Keeping up: meeting SOX challenges.

• Position: Q & A - Company Profile - Cover Story

The shift in accounting brought on by the Sarbanes-Oxley Act and its key provision, Sec. 404, that requires public companies to thoroughly survey and vouch for the adequacy of their internal controls, continues to reverberate throughout American business.

The SEC and PCAOB's rules of reform, and new auditing and financial reporting standards created by FASB and the AICPA, have caused national accounting firms to focus more on their core competencies and multi-national clientele, while they refer many public and private company clients to regional firms.

The following Q&A with Armanino McKenna Managing Partner Andy Armanino, CPA, and Cathy Thomas, CPA, who leads the firm's risk management service, addresses the impact SOX has had on their firm's clients and offers strategies about how firms can keep up with the high demand for risk management and compliance services.

[ILLUSTRATION OMITTED]

Q: How have risk management services changed over the last three years?

Armanino: The big change was Sarbanes-Oxley and the creation of many new compliance requirements for public companies, together with strong punishments for non-compliance. Technology has had an enormous impact as well. Many companies have not kept pace in the electronic age, and control systems are often woefully inadequate, increasing the risk of defalcation of both funds and company records. When you have a high degree of inadequacy in keeping pace with technology changes and layer SOX compliance over it, you have a recipe for real trouble for many companies, both public and private.

Thomas: This year, many companies admitted to their inadequacy as deadlines for compliance with Sec. 404 approached. If a company realizes it has problems with its control systems, it is obliged to disclose them and there was a flood of disclosures on the first deadline for the largest corporations.

Armanino: There are many more areas of vulnerability and risk for more companies than there were pre-SOX. Our profession is working to help companies fully embrace the standards set by SOX. At Armanino McKenna, we are focused on getting clients to recognize how important the role of their systems are in realizing compliance. We encourage companies to incorporate a risk management culture and to consider re-engineering to create sustained compliance with regular testing, monitoring and continued review of certification requirements.

Q: What are the top concerns for companies grappling with SOX compliance?

Thomas: Cost, primarily. Companies are expected to spend upwards of $80 billion to launch enterprise-wide compliance initiatives in the next few years. The outlays of capital required to re-engineer for SOX compliance are high and the...