The SEC's Top 10 Risks: #7. Ineffective Internal or Disclosure Controls

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

This was an excellent article on why it is more important than ever to accurately document your company-specific risk exposure. The SEC Top 10 List of most frequently questioned issues over the last two years includes “Ineffective internal or disclosure controls”, an area that we believe will be receiving even greater scrutiny in light of the recent Sarbanes-Oxley 404(b) exemption for non-accelerated filers.

You can read the full article here.

The PCAOB CONCEPT RELEASE ON POSSIBLE RULEMAKING APPROACHES TO COMPLEMENT APPLICATION OF SECTION 105(C)(6) OF THE SARBANES-OXLEY ACT OF 2002

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

The Public Company Accounting Oversight Board has made a concept release on the "Possible Rulemaking Approaches to Complement Application of Section 105 (C)(6) of the Sarbanes-Oxley Act of 2002."

If you would like to view the press release detailing the PCAOB's reasons for making this release, please click here.

To view the actual release and rule filings,  please click here.

SOX 404(b) Exemption was Passed with the Wall Street Reform Act – But Non-Accelerated Filers are Still On the Hook for Robust Internal Controls around Financial Reporting

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

Now that the wait for the 404(b) reprieve is over, it appears that a new trend is emerging to investigate 404(a) statements more closely, as expressed in recent articles on investor and auditor sentiment regarding the legislative change. We are hearing from auditors directly that they will be applying more scrutiny to 404(a) statements made by their clients in their financial reports, to ensure that there is a real basis for self-certification. The newly aggressive SEC and DOJ are expanding personnel and focusing on Corporate Governance and the role of Audit Committees, Directors and Company Officers in Compliance and Financial reporting.

Section 404(a) includes many of the same requirements that 404(b) sought to examine:

• The annual assessment must be performed by both a Competent and Objective party per SEC guidelines.
• Companies must still include a certification by the Chief Executive Officer and Chief Accounting Officer that they tested financial controls as part of annual yearly 10K  statements.
• The establishment and documentation of internal controls around financial reporting and the systems used to produce financial reports (this includes IT-related controls).
• Testing of these internal controls to prove that they are in place and functioning as specified.
• Attestation (Section 302) by executive management that all controls are in place and have been tested as working.
• Compliance with this legislation since 2007 (which means you should have been doing this, per existing law, for the last 3 years already).

While many wonder if the “self-certification” aspect lets the auditors off the hook, it may become a new yardstick by which external auditors will evaluate annual financial reports, and hence many of the same questions asked during a 404(b) audit will still apply. If auditors cannot find basis for these certifications, it may open up a new area of investigation that could inevitably lead to the same type of scrutiny (and cost) applied to a 404(b) implementation engagement.

We believe that companies would be well-served by being prepared for these types of inquiries from both their investing public and their external audit partners.

From CFO.com: User Developed Applications: What this means for the audit process.

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

Interesting article on User Developed Applications (UDAs). This could also apply to spreadsheets used for internal controls work, especially if they are distributed across departments and not centralized. Applications are typically developed for expense calculation and tracking (e.g. stock comp expense) as well as financial analysis. We try to take an approach that these types of tools should have permission control and be stored in documented locations where appropriate review and updating can be performed. It makes audit-related work much easier in the end!

"Internal Auditors Target Spreadsheets

The practitioners' leading trade group launches a campaign to get better control over spreadsheets and databases created without oversight from IT. 

David McCann - CFO.com | US”

Click here to read the full article.

"Two Cheers for Sarbanes-Oxley"? Well, we'll see.

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

The article below was sent from a dear friend of mine and fellow SOX enthusiast, Clark Keeler, Director, BPM.  I find the article to have a significant amount of irony considering it claims that "American business people of a conservative nature have been dreaming about driving a stake through the heart of the Sarbanes-Oxley act ever since the legislation was passed..." It would seem to me that if a person was truly fiscally conservative, they would consider Sarbanes-Oxley to be the prudent choice rather than the radical one.  Internal controls require there to be a check point in a business procedure that requires someone other than the preparer of the documentation to verify the accuracy of what was prepared.  This verification prevents someone from acting alone when making decisions about shareholder assets (physical assets, capital, intangible assets, etc). I am of the opinion that this double check adds a necessary layer of review considering the potential for fraud, errors, omissions, etc.  Considering all that we at Vibato, LLC have found when testing internal controls, this is no longer just opinion but rather, fact.  Read more on the article here:

“Two cheers for Sarbanes-Oxley

The Supreme Court gets it right by tweaking, but not overturning, the controversial legislation

Jun 29th 2010

AMERICAN business people of a conservative nature have been dreaming about driving a stake through the heart of the Sarbanes-Oxley act ever since the legislation was passed, back in 2002, in the wake of the Enron, Tyco, WorldCom and Global Crossing scandals. George Bush rightly described the legislation as “the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt”. But to its critics it is far-reaching in the wrong direction. The American Enterprise Institute, a right-wing think-tank, has dismissed Sarbox as a “colossal failure”. Ron Paul, a Texan libertarian, has argued that it puts America at a competitive disadvantage. The Wall Street Journal thunders that it has “imposed hundreds of billions of dollars in costs on business with no noticeable decline in financial scandals”. Newt Gingrich has urged Congress, the body that he once dominated, to repeal the act.”

See the full article here. 

Compliance Alert: Status of Sarbanes-Oxley Section 404(b)

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

I read this press release this morning and feel that our readers will find it interesting. It details the Center for Audit Quality's reaction to the Supreme Court's PCAOB Decision:

 http://www.thecaq.org/newsroom/release_06282010.htm

Compliance Alert: Status of Sarbanes-Oxley Section 404(b)

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

For those of you who are curious,  the below article from TNBankers.org gives descriptions of some of the key provisions of the Reform Bill that is currently being worked on:

Decision in Free Enterprise Fund v. PCAOB

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

I read a press release titled "Decision in Free Enterprise Fund v. PCAOB". To read the full press release, click on the link below: 

 http://pcaobus.org/News/Releases/Pages/06282010_SupremeCourtDecision.aspx

Compliance Alert: Status of Sarbanes-Oxley Section 404(b)

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

The Ohio Society of CPAs  commented on the "Last-minute attempt made to remove small public company exemption from financial reform"  in 404(b) in the article below on 25 June 2010. They discussed the fact that investors in small companies deserve safeguards against possible fraud. After all, if there are no safeguards to prevent fraud for small public companies, that will ultimately lead to a lack of investment in these companies as investors will not feel secure in doing so. Click  here to read the full statement.

Compliance Alert: Status of Sarbanes-Oxley Section 404(b)

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

While reading The Harvard Law School Forum I came across a pose that discusses the "Sarbanes-Oxley 'Clawback' Developments" by John F. Savarese. It is very interesting, and if you would like to read it, click  here.