Vibato has schedule a set of new Webinars starting in early February. These webinars are free and everyone is encouraged to attend.
View the webinars by clicking here.
I just read this article from Compliance Week and left the post below.
Great article: we agree completely.
http://www.complianceweek.com/blog/whitehouse/2009/12/28/sox-efforts-could-be-more-efficient-poll-says/#comment-391%0d%0a%0d%0a
Very nice article.
I agree with those people who claim SOX needs to be more efficient and I believe you can add efficiencies to a ‘compliance at any cost' attitude by following some simple steps:
- Determine your materiality threshold so you know what dollar amount to focus on (i.e., accounts >$5,000).
- Perform a Risk Assessment to determine what areas to focus on (i.e., accounts payables, revenue, etc).
- Ideally, do not reinvent the wheel of what controls to use in the risky areas but if you do not know what the best-practice controls should be by process, then keep your materiality threshold and risk to the account in mind when determining what controls to document (e.g., do not document a control over petty cash unless petty cash is material). Document the controls in Word or Excel so you have a way to track the information.
- Each control should tell the reader who, what, when, where, why, and how someone is performing a control so saying "Joe approves journals" is not clear enough. An example of clear enough would be "Weekly, the Controller at Corporate reviews journals for accuracy and completeness against all supporting materials. The Controller signs the journal as evidence of review and approval once satisfied."
- A lot of auditors no longer ask for narratives or flow charts so discuss this with your auditors if it is not something you'd like to do.
- Share your documentation with your auditors and get their feedback.
- Test the effectiveness of those controls, for example: if you say executive management is reviewing and approving journal entries prior to posting, using statistical sampling, test a handful of completed journals to verify this is happening and document the results in either Word or Excel
- Remediate where necessary based on your testing.
- Report your testing results to your auditors.
- Standardize your controls and documentation style across departments and locations. This will not only build in efficiencies with the consolidation (if applicable) but it will save you a significant amount of time and money because your auditors will have built-in expectations and a one-time learning curve.
All my best,
Teresa Bockwoldt MBA, MST
CEO & Co-Founder
Vibato®, LLC
655 Montgomery Street, 5th Floor, Suite 540 San Francisco, CA 94111
Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725
SOX Compliance Made Simple® | http://www.soxprofessionals.com/
Lora Bentley wrote yet another article that included information about our thoughts around our New Year's resolutions surrounding SOX that is viewable here:
http://www.itbusinessedge.com/cm/blogs/bentley/five-new-years-resolutions-for-sarbox-compliance/?cs=38363
Thanks to Lora for speaking with us!
Check out more articles from the IT Business Edge by clicking on their logo below:
Lora Bentley of IT Business Edge interviewed me last week and has published a great article about our discussion. You can find it here:
http://www.itbusinessedge.com/cm/community/features/interviews/blog/making-sarbox-compliance-simple-six-sigma-and-world-class-best-practices/?cs=38357
All of her articles are very informative and she has a great perspective on things. I recommend checking it out!
For the past two years, we here at Vibato have donated to the Make-A-Wish Foundation in lieu of sending or exchanging gifts during the holiday season. We encourage all of our readers to consider contributing to this wonderful foundation. Click on the image below to see their website.
This year, Akeena Solar attended a Risk Assessment Seminar we held with Burr Pilger & Mayer LLP. They were so impressed with our methodology and passion for saving our clients money and time that they decided to switch their SOX service providers to us. The switch has been a tremendous success and here is what their CFO has to say about it:
"Working with Vibato has allowed us to focus on reducing the costs associated with the ever-challenging Sarbanes-Oxley compliance regulations," said Margaret Randazzo, CFO, Akeena Solar, Inc. "As a public company, it is important that we use a tool like SOX Compliance Made Simple, as it allows us to efficiently manage the internal controls processes and external audits. Thus far, we've reduced our costs by over 75% on our SOX preparations and ongoing maintenance. In addition, we are already seeing a positive peek into the expected ROI - we expect to save more than this next year, which is huge for a company of our size and a great example of improving shareholder value!"
