ceo certification requirements

5 Tips for Maintaining SOX Compliance in 2020-21

5 Tips for Maintaining SOX Compliance in 2020-21

SOX compliance is a complex and evolving process. No matter if a company used to issue audited financial statements in the past, it must build and maintain the capabilities to comply with the Sarbanes-Oxley Act to understand different factors (potential new costs, current risks of material misstatements, and awareness of internal changes) that may impact the efficacy of your program.

 

The SOX compliance program helps understand the strengths and weaknesses of an organization. There are few ways through which you can better balance the cost of your SOX compliance program with the risks of material misstatements in your financial statements.

 

How To Maintain SOX Compliance Program?

Let’s discuss some tips that will help you to maintain your SOX compliance program in the financial year 2020-21.

  • Expect Additional Costs from PCAOB Inspections
  • Start Early
  • Monitor and Assess Key Staff Turnover
  • Segregate Duties
  • Understand IT Risks

We’ll walk through these tips one by one.

 

Expect Additional Costs from PCAOB Inspections

“According to the 2020 budget report for PCAOB (Public Company Accounting Oversight Board), the budget has increased over the years(i.e., 2018-2020).”

Based on this report, the board reaffirmed its strategic direction. The trickle-down effect uncovers the areas during the inspections of external audit firms and any significant deficiencies (identified in those inspections) help the PCAOB to meet its goals of greater financial reporting transparency and investors’ protection. But, inspections will continue to pressurize the work performed by (and costs companies pay) their audit firms.

Start Early

Execute a robust planning process at the beginning of the financial year and reduce the chances of errors, audit headaches, and avoidable costs. In the beginning, anticipate where the additional focus will be required in the coming year.

 

PCAOB revealed common challenges in its findings from recent inspections:

  • Impromptu design, documentation, and testing of internal controls over financial reporting.
  • Inadequate understanding of likely misstatement sources.
  • Inaccurate or incomplete information and data used in estimates.
  • Inappropriate accounting implementation for changes in business as well as new accounting standards.

It was observed that PCAOB included equity, revenue recognition, inventory, and liability accounting many times across its reports. The report also mentioned the following factors as deficient for small organizations:

  • Controls for ensuring proper segregation of duties.
  • Assessing the competence of financial reporting duties outsourced to a third party.

Monitor and Assess Key Staff Turnover

Whenever a person leaves an organization, several factors are considered – from ensuring the proper exit to figuring out how his role will be filled. If the person who is responsible for key internal control exits from the organization, it can add additional risk to the organization. So, assess the impact of the change quickly to make sure that his internal control duties are performed timely and in a way that addresses the related risk.

 

Segregate Duties

For protecting a company’s assets, duties must be segregated properly. This internal control is essential to protect the accuracy of the financial statements. When application controls are designed and monitored properly, it can help to reduce the workload. But, automation adds risks, such as proper access management and system administration, that require to be considered.

 

Another level to manage cost and risk effectively is delegation. Let’s assume a portion of internal control tasks being delegated. Segregation challenges can be addressed by funneling detailed reviews through senior staff or management and result in a surprising efficiency.

 

Understand IT Risks

Understand IT Risks

IT is a fast-evolving area in an organization that raises the probability of misstatements due to cyberattacks. The sole targets are not only big enterprises – hackers can target any organization (small or big) through different tactics such as social engineering and spoofing emails. Although such practices are not new, their sophistication has increased dramatically. It is found that there is a rise in successful efforts to defraud companies in different ways like misdirected payments to employees and vendors, demands to wire money to continue key services, and threats to company data.

 

Therefore, you must know the key to your company assets and take steps to ensure that they remain in control. Make sure all procedures and policies are in place and followed while using the keys to distribute company funds or assets. It is to be noted that if you have mistakenly sent money – that will never be recovered, and you have not recorded or disclosed accurately, it indicates a control deficiency and possibly worse.

 

Bottom Line

Companies continuously face upward pressure on the costs of SOX compliance. However, smart planning, sound decisions on control implementation, and a coordinated effort throughout the year can help keep SOX compliance costs in check. Therefore, you require experts who know how to navigate the complex water of financial statement risk management and compliance.