HPBS Ltd                    

Chartered Accountants                                             

A member of the Practice Assurance Scheme     

 

 

 

 

Home

 

Accountancy Services

 

 Management Resources

 

Business Analysis

 

Sarbanes Oxley 404

 

Company Profile

 

News and Updates

 

Tax Rates and Allowances

 

Contact Details

 

 

 

Sarbanes-Oxley 404

Sarbanes-Oxley  404 requires the management of US companies to "evaluate and disclose conclusions on the effectiveness of their internal controls over financial reporting".

There are two groups of companies affected by the ruling. Those with a market capitalisation of over $75M - the first internal control  report (to be written in form 10-K) was due 1st March 2005. 

The second group which includes foreign private issuers, compliance with the act was required for fiscal years ending on or after April 15 2006. (Now extended to 16th December 2006- see below)

Further announcements on 17th May 2006 clarifying  SEC requirements and further deadline changes are as  follows:-

External auditor role and manner of attestation.

 

Consider how COSO (The Committee of Sponsoring Organisations of the Treadway Commission) can aid smaller public companies to compliance.

 

Guidance to promote the "Top Down" risk based approach the SEC intended. (This will be scalable and responsive to individual circumstances).

 

Auditors focus on areas of high risk, fraud or material error.Planned further postponement for small (Non accelerated filers). All filers would now need to comply with 404 for fiscal years beginning on or after Dec 16th 2006! 

 

From 22 March 2007 the SEC will allow deregistration if a company can show that average daily US trading volume in its shares has been no greater than 5 per cent of its global trading volume over the previous 12 months.

The Internal Control framework as a basis for section 404 compliance is an  iterative process:-               

Document Procedures  (Process Flow Chart/ Narrative)                     

Identify and Assess business risk/fraud   (Rate risks on Risk Control Matrix) 

Identify Key Controls  (Map Controls on to Risk Control Matrix. Draft Control Documents)

Walkthrough Process  (Walkthrough the process with the business, any more risks? Are the Controls sufficient to mitigate the risks ? Assess if the controls address the risk assertions.)  

Test Controls  (Draft a test plan and test the controls are working as  documented.) 

Record Results (Ensure testing and results are recorded) 

Remediate  (Draft remediation plan, agree with business and re-test)   

Review process (Once a quarter/ or following major change review process, risk and controls) 

HPBS Ltd is experienced in the complete process including "Top Down" reviews, from system documentation, risk identification through to setting up remediation reviews. Changing business culture to empower and educate the employees to drive the compliance culture through the business is one of the most challenging areas. Please contact the company directly for advise on this issue.

Japanese Sox or "J-Sox" is very similar to US Sox in its principles. Where it differs slightly is that it requires an audit opinion on managements evaluation of the effectiveness of internal controls over financial reporting, a subtle difference.