自从它颁布以来, the Sarbanes-Oxley (SOX) Act has resulted in significant changes to the corporate governance and financial reporting requirements of public companies. Section 404 of the SOX Act requires public companies to certify to the effectiveness of their internal control over financial reporting. The external auditors of public companies must then provide an opinion on the effectiveness of each company’s internal control.
为这个认证做准备, public companies must develop a compliance plan that includes the appropriate steps to ensure that significant risks have been identified and assessed and that key internal controls are in place to mitigate the significant risks.
The process of preparing for Section 404 requires public companies to have specialized knowledge of the requirements of the SOX Act, COSO框架, and the internal control auditing methodologies followed by financial statement audit firms.
LBMC在SOX法案404条款方面有着丰富的经验, COSO框架以及外部审计标准. We have assisted numerous companies of various sizes and in a variety of industries with their SOX compliance requirements since the initial year of SOX compliance for accelerated filers in 2004.
LBMC provides a variety of readiness services based on the needs of each company. The services that we typically provide include one or more of the compliance phases described below:
We assist clients with documentation and assessment of compliance with COSO框架, 完成COSO框架模板, 以及控制差距的评估. In addition, we provide entity-level control testing services for key governance controls identified when assessing compliance with COSO框架.
协助客户进行风险评估, 我们遵循自上而下的原则, risk-based approach to ensure that future compliance efforts focus only on critical processes and systems. The purpose of the risk assessment is to identify the significant financial processes and systems that will be documented and tested as part of the SOX compliance process.
We work alongside your internal audit department to understand the systems that generate your financial reporting and assess your risks related to reliability and accuracy of financial reporting. Then, we develop a list of internal controls that are or should be in place to safeguard the financial reporting process.
We can effectively document an organization’s significant processes and systems in an efficient manner. This phase of the SOX compliance process is often cumbersome due to the detailed interviews and documentation efforts that are necessary for all significant processes and systems.
通过年复一年地保持SOX审计业务的连续性, our auditors develop a deep level of familiarity with your processes and systems, 你没必要浪费时间重新培训agapp队员. This level of familiarity enables not only the most efficient SOX compliance but also strong working relationships.
As we develop our understanding of our clients’ critical processes and document the related systems, we will assess the key risks inherent within each process to determine which key risks would most likely prevent the related processes from meeting their objectives. We will then understand and assess the key controls in place to mitigate those risks. 然后，我们将报告任何控制缺口，以便进行补救.
在关键的内部控制被确定之后, we work with our clients to develop testing plans to assess the operating effectiveness of those controls. 在这一阶段, we will communicate frequently with the related financial statement auditor to ensure we agree to the controls being testing, 测试的频率和时间, 测试文件和相关的测试样本大小. Communication is critical during this phase to ensure all parties are on the same page.
在测试, we provide frequent updates to client management to ensure all control deficiencies are known and corrected as soon as possible. In addition, after testing, we will provide formal reporting to management and the related audit committee, if requested.