Benefits of an Internal Control System Aligned to SOX

Internal Control Systems in Financial Reporting and the Sarbanes Oxley Act (SOX)

In financial reporting, various auditing standards refer to Internal Control Systems (ICS), namely the Sarbanes Oxley Act (SOX) and the SEC regulations in the US, as well as the IDW auditing standards in Germany. In 2002, Sarbanes Oxley Act was passed by Congress to establish stricter requirements for Internal Controls. This Act ensures that the management team and auditors of publicly traded companies have implemented and established Internal Controls which affects their Financial Reporting. Sarbanes Oxley Act, commonly known as SOX Act, was passed down with the main purpose to offer stakeholders protection by improving the accuracy and reliability of financial information in corporate disclosures. More specifically, SOX 404 requires the implementation of adequate Internal Control over Financial Reporting (ICFR) within listed companies to guarantee fair financial reporting practices in accordance with Generally Accepted Accounting Principles (GAAP). External auditors must attest to the design and effectiveness of Internal Control over Financial Reporting and the accuracy of an organisation’s financial statements.

An organisations ICS consists of both technical and organisational rules and controls that promote compliance with guidelines and prevent damage caused to the company by the likes of it’s own staff, or third-parties. Typically, COSO or COBIT, two popular control frameworks, are used as the basis for a company’s ICS.

Sarbanes Oxley (SOX) Compliance

To achieve SOX compliance, business leaders need to obtain reasonable assurance in their annual SOX audit. During the compliance audit, they must also provide proof of accurate, data-secured financial reporting. In addition, SOX mandates that all businesses under the Act have Internal Control Systems in place to provide the data required by a compliance audit. While Sarbanes-Oxley Act (SOX) is a familiar topic, organisations still struggle to find the best approach for SOX attestation. Additionally, with the changes in legislation, technology and the developments of the COSO 2013 framework over the last decade, the need for a holistic SOX compliance program has been further propelled.

Some benefits of having a SOX-aligned Internal Control System

• Standardised organisational processes which strengthen the control environment

  A well-performing SOX function provides business advantage through consolidated and standardised financial processes, which increases adoption while strengthening the control environment. These processes also improve data transfers and communication between internal functions and third parties, minimising redundant information and inconsistencies.

• Supports the Risk Management function

  SOX has over the years, shifted emphasis on merely compliance to focus on risk management – aligning business objectives and processes as a means to generate business value – allowing them to benefit from greater transparency, visibility and timely mitigation.

• Improved financial reporting

  A well-performing internal controls structure improves the documentation and reliability of financial data. Having defined financial reporting processes presents clearer business oversight to the management team, empowering them to operate more effectively and efficiently. By shifting focus on internal controls, organisation’s also become more aware of how important these activities are to the organisation’s financial success.

• Streamlined audit processes

  With more effective and efficient internal audit operations, easier external audit processes will surely follow.