WHEN U.S. PRESIDENT GEORGE W. BUSH SIGNED the Sarbanes-Oxley Act of 2002 into law, he said it included "the most far-reaching reforms of American business practices since the time of Franklin Delano Roosevelt." Today opinions are divided about the act's impact on cleaning up corporate fraud and restoring confidence in the public markets. Moreover, many filers have felt burdened by the cost of Sarbanes-Oxley compliance.
In response to these concerns, the U.S. Securities and Exchange Commission (SEC) conducted a survey to gauge compliance expenditures. The results, published in the commission's September 2009 Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control Over Financial Reporting Requirements, show that companies expect Sarbanes-Oxley compliance to cost US $429,000 for a typical nonaccelerated filer and nearly US $2.5 million for a typical large accelerated filer. Not surprisingly, then, many U.S.-listed companies believe the expenditure outweighs the benefits--especially in these turbulent economic times. With careful preparation, however, companies can turn Sarbanes-Oxley compliance into a business advantage, improving risk and control evaluation while saving money and time in the process.
A series of 10 proactive steps, aimed at companies that have experience with Sarbanes-Oxley Section 404, helps guide compliance teams through an effective planning effort. Although some publicly traded companies can spread their compliance efforts over the year, many still incur a great deal of Sarbanes-Oxley work during the third and fourth quarters, making the first two quarters the best time to begin planning. That way, the company can focus the last two quarters on testing, fixes, and retesting. By following the 10 steps below, compliance teams can identify potential issues sooner, prepare thoroughly for the testing process, and minimize the possibility of encountering last-minute surprises.
1 VALIDATE THE PROCESS LIST
Sarbanes-Oxley teams should begin the planning effort by ensuring the right business processes are included in scope and by focusing only on activities that are essential to financial reporting. That means excluding The Committee of Sponsoring Organizations of the Tread-way Commission's (COSO's) Internal Control-Integrated Framework objectives related to operations, laws, and nonfinaincial regulations. If a company suspects it has included unnecessary processes in its compliance scope, the Sarbanes-Oxley team should reevaluate the process list and include only processes related to verifying accurate financial reporting, evaluating management's authorization of transactions, or safeguarding assets. By refining the scope, the company can lay the foundation for a project that is easier for its compliance team--and the auditors--to manage.
When evaluating business processes, Sarbanes-Oxley teams need to keep the company's materiality threshold in mind. The amounts flowing through those processes should be included in the scope of the Sarbanes-Oxley project only if they exceed the materiality threshold. Most companies determine the materiality of individual processes by mapping their processes to the associated amounts in the general ledger.
As today's economy impacts balance sheets and income statements, certain business processes need to be reevaluated for inclusion or exclusion. Moreover, companies should adjust their overall materiality thresholds, as the factors used to calculate those thresholds have likely changed as well. Some specific processes to reexamine for inclusion or exclusion include:
* Capturing and recording accruals.
* Any process that generates nonoperating income.
* Any process that generates nonoperating expense.
* Asset acquisition, delivery, and setup.
* Capturing and recording the cost of internally developed assets.
* Asset impairment.
* Asset disposal.
* Hiring and termination.
* Approval and payment of travel and entertainment.
* Vacation and payroll accrual.
The Sarbanes-Oxley team could also examine bad debt allowance and sales and purchases of investments. Additionally, the team will save time on the project by combing through its entire list of financial processes to evaluate the effects of the recession.
2 LEVERAGE COSO SMALL BUSINESS GUIDANCE
Many officers at small public companies argue that Sarbanes-Oxley treats small businesses unfairly. The 2009 SEC survey determined that even after more than four years of Sarbanes-Oxley compliance, the act costs small companies .59 percent of their assets each year, whereas compliance for larger companies costs just .08 percent of assets.
Although they make smaller profits than their larger counterparts, small companies still have the same number of processes to document and test. COSO's response to this concern appears in its 2006 manual, Internal Control Over Financial Reporting: Guidance for Smaller Public Companies. Publicly traded companies of almost every size should find the information and checklists in this manual useful in streamlining their process and testing documents, and reducing overall testing...