Sarbox Solutions has unbundled its Sarbox Compliance Suite into two modules to allow companies with a smaller budget to spread out the cost and project timeline by performing the work in a phased approach. The software comes with a highly detailed instruction manual with examples for all areas of work. With the instruction manual, it is feasible that a company could perform most of the work on their own. However, it is common that companies with a smaller budget also have fewer internal resources to manage their Section 404 project and Sarbox Solutions is available to assist with the project management and performance of the work to ensure your project gets a smooth start and has a timely conclusion. See Service Offering

Module 1: Scoping and Risk Assessment

Most companies would like to know right away, just how much work there is going to be to complete their Section 404 project. Additionally, some are unsure if there are some gaps in their entity-level controls that need to be identified and remediated. The scoping and risk assessment module allows companies to perform this work quickly and efficiently. They can then update their audit committee and better understand and plan their budget and timeline.

Project Scope

  • Material accounts determination and risk assessment
  • Multi-location evaluation
  • IT platforms and applications evaluation
  • Determination of business cycles and related processes
  • Reconciliation of coverage of material accounts and related processes

Entity-level Review of Controls and Risk Assessment

  • COSO-based questionnaire for all five components of internal control
  • Enterprise risk management model
  • Test plans and methodology for assessment of effectiveness
Module 2: Documentation and Testing

Once a project has been fully scoped and the initial risk assessment performed, the documentation and testing of all key internal controls for financial reporting can be performed. The second module – Documentation and Testing – has everything needed to perform this major area of work.

Process Risk Management and Documentation of Key Controls

  • Narratives of relevant processes
  • Documentation of walk-through (test of control design) of each class of transaction
  • Risk/control matrix for each process identifying key control objectives, key internal controls and any control gaps

Test of Operating Effectiveness of Key Internal Controls

  • Sample size determination
  • Testing methodology
  • Specific test plans for each key internal control and documented results of operating effectiveness from performance of testing
  • Identification of control gaps and remediation plan

Sarbox Key Internal Control Repository

  • Repository of control objectives and key internal controls for many common processes for financial reporting and disclosure as well as general IT controls

Assessment of Effectiveness of Internal Control

  • Entity-level (for each of five COSO components)
  • Process level (for each business cycle)
  • Overall assessment of effectiveness

In addition to the deep software library for compliance with Section 404, Sarbox Solutions´ methodology includes:

  • A highly organized file structure of all software templates ready for use on your project
  • A nomenclature that is well-documented, scalable and reusable for downstream monitoring of internal controls
  • A step-by-step instruction manual for each phase of the Section 404 project with embedded examples of Sarbox Solutions´ software tools within the instruction manual for easy reference.

Software License

A software license may be obtained from Sarbox Solutions for use in completing all of the requirements for Section 404 of the Sarbanes-Oxley Act. This software license is a perpetual license for each company with a one-time license fee based upon the number of employees at the company.

To learn more or make a request for a software license, please contact:

Sarbox Solutions Inc.
Sales Department
601 108th Avenue N.E
Bellevue, WA 98004