Ammy Whitehouse: SOX Efforts Could Be More Efficient, Poll Says

Posted by Teresa Bockwoldt on December 27, 2009

I just read this article from Compliance Week and left the post below. 

Great article: we agree completely. 

http://www.complianceweek.com/blog/whitehouse/2009/12/28/sox-efforts-could-be-more-efficient-poll-says/#comment-391%0d%0a%0d%0a 

Very nice article. 

I agree with those people who claim SOX needs to be more efficient and I believe you can add efficiencies to a ‘compliance at any cost' attitude by following some simple steps:

  1. Determine your materiality threshold so you know what dollar amount to focus on (i.e., accounts >$5,000).
  2. Perform a Risk Assessment to determine what areas to focus on (i.e., accounts payables, revenue, etc).
  3. Ideally, do not reinvent the wheel of what controls to use in the risky areas but if you do not know what the best-practice controls should be by process, then keep your materiality threshold and risk to the account in mind when determining what controls to document (e.g., do not document a control over petty cash unless petty cash is material). Document the controls in Word or Excel so you have a way to track the information.
  4. Each control should tell the reader who, what, when, where, why, and how someone is performing a control so saying "Joe approves journals" is not clear enough. An example of clear enough would be "Weekly, the Controller at Corporate reviews journals for accuracy and completeness against all supporting materials. The Controller signs the journal as evidence of review and approval once satisfied."
  5. A lot of auditors no longer ask for narratives or flow charts so discuss this with your auditors if it is not something you'd like to do.
  6. Share your documentation with your auditors and get their feedback.
  7. Test the effectiveness of those controls, for example: if you say executive management is reviewing and approving journal entries prior to posting, using statistical sampling, test a handful of completed journals to verify this is happening and document the results in either Word or Excel
  8. Remediate where necessary based on your testing.
  9. Report your testing results to your auditors.
  10. Standardize your controls and documentation style across departments and locations. This will not only build in efficiencies with the consolidation (if applicable) but it will save you a significant amount of time and money because your auditors will have built-in expectations and a one-time learning curve.

All my best,

Teresa Bockwoldt MBA, MST

CEO & Co-Founder

Vibato®, LLC

655 Montgomery Street, 5th Floor, Suite 540 San Francisco, CA 94111

Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725

SOX Compliance Made Simple® | http://www.soxprofessionals.com/

Tags: Sarbanes-Oxley Articles & Information, 404 audit