SOX* Full Compliance A to Z Program
(*Sarbanes-Oxley Act)
Program Objectives
"SOX Full Compliance A to Z Program" is a consulting product designed for organizations who are seeking compliance with Sarbanes-Oxley Section 404 Management Assessment of Internal Controls for Financial Reporting requirements in accordance with Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB).
Program Summary
PJC assists organizations in establishing the bare essentials of an internal control system that meets Sarbanes-Oxley Section 404 requirements, and focuses on reliability of financial reports.
Program Details
1. |
SOX Project operation management |
|
2. |
Documentation (or documentation support) necessary for establishing the bare essentials of an internal control system (excluding the three types of documents discussed below) |
|
3. |
Documentation support and/or provision of samples of the three types of documents, which include: 1. operation flowcharts, 2. operation descriptions, and 3. risk control matrix |
|
4. |
Training on risk-based approaches, based on the premise of documentation of the these three types of documents |
|
5. |
Training by hierarchical level for establishing an internal control system |
|
6. |
Assistance with evaluation of effectiveness of the enterprise internal controls |
|
7. |
Assistance with evaluation of effectiveness of internal control over operating processes |
|
8. |
Assistance with determination by management on the evaluation scope of internal control |
|
9. |
Assistance with preparation of report on internal control |
|
10. |
Assistance with determination by management on whether or not identified internal control deficiencies are significant at the time of preparation of the report on internal control. |
|
11. |
Testing (or support on testing) of internal control operations. |
Illustration of Program
"SOX Full Compliance A to Z Program" helps organizations establish an internal control system in accordance with auditing standards, accounting standards, and standards of internal control. To ensure reliable financial reporting based on your company's accounting practices, the program establishes an internal control system in accordance with the standards of internal control and concurrently with the preparation of reports by your CPA auditor.
Consulting Timeline
Consulting takes approximately 10 months to 18 months depending on the type of business, from determination of evaluation scope to provisional report by management.
Consulting for Ensuring the Reliability of Financial Reports
To ensure the reliability of audited financial reports, your company needs to maintain operating processes that assure consolidated financial statements compliant with the accounting and auditing standards. The point is to assess and respond to the significant risk of financial misstatement based on inherent business risks of enterprise and the enterprise environment.
Consulting Focuses
The consulting service typically begins with an executive overview presentation to management and board members, complete with establishment of the internal controls management system. PJC believes that the main focus should be on reinforcement of internal audits and the management system, rather than creating the three types of documents previously mentioned.
Consulting Steps
1. |
Develop awareness that management is responsible for reliability and accuracy of financial reports, as well as the importance of assuring governance and compliance. |
|
2. |
Determine significant accounts and sites related to the consolidated financial statement |
|
3. |
Implement risk assessment covering consolidated company units by a risk-based approach |
|
4. |
Visualize risks through documentation support of the three types of documents. |
|
5. |
Assess inherent enterprise risk and create internal audit procedure (including governance, compliance, and IT control) |
|
6. |
Implement effectiveness test(s), evaluation(s), and corrective actions of internal controls (i.e. overall enterprise and operating processes) |
|
7. |
Establish internal control management system |
Risk Control (Assessments and Responses)
"Risk assessment and response" is the most difficult component in establishing an internal control system of operating processes. In assessment of a financial statement audit, the CPA auditor reviews appropriateness of design and implementation of responses based on assessed risk of material misstatement by assertion.
PJC's Position on Risk Management
Risks are transforming, moving, emerging, and their significance constantly changing. In other words, the organizations, people and information systems continually change. It is impossible to control all risks from the desk at the headquarters because risks exist at each site.PJC will provide training and consulting at each hierarchical level on site. PJC will not apply controls to all risks across-the-board.
Consulting Steps
1. |
Promote the understanding of governance and compliance |
|
2. |
Provide risk management training and assist in the preparation of risk management procedures |
|
3. |
Provide training to prepare the three types of documents |
|
4. |
Provide documentation support for the three types of documents at each site |
|
5. |
Establish internal control management system |
IT Control Consulting
Consulting Focuses and Steps
PJC's consultants specialized in IT controls will help you establish an IT control system.
Consulting Steps
1. |
Provide training for understanding of standards developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). |
|
2. |
Provide risk assessment. |
|
3. |
Prepare IT control procedures and provide necessary training |
|
4. |
Establish internal control management system |
