Sarbanes-Oxley Compliance FAQ

What is the origin the Sarbanes-Oxley Act passed?
The Sarbanes-Oxley Act of 2002, also known as SOX, was passed after the accounting scandals at Enron, WorldCom, Global Crossing, Tyco and Arthur Andersen. This scandal resulted in billions of dollars in corporate and investor losses which negatively impacted the financial markets and general investor trust.
back to top
Who needs to comply with Sarbanes-Oxley?
Publicly-traded companies in the United States, including all wholly-owned subsidiaries and all publicly-traded non-US companies doing business in the US are affected. Also, any private companies that are preparing their initial public offering (IPO) will also need to comply with certain provisions of Sarbanes-Oxley.
back to top
When Sarbanes-Oxley compliance is due?
All parts of the Sarbanes-Oxley Act with the exception of Section 409 are effective now. An accelerated filer (a U.S. company with market capitalization over $75 million that has filed at least one annual report with the SEC) must comply with the SOX 404 requirements for its first fiscal year ending on or after November 15, 2004. A non-accelerated filer must begin to comply for its first fiscal year ending on or after July 15, 2006.
back to top
What is the Sarbanes-Oxley Act comprised of?
Eleven sections compose the SOX Act, but sections 302, 404, 401, 409, 802 and 906 are the most important in terms of compliance. Section 404 seems to cause the most difficulties for compliance. Sarbanes-Oxley Act established:
- new accountability standards for corporate boards and auditors,
- a Public Company Accounting Oversight Board (PCAOB) under the Security and Exchange Commission (SEC),
- specified civil and criminal penalties for noncompliance.
back to top
What penalties are applied if you are not compliant with Sarbanes-Oxley?
Additionally to lawsuits and negative publicity, a company officer who does not comply or submits an inaccurate certification is subject to a fine up to $1 million and ten years in prison, even if done mistakenly. If it is proved that a wrong certification was submitted purposely, the fine can be up to $5 million and twenty years in prison.
back to top
What does Sarbanes-Oxley compliance require?
All eligible companies must establish a financial accounting framework that can generate recurrent financial reports that are facilely verifiable with traceable source data. This source data must remain intact and cannot possess undocumented revisions. In addition, any revisions to financial or accounting software must be fully documented as to what was changed, why, by whom and when.
back to top
What overall process is followed for IT risk and control evaluations?
The first step will be a management’s overall identification and prioritization of the financial reporting as well as the critical business processes that relate directly to financial reporting. The key applications are first documented. These applications are related to the critical business processes that have been linked to the priority financial reporting elements. Then, we will identify the related technology components and general controls that provide assurance of processing and data integrity for the key applications. Lastly, the associated documentation and evaluation work is mapped to the associated business processes.
back to top
What process does Miles Consulting follow?
We employ best practices. We first assess your IT environment. Then we provide a project scope/plan that outlines our steps and the specific approach with timelines. Then we audit your company’s IT change management processes, physical security and firewall security and back-up and recovery plans. The next step is deliver the documentation on your policies and procedures. We then conduct remediation and testing and perform a risk matrix.
back to top
I have already passed SOX last year using the help of another vendor? Why should I hand this over to Miles Consulting?
It is highly recommended that you start employing your SOX consultant for next year’s SOX review. At Miles Consulting, we will review your organization’s existing documentation at no charge to you. We differ from many of the other companies that provide SOX compliance assistance on the IT side, in that we did not spring up just to take advantage of the SOX opportunity.  Miles Consulting has been in business for over 4 years providing IT consulting, online services and network support and our focus is not just Sarbanes Oxley.  When engaged as a Sarbanes Oxley compliance partner, we create policies, tests and controls, as well as remediate any issues that have come out of our testing of the current IT environment. We are consistent in our approach and we will establish a process that is repeatable and sustainable for your company’s continued compliance.
back to top
I don’t have to be compliant until next year due to the extension that was provided by the government. When should I start the SOX process?
A Sarbanes-Oxley first compliance is highly time consuming and very often ends up by being a longer process than expected. The rule is simple: the earlier the better. If your compliance is late you will not only undergo huge financial penalties, but you will also have difficulties to find help as many SOX consultants will be heavily engaged in 2006 with late filers.
back to top
Should I split the IT and financial portions of SOX and work with 2 different consultants?
The beauty of splitting the IT and financial portions is that you have two consulting experts for IT and accounting. Miles Consulting has conducted a number of SOX IT engagements and has a deep and broad knowledge of IT. 
back to top
© 2014 Pay Per Cloud Professional Services | Sitemap | Legal