Candela Solutions LLC
Candela Solutions Home
Governance Issues - Corporate Governance Journal

Corporate Governance Journal

News and Articles

Copyright © . Candela Solutions, LLC. All rights reserved.
 

A New Breed of CPA Firm Building Value through Strong Governance

Sarbanes-Oxley (SOX) Compliance

Conquering Section 404 in a Cost-Effective Manner

Under Section 404 of SOX, management is responsible for assessing their internal controls over financial reporting to identify material weaknesses, remediate them, and conclude if any still exist as of the end of a public company's fiscal year. This responsibility includes compliance planning, documenting internal control design, risk identification and assessment, evaluating the design, testing the controls, correcting weaknesses, and reporting on the results. A key challenge is identifying all material weaknesses over financial reporting, correcting them, and retesting to help ensure that the external auditor will be able to render an unqualified "clean" opinion. The delicate balance management faces requires walking a fine line between noncompliance and over-compliance. An adverse audit opinion can have negative public relations and valuation consequences, while over-compliance can be a waste of resources. The key is finding the optimal balance and securing consultants who can add business value beyond a strict-compliance orientation.

Candela Solutions provides a full range of SOX-404 services including:

  • Education
  • Staff mentoring
  • Risk assessment
  • Documentation
  • Testing
  • Remediation
  • Project management

Do not leave your SOX compliance efforts in the hands of consultant looking to simply bill hours. Instead looks towards Candela Solutions as a CPA firm whose rallying cry is to provide advice, training and tools to clients to become more self-reliant. We are passionate about your success, knowing that our success follows.

IT Ramifications

Knowing that the scope of Section 404 is internal control over financial reporting, one must also consider the technology ramifications. Information technology (IT) is a key foundation of an effective system of controls and is therefore very relevant to the 404 process. The SOX 404 attestation process by external auditors requires confidence in the IT systems which house, move, and transform data. Many of today's concerns center around general IT controls such as data backup, recovery procedures, access security, and change-management procedures to protect the integrity of business records as it rolls up into the financial statements.

Now more than ever the accounting side of the house must closely work with the IT shop on the intricacies of internal control documentation, risk assessment, testing and remediation. An integrated approach for addressing both IT controls and non-IT controls, while also facilitating a continuous-monitoring environment for periodic management certifications (Sections 302 & 906) and current reports (Section 409), is a best practice.

A Comprehensive Understanding Well Beyond Section-404

SOX has an impact on all types of organizations, especially public companies. SOX does not have to be painful and destroy value. On the contrary, SOX should be implemented in a cost-effective manner to add value and provide reasonable assurance in mitigating a wide variety of risks. Candela Solutions is here to work with your team, as an advocate for you, and we can provide you with assistance as you need it.

Candela Solutions works with you in planning and executing your SEC, SOX & Compliance programs. We take a holistic approach rather than working in silos. Identifying roles and responsibilities to address the applicable section of SOX from the universe of 66 sections is critical. This is what separates us from many competitors as we provide a full range of SOX services to help ensure that companies comply fully with the relating SEC rules and regulations.

While SOX-404 garners the most attention, our team also provides comprehensive SOX-302 services such as process development, disclosure-control documentation, and evaluation assistance. We work with you to define and present training on leading COSO and COBIT framework implementation.

It is a misperception to believe SOX only applies to publicly traded companies. True, most sections, like 301, 302, 401, 404, 406, 409, and 906 explicitly apply to companies that file reports with the SEC under the 1934 Act. However other sections, such as altering, concealing and destroying documents (802 & 1102), criminal fraud offenses, including mail and wire fraud (902 & 903), Federal Sentencing Guidelines (905 & 1104), and retaliation against informants (1107) apply to all companies and nonprofit organizations.

We understand the comprehensive nature of SOX and help organizations prepare for most sections, including public company audit committees (301), corporate responsibility for financial reports and evaluation of disclosure controls (302 & 906), disclosures in periodic reports (401), management assessment of internal controls (404), code of ethics (406), and real-time disclosures (409). Call upon us for advice, training and support.
SEC, SOX & Compliance Programs SEC, SOX & Compliance Program Education, Training and Preparedness SEC, SOX & Compliance Program Advice, Tools & Resources SEC, SOX & Compliance Program Monitoring
Site Map  |  Contact Us
Web Presence by NETPHORIA
Use of this site constitutes acceptance of our Terms of Use.
Also, please read our Privacy Policy.