Sarbanes-Oxley (Sox) Financial Compliance Reviews, A Cost Effective Fraud Prevention Tool

The United States Congress passed the Sarbanes-Oxley Act into law in July 2002. The Act was primarily designed to restore investor confidence following well-publicized bankruptcies and internal control breakdowns. The Act is applicable to all publicly registered companies under the jurisdiction of the SEC. A Public Company Accounting Oversight Board (PCAOB) was created.

Two primary sections of the Act define an organization’s compliance requirements. Section 302 requires the management’s quarterly certification of the company’s financial results and Section 404 requires the management’s annual assertion that internal controls over financial reporting are effective. Also, the Company’s independent auditor is required to opine on the effectiveness of internal controls over financial reporting and the fair presentation of the organization’s financial statements.

The Audit Consultant was hired to perform a complete SOX review of a public retail company with operations in 39 states. The primary objective of this review was to ensure that the internal controls deemed significant to the financial reporting processes have been properly documented and are adequately enforced.

A total of 11 financial processes and 4 Information Technology (IT) processes, selected with the help of the Company Controller, covered over 90% of the risk exposure of the financial records. The financial processes consisted of, for example, Accounts Receivable, Payables, Payroll, Entity Level Controls, Financial Statement monthly closing, Treasury processes, Taxes, IT processes such as Data Management, Security Management, etc. Each process was updated, internal control for each process was identified as primary or secondary and its design effectiveness was verified to be effective. Various control tests such as a review, inquiry, observation or an inspection were performed on a sample basis for each process to determine the operating effectiveness of each financial process control.

Consultant’s Findings

The initial testing of controls over the financial processes disclosed a total of 165 control deficiencies. The remaining controls were judged to be operating effectively. The test results were reviewed with management and individual managers were given 3 months’ time to redesign controls and make sure they were effective. The final testing lowered the number of deficiencies to 48 deficient controls.

The defective and / or non-existent internal controls over financial processes could result in misleading reporting of revenues, financial frauds, and in some cases, could drive the business into bankruptcy.

This is a very cost-effective financial review tool. It took about 4 months to complete this project at a cost of about $80,000. However, it immensely benefitted the Company by helping it strengthen its internal control structure, minimizing fraud potential and instilling confidence in its shareholders that the Company’s financial reporting was sound and dependable. It probably saved the Company untold millions of dollars in probable financial losses.

To see the resume of the expert associated with this case study, see the link below.