Alex Pollock published an article titled "What the House Got Right on Financial Regulation" yesterday (see it here). It is a good, quick read. I wanted to touch on his comment that 404(b) for non-accelerated filers is a waste of money and time.
As indicated by data published in some previous posts here, non-accelerated filers have a 46% higher likelihood of a restatement (Sarah Johnson, CFO.com, December 2, 2009). We here at Vibato see the financial data produced from non-accelerated filers daily and initial SOX implementations can be downright scary. We have seen financial data that is inaccurate, support for the financial data has been either thrown out or assumed, segregation of duties is inadequate, etc. I have had countless conversations with executives about how they should reconsider giving their AP Clerk the check stock, access to print checks, and the check signing equipment (think cleaning out the bank account - assets of the shareholder - and fleeing the country). Of course, not all non-accelerated filers fall into this "scary" category but I have yet to find a company that did not benefit from a 404(a) implementation in some way. Our experience suggests that a significant number of non-accelerated filers have inadequate structure and insufficient accounting talent to properly protect them from their own mistakes. This has and can lead to restatements, shareholder lawsuits, management changes, and even personal accountability being pursued. The SOX legislation seeks to help formalize accounting procedures, which can facilitate more reliable financial statements and improve internal business processes.
Alex, as a former President and CEO of Federal Home Loan Bank of Chicago (1991-2004), and now as a Resident Fellow at American Enterprise Institute for Public Policy Research, it would seem that you would not have day-to-day dealings with non-accelerated filer data. Please correct me if I am wrong but I would venture to guess that you haven't spent any time performing a SOX implementation for a non-accelerated filer. You may have spent time with the executives of these companies, who I am certain assume that their financials are correct. And I am certain you have listened to their cries about the costs, and how SOX has only been successful at employing auditor's and lining their pockets. However, some of the data published suggest otherwise and is in line with our own experiences. For example, of the 366 companies who received a qualified opinion through May 2, 2005, 94% of them claimed a clean internal control infrastructure in the 302 certifications in the previous quarter to their qualified opinion (Compliance Week SOX 404 Deficiencies Preceded By "Effective" 302 Reports by Melissa Klein Aguilar - July 26, 2005). What this shows is that there are many assumptions being made about what internal controls are and their assumed effectiveness, or very little awareness as to what is really happening inside the company. Additionally, to be clear, a qualified opinion is something that could cause a material misstatement to the financials, and not limited to just someone forgetting to approve a $25 expense report.
I have personally implemented over 50 SOX engagements and I have seen many benefits first-hand. I also understand that a lot of the negative press SOX has received is in some cases real and warranted. I have battled with external audit firms and seen Board of Director meetings almost turn violent over outrageous auditor claims that were in no way in the benefit of the shareholders from my perspective. The 404(b) aspects of my job are by far the most laborious and challenging; especially when working with the largest firms who have varying degrees of experience and business knowledge across their resource pools. But, I also understand why external auditors often behave the way they do; the legislation has put them in a difficult position to objectively evaluate their clients while relying on those same clients for their business. In addition, those same external auditors are personally and professionally liable for the quality of their audits, which further erodes their ability to rely on any historical knowledge or good "intent" based on experience with their clients. Auditors can be fined, sent to jail, fired, sued, stripped of their credentials by the PCAOB, etc. Based on these potential risks, I can appreciate when an auditor may be paranoid, and drive them to over-scope the project as a as an attempt at the highest assurance they can achieve given the situation. The auditor is put in a precarious position. It seems that they must choose to inadvertently or otherwise over-scope the audit ($) to attempt to maximize their confidence, and risk upsetting the client who could take their business elsewhere, or attempt to serve the cost-conscious demands of the client and increasing their own risk and exposure.. I have always thought this is a practical conflict of interest, requiring a for-profit industry to try to act in the best interest of the public.
