A company's internal control system (ICS) consists of systematically designed technical and organizational rules and controls that serve to comply with guidelines and prevent damage caused by its own staff or malicious third parties. These measures can be carried out both process-independently and retrospectively, for example by internal audit, as well as process-dependently as preventive rules. Control models such as COSO or COBIT are often used as the basis for an ICS.
Our SOX compliance methodology is grounded in industry-recognized frameworks and is based upon the top-down, risk-based approach that helps organizations adapt to the increased complexities of today's business environment.
Who runs the SOX 404 process?
Typically Finance or Internal Audit runs the program. Smaller companies often outsource or co-source the 404 compliance process because
of the expertise and bandwidth required in a short time to successfully implement the program.
Regardless of whom you use, in-house resources or co-sourced service provider, the best practice is to have them report directly to the Audit Committee. They can report dotted line to the CFO because of day-to-day interactions. The external auditors are more likely to place more reliance on the work performed by an independent person/team if they report directly to the Audit Committee. Within SOX 404, Legal needs to own the company wide policies such as Employee Code of Conduct, Insider Trading, and FCPA.
What is the suggested SOX 404 implementation approach?
To align with SOX regulation law, IT departments must be familiar with the security, access privilege, and log management standards required for their
financial records. The first step in cementing SOX internal controls is creating "control environment", which should:
1. Acknowledge the need for increased transparency, internal balances, and regulation.
2. Strive to perform control actions that mitigate risk and ensure the inviolability and reliability of financial information.
The key to success in the first year is training and education. For younger companies, many of your employees may not have worked for public
companies or are new to the SOX process. The more Legal and Finance communicate and train, the easier the adoption and implementation.
How long does SOX 404 compliance take?
SOX compliance can take 6 to 12 months, depending on how intensely you want to focus. The Gantt chart below is a sample 12-month timeline for the
planning, documentation, walk-through, testing and wrap up assuming SOX 404a and 404b compliance.
What is the typical plan for SOX compliance?
Below is a more detail break out of the steps for SOX compliance. We also show you the deliverables or output that is typical at each stage.
Our SOX compliance project management and implementation services include:
- Scoping and materiality
- Identifying key entity level and financial statement controls based on COSO framework
- Performing process reviews with business process owners
- Documenting control matrices, narratives and flow charts, and performance of cycle walkthroughs
- Creating testing plans and determining appropriate sampling sizes
- Performing quarterly/monthly testing, analysis of exceptions/deficiencies, remediation and magnitude/likelihood of misstatement, identifying corective action steps
COSO Framework implementation
From COSO framework implementation, SOX risk assessment and control rationalization to documentation and testing management, we help our clients
comprehensively adhere to their SOX 404 compliance while substantially reducing costs.
What SOX Compliance Means for IT teams
In a SOX IT audit, the IT department proves compliance by providing documentation showing that its employer has met mandated financial transparency and data security thresholds.
Adan Corporate's Value Proposition
Our experts partner with clients on SOX assesments and implementations, providing perspective not only on immediate value and impact, but on long-term implications. We work closely with management and other advisers to leverage and complement their knowledge and ensure maximum impact, and actively support implementation and skill building.
Adan Corporate's Approach to SOX implementations:
Our approach applies a top-down risk-based methodology that helps clients focus on the right risks and maximize efficiencies. We provide a full range of
SOX advisory services, which address your business and compliance needs:
+ End-to-end SOX project management
+ Conduct risk assessment (as required under AS-5)
+ Assist corporates to document and evaluate internal controls
+ Document "as-is" processes throughout the organization, assess gaps in controls, and determine appropriate steps to remediate control gaps
+ Perform key controls testing
+ Identify Best Practices that can be integrated across the organization
+ Assist in developing an internal control framework
+ Assist in developing a risk management framework
+ Train personnel on COSO, methods of documenting controls, etc.
+ Reinforce continual improvement and analysis process
+ Institutionalize self-assessment
Adan Corporate's SOX implementation models
To help your organisation to ensure SOX compliance, our team can take on as much or as little of your SOX project as needed. We provide complete
compliance departments, interim consultancy or help with SOX testing. We also understand the importance of collaborative relationships with client
teams, audit committees and external auditors.
Are you growing rapidly and trying to scale your business without adding headcount?
Adan Corporate's outsourced SOX Act
compliance services are the solution for you. We will create and manage a SOX compliance program that meets your auditor's requirements and
drives bottom-line value for your company. Specifically, Adan Corporate provides SOX program design, testing and reporting to audit committees,
utilizing the latest workflow solution to streamline the processes for our clients.
Do your team need the skills and experience to implement without complete outsourcing?
Through our co-sourcing services model for SOX compliance, Adan Corporate work with your SOX program manager to assess current processes.
We evaluate your management team's approach and utilize technology to determine where streamlining updates can and should be made.
This hyper-focus on continuous improvement helps us to ensure that your risks are fully mitigated and your operations are as cost-effective as possible.
Are your employees being pulled in too many directions and stretched too thin?
SOX compliance is a necessary cost of doing business for public
companies, but is your team drowning from the reporting workload? To ease the pain, Adan Corporate provides skilled professionals
with Sarbanes-Oxley Act compliance expertise. Employ us as an extension of your in-house team and we'll hit the ground running to ease the overtime
pressure on your team.
Services Offered
1) Implementation and maintenance of sustainable SOX 404 compliance programs, including:
- Readiness assessments
- Documentation and testing assistance
- Sustainability assessments
- Training to support a successful SOX 404 compliance program
2) SOX documentation of control environments, including:
- Network diagrams
- Process flow charts
- Narratives for general computing controls
3) Comprehensive risk assessment, including:
- Identifying processes
- Entity-level controls
- Business controls, and information technology (IT) general controls
- Identifying key and missing controls
4) Identifying and documenting financial reporting processes, including:
- Testing key controls and documenting results
- SOX risk testing in order to minimize waste and cost while ensuring compliance
- Developing a customized SOX process based on unique requirements
- Remediation of control gaps
We have deep experience of assisting clients through all stages of SOX implementation from the initial scoping of the project to identify areas and processes that would fall within the project to intelligent design of improvements to those processes and controls to enable SOX compliance to be achieved in the most efficient manner practicable.
To help your organisation to ensure SOX compliance, our team can take on as much or as little of your SOX project as needed. We provide complete compliance departments, interim consultancy or help with SOX testing. We also understand the importance of collaborative relationships with client teams, audit committees and external auditors.
Our team includes technology experts and leaders with significant first-hand experience from several SOX engagements. Using our proprietary, proven methodology and extensive, hands-on knowledge, our team serves a wide range of clients, including Fortune 1000 companies, in adding efficiencies and minimizing the additional costs of compliance efforts.