Internal Control Systems in Financial Reporting and the Sarbanes Oxley Act (SOX)
In financial reporting, various auditing standards refer to Internal Control Systems (ICS), namely the Sarbanes Oxley Act (SOX) and the SEC regulations in the US, as well as the IDW auditing standards in Germany. In 2002, Sarbanes Oxley Act was passed by Congress to establish stricter requirements for Internal Controls. This Act ensures that the management team and auditors of publicly traded companies have implemented and established Internal Controls which affects their Financial Reporting. Sarbanes Oxley Act, commonly known as SOX Act, was passed down with the main purpose to offer stakeholders protection by improving the accuracy and reliability of financial information in corporate disclosures. More specifically, SOX 404 requires the implementation of adequate Internal Control over Financial Reporting (ICFR) within listed companies to guarantee fair financial reporting practices in accordance with Generally Accepted Accounting Principles (GAAP). External auditors must attest to the design and effectiveness of Internal Control over Financial Reporting and the accuracy of an organisation's financial statements.
An organisations ICS consists of both technical and organisational rules and controls that promote compliance with guidelines and prevent damage caused to the company by the likes of it's own staff, or third-parties. Typically, COSO or COBIT, two popular control frameworks, are used as the basis for a company's ICS.
Sarbanes Oxley (SOX) Compliance
To achieve SOX compliance, business leaders need to obtain reasonable assurance in their annual SOX audit. During the compliance audit, they must also provide proof of accurate, data-secured financial reporting. In addition, SOX mandates that all businesses under the Act have Internal Control Systems in place to provide the data required by a compliance audit. While Sarbanes-Oxley Act (SOX) is a familiar topic, organisations still struggle to find the best approach for SOX attestation. Additionally, with the changes in legislation, technology and the developments of the COSO 2013 framework over the last decade, the need for a holistic SOX compliance program has been further propelled.
Some benefits of having a SOX-aligned Internal Control System
Standardised organisational processes which strengthen the control environmentA well-performing SOX function provides business advantage through consolidated and standardised financial processes, which increases adoption while strengthening the control environment. These processes also improve data transfers and communication between internal functions and third parties, minimising redundant information and inconsistencies.
Supports the Risk Management functionSOX has over the years, shifted emphasis on merely compliance to focus on risk management – aligning business objectives and processes as a means to generate business value – allowing them to benefit from greater transparency, visibility and timely mitigation.
Improved financial reportingA well-performing internal controls structure improves the documentation and reliability of financial data. Having defined financial reporting processes presents clearer business oversight to the management team, empowering them to operate more effectively and efficiently. By shifting focus on internal controls, organisation's also become more aware of how important these activities are to the organisation's financial success.
Streamlined audit processesWith more effective and efficient internal audit operations, easier external audit processes will surely follow.
Creating an Internal Control System aligned to SOX should not only be relevant for those organisations preparing for upcoming audits and certifications, but any organisation aiming to go the extra mile in terms of financial integrity and shareholder confidence.
Regsiter for our Webinar: Setting up an Internal Control System aligned to SOX
Your organisation should have a long-term strategy for demonstrating SOX compliance. Here at Alyne, we aim to provide clarity to ambiguous SOX and Internal Controls over Financial Reporting requirements. In our upcoming webinar, we will be exploring 6 steps to setting up an Internal Control System aligned to SOX and sharing practical steps for those organisations looking to align themselves with SOX or achieve greater financial integrity and shareholder confidence. Our speakers have extensive experience throughout their careers in the fields of internal controls and audit for renowned globally listed companies, and will be sharing success factors and risks to consider in your SOX compliance journey.
Six Steps at a Glance:
- Step 1: Identifying the general scope of your Internal Control System
- Step 2: Framing your Internal Control System
- Step 3: Bringing your organisation together with the established Framework
- Step 4: Performing a Baseline Assessment
- Step 5: Moving to BAU (Business as usual)
- Step 6: Review and improve
Within these steps, our speakers will be sharing insights into topics such as:
- When defining the scope of your ICS, is having a 80/20 process necessary or is it worthwhile thinking about the core processes?
- Framing your ICS: Design by committee vs design by feedback? How to reduce redundancy and increase immunisation.
- How to go about defining applicability and creating Controls unique to your organisation.
- Baseline Assessment: Gathering information at the right level of detail, with the right amount of evidence and understanding
- Moving from project stage to operational ICS: Managing and aligning the expectations of different stakeholders
Karl Viertel, CEO & Co-Founder of Alyne
Prior to founding Alyne, Karl delivered security, risk management and governance solutions to organisations in Europe, America and the Asia Pacific in his role as Director for Deloitte & Touche in Germany and Australia.
Claudia Howe, Regional Head of Sales
Throughout her career and experience as Senior Manager at Deloitte Germany, Claudia played a key role in the design and implementation of the Internal Control Systems for renowned DAX30 companies.
Frederick Geyer, Specialist Control Framework
Frederick has gained years of experience working alongside multinational corporations, specialising in internal controls and audit, in his experience as a manager at Deloitte.