Rather than having the external auditing firms perform 404(b) audits and then having the PCAOB come around and review the quality of their audit, why not take out the middleman and have the PCAOB perform the 404(b) audit on the client and charge a flat or market-rate fee for this service? Or, why not impose a market cap on the costs an external auditing firm can charge based on a pre-defined set of risks and/or exposure that has been tested and approved by the broader industry? This type of sanction can be seen in other areas such as contingency caps on lawyer fees associated with Workers Compensation lawsuits, etc. Since at least some of the statistics show non-accelerated filers can benefit from 404(b) audits, and since this legislation was imposed by the government as a way to provide a level of shareholder confidence, it would seem only prudent to have a somewhat standardized level of review available to all public companies. This type of approach could certainly begin to address the cost concerns and level of inconsistency across the self-reporting data being referenced in many of the recent reports published.
The Public Company Accounting Oversight Board (PCAOB) updated their website today with the following announcement:
"PCAOB Reproposes Auditing Standards on Auditor Risk Assessment
Washington, DC, December 17, 2009 - The PCAOB today voted to repropose for comment seven auditing standards and related amendments that collectively would revise the requirements for assessing risk in an audit.
"A sound and sophisticated risk assessment is essential to performing an audit that affords investors reasonable assurance that financial statements are free of material error. Therefore, these seven standards - once finalized - will serve as the bedrock for much of the Board's future standard setting," said Acting PCAOB Chairman Daniel L. Goelzer."
Read the full update by clicking here
This is wonderful news and as many of you know, Vibato has the most comprehensive and affordable Risk Assessment offering on the market today. For those of you who use a Risk Assessment, if it is taking you longer than one day to complete, please give us a call. Also, for those of you who are interested, we offer nation-wide Risk Assessment seminars that will show you how to perform your own Risk Assessment and give you eight hours of CPE credits. Feel free to contact us for more information.
Posted by:
Teresa Bockwoldt MBA, MST
CEO & Co-Founder
Vibato®, LLC
655 Montgomery Street, 5th Floor, Suite 540 San Francisco, CA 94111
Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725
This is from Sarah Johnson of CFO.com on December 2, 2009:
"In effect, the Audit Analytics report suggests, the restatement rate for nonaccelerated filers is 46% higher than it is for accelerated filers. As it stands now, nonaccelerated filers - companies with market capitalizations under $75 million - have less than a year to get their auditors to weigh in on their internal controls. Only a "handful" of these companies already do, voluntarily, according to Whalen. The smaller companies will have to file these audit opinions with annual reports filed for fiscal years ending after June 15, 2010."
Excellent article that delves right into the heart of the matter; a 46% restatement rate is unreasonably high for the investing public. Congress should focus on how to make the compliance requirements more affordable rather than looking at ways to make it not applicable.
Find the full article at this link.
Posted by:
Teresa Bockwoldt MBA, MST
CEO & Co-Founder
Vibato®, LLC
655 Montgomery Street, 5th Floor, Suite 540 San Francisco, CA 94111
Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725
We are delighted to announce a partnership agreement with HJ Associates & Consultants, L.L.P. out of Salt Lake City, Utah! HJA is a member of the RSM McGladrey Network. We met HJA earlier this year and based upon their belief in our approach, they referred several clients to us which have all resulted in successful SOX implementations. This partnership will allow us to expand our reach and the overall availability of the SOX Compliance Made Simple product line. It is truly a privilege to partner with such an amazing team of professionals! Read more about the partnership here.
Posted by:
Teresa Bockwoldt MBA, MST
CEO & Co-Founder
Vibato®, LLC
655 Montgomery Street, 5th Floor, Suite 540 San Francisco, CA 94111
Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725
Margaret Randazzo of Akeena Solar was promoted to CFO yesterday! We wanted to wish her heartfelt congratulations on a well-deserved promotion. Margaret is a true professional with the kind of knowledge and dedication that we admire here at Vibato.
Congratulations Margaret!
At a time when most companies are laying staff off, I am proud to say that Vibato is hiring and expanding! We attribute our level of growth to the excellent products and services we provide to our wonderful clients.
