SOX made simpler: adopting best practices to reduce risks and costs
7th February, 2008
SOX made simpler: adopting best practices to reduce risks and costsIn a move intended to simplify compliance, the US’ Securities and Exchange Commission (SEC) has approved new interpretive guidance to help companies comply with Section 404 of the Sarbanes-Oxley Act of 2002.
The SEC’s Amendment to Rules Regarding Management’s Report on Internal Control Over Financial Reporting is intended to help companies focus on the internal controls that will best protect against the risk of a material financial misstatement.
In a related move, the SEC also adopted PCAOB Auditing Standard No. 5, An Audit of Internal Control over Financial Reporting That Is Integrated with an Audit of Financial Statements. AS 5, for short, replaced an equally lengthy-titled standard, AS 2.
AS 5 is now considered the standard for external auditors to follow for assessing internal controls over financial reporting.
“This new interpretive guidance creates flexibility for management in developing a strategy for how best to comply with SOX requirements,� says Chris Reece, senior manager with UHY Advisors’ Enterprise Risk Advisory Services (ERAS) practice in New York.
“Because AS 5 also prescribes a risk-based approach, a byproduct will be more efficient use of time for everyone involved in the compliance process.�
Reece adds that some companies anticipate that the new guidance will reduce compliance costs associated with Section 404 testing, as well as the costs of the external audit engagement. This is largely because the new guidance allows a more focused, risk-based approach. AS 5 also enables external auditors to rely on testing and other work performed by a company’s internal audit department or external SOX consultants.
However, Reece says that any prior issues – such as deficient approaches and methodology or material deficiencies – may conspire to reduce any cost savings. “In the future, there should be a likelihood of greater cost savings, particularly if best practices are already in use,� he says.
Impact on public companies
Norm Shikuzawa, who heads UHY Advisors’ ERAS practice in California, says proactive companies that have viewed SOX compliance as an opportunity to reassess their financial reporting processes, to identify redundancies or improvement areas, will likely embrace the new SEC guidance as a way to maximise value in further streamlining compliance efforts.
“We have seen added attention by management to increase the effectiveness and efficiency of the financial close process,� says Shikuzawa. “Because many companies in the past took the view that they had to test all areas, it was getting ridiculous when certain non-core items were scrutinised to the same degree as a major risk area.�
While some management teams may feel liberated that they can be flexible in their approach to 404 compliance, others may still need hands-on assistance. Shikuzawa and Reece say that UHY Advisors generally recommends companies to take a strategic approach that fits their corporate culture and embraces:
n A holistic approach that balances qualitative inherent risk assessment with the appropriate control response and quantitative risk frequency and impact studies, as well as key process indicators to improve risk identification and the related controls over financial reporting. This approach should encompass risks related to a company’s environment, business processes and information flow – and how these areas influence financial reporting.
n Open and proactive communication with the external auditors to ensure acceptance and minimise surprises during their assessment of internal controls.
n Identifying opportunities for increased reliance on prior-year assessments of internal controls over financial reporting.
Contact: Chris Reece
Email: creece@uhy-us.com
 top
|
