Repository during the engagement with information provided by Client personnel.  The populated Repository is then be used by the Client in connection with its ongoing assessment, monitoring, and sign-off with respect to its internal control over financial reporting and disclosure controls processes. 

• Assisting the Client with testing controls in an effort to validate the identification of the potential control deficiencies as compared with a standard framework selected by the Client.  Tests of controls ordinarily include procedures such as inquiries of appropriate Client personnel, inspection of relevant documentation, observation of the Client’s operations, and reapplication or re-performance of the controls.

• Assisting the Client in the implementation of remediated processes or controls, the goals of which are to facilitate a reduction or elimination of control deficiencies.  Factors for the Client to consider in its selection of controls for implementation include cost/benefit analyses and other measures designed to balance the cost versus the benefit of the implementation of the controls.

Contact ATIBA today so that our consulting professionals can help you prepare to meet the requirements of your SOX audit. We can help you identify and implement the process and controls that need to be in place in order to mitigate your compliance risk.