The SEC's Top 10 Risks: #7. Ineffective Internal or Disclosure Controls

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

This was an excellent article on why it is more important than ever to accurately document your company-specific risk exposure. The SEC Top 10 List of most frequently questioned issues over the last two years includes “Ineffective internal or disclosure controls”, an area that we believe will be receiving even greater scrutiny in light of the recent Sarbanes-Oxley 404(b) exemption for non-accelerated filers.

You can read the full article here.

The PCAOB CONCEPT RELEASE ON POSSIBLE RULEMAKING APPROACHES TO COMPLEMENT APPLICATION OF SECTION 105(C)(6) OF THE SARBANES-OXLEY ACT OF 2002

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

The Public Company Accounting Oversight Board has made a concept release on the "Possible Rulemaking Approaches to Complement Application of Section 105 (C)(6) of the Sarbanes-Oxley Act of 2002."

If you would like to view the press release detailing the PCAOB's reasons for making this release, please click here.

To view the actual release and rule filings,  please click here.

SOX 404(b) Exemption was Passed with the Wall Street Reform Act – But Non-Accelerated Filers are Still On the Hook for Robust Internal Controls around Financial Reporting

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

Now that the wait for the 404(b) reprieve is over, it appears that a new trend is emerging to investigate 404(a) statements more closely, as expressed in recent articles on investor and auditor sentiment regarding the legislative change. We are hearing from auditors directly that they will be applying more scrutiny to 404(a) statements made by their clients in their financial reports, to ensure that there is a real basis for self-certification. The newly aggressive SEC and DOJ are expanding personnel and focusing on Corporate Governance and the role of Audit Committees, Directors and Company Officers in Compliance and Financial reporting.

Section 404(a) includes many of the same requirements that 404(b) sought to examine:

• The annual assessment must be performed by both a Competent and Objective party per SEC guidelines.
• Companies must still include a certification by the Chief Executive Officer and Chief Accounting Officer that they tested financial controls as part of annual yearly 10K  statements.
• The establishment and documentation of internal controls around financial reporting and the systems used to produce financial reports (this includes IT-related controls).
• Testing of these internal controls to prove that they are in place and functioning as specified.
• Attestation (Section 302) by executive management that all controls are in place and have been tested as working.
• Compliance with this legislation since 2007 (which means you should have been doing this, per existing law, for the last 3 years already).

While many wonder if the “self-certification” aspect lets the auditors off the hook, it may become a new yardstick by which external auditors will evaluate annual financial reports, and hence many of the same questions asked during a 404(b) audit will still apply. If auditors cannot find basis for these certifications, it may open up a new area of investigation that could inevitably lead to the same type of scrutiny (and cost) applied to a 404(b) implementation engagement.

We believe that companies would be well-served by being prepared for these types of inquiries from both their investing public and their external audit partners.

From CFO.com: User Developed Applications: What this means for the audit process.

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

Interesting article on User Developed Applications (UDAs). This could also apply to spreadsheets used for internal controls work, especially if they are distributed across departments and not centralized. Applications are typically developed for expense calculation and tracking (e.g. stock comp expense) as well as financial analysis. We try to take an approach that these types of tools should have permission control and be stored in documented locations where appropriate review and updating can be performed. It makes audit-related work much easier in the end!

"Internal Auditors Target Spreadsheets

The practitioners' leading trade group launches a campaign to get better control over spreadsheets and databases created without oversight from IT. 

David McCann - CFO.com | US”

Click here to read the full article.

Decision in Free Enterprise Fund v. PCAOB

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

I read a press release titled "Decision in Free Enterprise Fund v. PCAOB". To read the full press release, click on the link below: 

 http://pcaobus.org/News/Releases/Pages/06282010_SupremeCourtDecision.aspx

Compliance Alert: Status of Sarbanes-Oxley Section 404(b)

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

While reading The Harvard Law School Forum I came across a pose that discusses the "Sarbanes-Oxley 'Clawback' Developments" by John F. Savarese. It is very interesting, and if you would like to read it, click  here.

Compliance Alert: Status of Sarbanes-Oxley Section 404(b)

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

 PRNewswire has a very interesting article on the most recent FEI Survey titled "FEI Survey: Companies Report Signs of Stabilization with 2009 Auditing Process." The survey found that most companies complying with SOX had smoother audit processes and felt they had better control and understanding of their company as well as their responsibility. Ultimately, they found SOX to be valuable to their business process. If you would like to read the full article about the survey and its findings, please click on the link below:

http://www.prnewswire.com/news-releases/fei-survey-companies-report-signs-of-stabilization-with-2009-auditing-process-97057454.html

Gartner, Inc. "Regulation 2.0" by Mark McDonald Blog Comments

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

I recently responded to a blog posting by Mark McDonald from Gartner, Inc about next generation regulatory requirements.  I like where Mark is heading and can see real merit in the discussion.  View his posting and our discussion via this link: http://blogs.gartner.com/mark_mcdonald/2009/10/29/regulation-2-0-%e2%80%93-hopefully-not-regulation-1-0-squared-1-of-2/comment-page-1/#comment-780

By Teresa Bockwoldt MBA, MST

CEO and Co-Founder of Vibato®, LLC

tbockwoldt@vibato.com

Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725

Sarbanes-Oxley Opponents

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

I recently responded to an article posted by James Dornbrook Staff Writer of the Kansas City Business Journal.  It is really unfortunate that people are spending so much money on SOX compliance.  As always, we strongly encourage everyone to consider their options when implementing SOX.  It doesn't have to be an expensive, overbearing experience.  I do get a kick out of the executives who act as though they are victims of the SEC now because of SOX; it is almost as though they were forced to go public under duress...in any event, the article and my comments can be found here.

By Teresa Bockwoldt MBA, MST

CEO and Co-Founder of Vibato®, LLC

tbockwoldt@vibato.com

Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725

Internal Audit Teams Come Up Short

 Email Article |  Twitter |  Facebook |  digg it |   LinkedIn 

I recently had the privilege of commenting on a great article from Matt Kelly, editor-in-chief of Compliance Week.  The article discusses the strains put on internal audit teams.  Check out the article and my comments here.

By Teresa Bockwoldt MBA, MST

CEO and Co-Founder of Vibato®, LLC

tbockwoldt@vibato.com

Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725