|
Sarbanes-Oxley and Business Processes
The Sarbanes-Oxley Act demands a major
focus on internal business processes and controls by US listed companies
and their international operations during 2004. Even where controls are
established and documentation exists, it will need review, testing and,
almost certainly, some remediation and updating to meet audit requirements
for the 2004 accounts.
US companies will need to implement
ongoing maintenance processes for CEO/CFOs and auditors to be able to
attest to control effectiveness. The importance of the control environment
needs to be communicated and an example needs to be set by top management
so they can be seen to be obeying the rules.
On the plus side, there are opportunities
for companies to rationalise processes, documentation and systems - and
improve controls and risk management.
Read on for further information or
contact us now to discuss how we can assist you.
The Sarbanes-Oxley Act of 2002 [Sarbox or
SOx for short] is the most sweeping legislation affecting US corporate
governance, disclosure and financial accounting since the 1930s. The Act
aims to 'protect investors by improving the accuracy and reliability of
corporate disclosures'. It includes measures for registration, inspection
and discipline of accounting firms and for analyst conflicts of interest -
and it prescribes severe penalties for offenders - including prison.
From a European operations perspective
the impact is primarily on reporting of results and financial controls.
SOx legislates that US quoted companies must have internal controls over
financial reporting and senior management must report quarterly that they
are operating effectively. External auditors must attest to this -
starting with the 2004 audit.
SOx compliance requires documented
processes and identified controls which are tested periodically for
effective design and operation. These very demanding control requirements
have to be met by US companies and their overseas operations must be
covered for completeness of financial reporting. This is a major task and
most companies will need to set up special project teams to meet the 2004
audit deadline.
Management
issues likely to arise from the work include:
- Do process owners have clear authority/responsibility?
- Is existing documentation consistent,
accessible and up-to-date?
- If the resource/budget for remediation
is not in plan, how is it to be funded?
- Do process owners and/or financial
controllers have the resources and systems for maintaining
documentation and compliance testing?
In European operations the business
processes are likely to differ from US domestic processes. There will
often be an order of magnitude difference of scale between the US and
individual European legal entities and much lower levels of process
automation and IT investment. The controls will often be different because
segregation of duties is more difficult with small staffs, authority
levels may differ by country, local knowledge is more important, tax
regimes vary etc.
Judgments
will be required on the materiality of the results. The impact of reported
results from regional and individual legal entity business may not
materially affect US corporate results.
We can help you with all aspects of your
Sarbanes-Oxley programme including risk analysis, process mapping, control
identification and testing, documentation and training as well as in
accounting and systems development.
If you would like to
find out more please view our Case
Studies. If you require any further
information on the work that we do, please Click
Here or contact us on 07884 432400
|
