The Sarbanes-Oxley (SOX) legislation has two main components:
Section 404(a) requires company Management to document, analyze, and attest to the effectiveness of their internal controls.
Section 404(b) requires that Management's external auditors also analyze and assess Management's work and report their opinion in the 10K report.
The SEC has defined two classes of companies:
- Accelerated filers (>$75M in market cap)
- Non-accelerated filers (<$75M in market cap)
Both Sections 404(a) & (b) became requirements for accelerated filers for their annual reports for fiscal years ending on or after November 15, 2004.
Due to the financial hardship imposed from the compliance efforts experienced by accelerated filers, the SEC granted an annual reprieve for non-accelerated filers for both Sections 404(a) and 404(b). The Section 404(a) reprieve ended for non-accelerated filers beginning on December 15, 2007. This now requires company Management to attest to the effectiveness of their own internal control infrastructure in the Item 9 statement in their 10K report. These companies have been "self-reporting" for the last several years.
Smaller public (non-accelerated filers) companies are now facing the June 15th, 2010 SOX 404(b) final compliance deadline.
Click on this sentence to follow the progress of this legislation through our blog.
Complying with these financial reporting requirements can be a significant investment in terms of both capital and resource consumption, and failure to take this seriously can have significantly adverse effects on the valuation of these companies and the personal financial liability of their Directors and Management team. We recognize that these companies need a cost-effective approach that can be rapidly implemented while providing the flexibility to scale with their internal control infrastructure needs. Smaller companies may find themselves at the mercy of under or over-scoped audits being driven by an external audit team with less knowledge of their business than the Management team responsible for running it. Costs and timelines can spin quickly out of control if the initial risk assessment and documentation phases are not completed properly, and can ultimately lead to a qualified audit opinion or delays in filings.
Vibato® has introduced the SOX Compliance Made Simple® methodology, a revolutionary approach to driving down the cost and effort of SOX 404 compliance projects. Built on years of best-practice development, the toolset can be delivered for as little as 50% of the cost of traditional consulting engagement fees and completed in days rather than months.
In addition, companies with existing control infrastructures have benefitted from reduced internal control counts, standardization across multiple locations, reduced audit fees (up to 50%), and shorter close cycles - all leading to further reductions in associated costs and overall improvements in the efficiency of their financial reporting processes.