I'd like to send out a very hearty welcome to some new members of our team:
- Michael Fung is our new Senior Technical Developer. Michael has extensive programming experience and is leading the development effort for our next generation of products. Michael's ideas and intuition are spot on and I believe everyone will be truly impressed with our new line of product as well as the updates to our existing lines.
- Libia Nordenso is a new Senior Associate and will focus on helping with controls testing and internal operations. She isextremely methodical and detail orientated. We are delighted to have her as a member of the team!
Posted By:
Teresa Bockwoldt MBA, MST
CEO & Co-Founder
Vibato®, LLC
655 Montgomery Street, 5th Floor, Suite 540 San Francisco, CA 94111
Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725
We have codification cross reference cheat-sheets available for those of you who need them. Contact me at tbockwoldt@vibato.com and I will send them to you!
In addition to serving our clients, we have been busy working on new products! We are planning to launch two new products in January and a new version of our SOX Compliance Made Simple® product! We will also be announcing three new processes to our library of available process cycles! Stay tuned!
Posted By:
Teresa Bockwoldt MBA, MST
CEO & Co-Founder
Vibato®, LLC
655 Montgomery Street, 5th Floor, Suite 540 San Francisco, CA 94111
Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725
All,
I've started receiving feedback from folks who have seen my postings about Sarbanes-Oxley on the internet and on our site. I received a comment from Peter Nelson of LBB & Associates Ltd., LLP as follows:
Teresa: I generally understand your comment, but respectfully disagree with most of it. We are talking about smaller reporting companies here - not enron, worldcom, or any of the many others. The SEC has different rules for these companies for a reason, and you may be enlightened by other exceptions these companies are granted in periodic filings. While I can appreciate your vested interest against this legislation, this committee vote is a good sign that someone is interested in stopping the rampant and unprecedented growth of government in our country. As CPA's, we should focus on what is important, and applying 404b to smaller reporting companies is far from mission critical to the investing public or our democratic society. I operate in the SRC field almost exclusively, and my revenues would be favorably impacted by the 404b requirement for SRC's, but I remain supportive of the committee action due to the relative unimportance of this issue relative to other challenges of our country and profession. It is a cost without measurable benefit.
Even with that said, your services are of great value in the larger sector. The SRC's are likely going to end up in your fold eventually anyway, since who knows how far this committee action goes.
Regards,
Peter D. Nelson, CPA
Partner, LBB & Associates Ltd., LLP
2500 Wilcrest, Suite 150, Houston, TX 77042
Phone 713-877-9944, efax 713-583-2263
I sincerely appreciate Peter's message to me.
As you have all seen in my past posts, smaller companies are the ones who are most susceptible to errors, fraud, etc. This has been statically proven without question and is not just my opinion.
A challenge I'd like to put out there for external auditors is to follow our lead by examining the costs associated with their services and try to make the effort to make their services more affordable for their clients. There is no question that their clients but more importantly, their clients shareholders would benefit from a 404(b) audit. Are there any external auditors out there who would take the challenge and lower their audit fees or consider a fix-fee approach to help ease their client's burden? Does anyone else have any feedback for Peter?
All my best,
Teresa Bockwoldt MBA, MST
CEO & Co-Founder
Vibato®, LLC
655 Montgomery Street, 5th Floor, Suite 540 San Francisco, CA 94111
Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725
SOX Compliance Made Simple® | http://www.soxprofessionals.com/
Please update your records with my new email address: tbockwoldt@vibato.com
All,
We have had the privilege of staying extremely busy with SOX Compliance work over the past month; hence, my lack of blogging. We have implemented several new SOX projects and we have been busy testing existing clients SOX work. I had the privilege of working at the ZAGG offices in Salt Lake City, UT last week. Talk about wonderful people and a great product line. They gave me a couple of "skins" for our team's iPhones and they are amazing. The skins cover the front and back of your phone with an impenetrable, protective film. You can customize the skins to match your company's logo even! Anyhow, busy busy with amazing clients! We were able to get nearly 100 controls fully tested in 6 days using 1 person so we are really getting very efficient and saving our clients a significant amount of money!