Sarbanes-Oxley Act Section 404
What is Sarbanes-Oxley?
The Sarbanes-Oxley Act section 404, which primarily focuses on Internal IT Controls for corporate responsibility relating to financial reporting is where GGS has the experience and expertise to assist our clients.
Who is subject to Sarbanes-Oxley?
Public accounting firms, public companies issuing securities, and firms providing auditing services must comply with Sarbanes-Oxley.
What is required for Sarbanes-Oxley Section 404 compliance?
A company required to submit an SEC compliance report must report on internal controls over its financial reporting annually and as such client management is responsible for adequately implementing and monitoring these controls.
GGS works with the client management to identify what controls are adequate, implement the controls, through training, documentation and procedures, and assess the client in advance of the external auditors to facilitate remediation or mitigation of the controls.
What are the key steps to prepare for Section 404?
Preparing for SOX compliance is not usually a simple task as the requirements for compliance, although understood by our clients, often requires procedure changes and an IT culture shift as it relates to documentation. How can our clients begin to prepare for these changes?
- Assemble an audit committee to oversee the entire process
- Identify critical financial areas and relevant financial data
- Identify the controls necessary to address the critical financial data
- Conduct an internal "readiness assessment" of the controls to determine where additional work may be needed
- Develop an Action plan to remediate or mitigate any findings
- Develop policies and procedures that ensure ongoing testing and monitoring compliance with the Internal controls
|
