Full Service Compliance Project

Sarbox Solutions has developed a COSO-based methodology for performing all of the necessary steps in scoping, documenting, testing and assessing the effectiveness of internal controls over financial reporting. We would be pleased to discuss how we could help your company plan and perform its initial compliance project. Because every company has its own specific budget and internal resource constraints, we will work with you to find the best mix of our resources and your resources to get the project done on time and help you establish and maintain complete ownership of your key internal controls.

The following outline includes all of the major steps in the Full Service Compliance Project:

Project Scope

  • Material accounts determination and risk assessment
  • Multi-location evaluation
  • IT platforms and applications evaluation
  • Determination of business cycles and related processes
  • Reconciliation of coverage of material accounts and related processes

Entity-level Review of Controls and Risk Assessment

  • COSO-based questionnaire for all five components of internal control
  • Enterprise risk management model
  • Test plans and methodology for assessment of effectiveness

Process Risk Management and Documentation of Key Controls

  • Narratives of relevant processes
  • Documentation of walk-through (test of control design) of each class of transaction
  • Risk/control matrix for each process identifying key control objectives, key internal controls and any control gaps

Test of Operating Effectiveness of Key Internal Controls

  • Sample size determination
  • Testing methodology
  • Specific test plans for each key internal control and documented results of operating effectiveness from performance of testing
  • Identification of control gaps and remediation plan
Small Cap Solution - Project Scope and Risk Assessment

Non-accelerated filers and privately held companies need a cost-effective approach to comply with Section 404 of the Sarbanes-Oxley Act.

Sarbox Solutions has unbundled its Sarbox Full Service Compliance Project into two phases to allow companies with a smaller budget to spread out the cost and project timeline by performing the work in a phased approach. We have also unbundled our software to align with our Small Cap Solution services. See Products.

Most companies would like to know right away, just how much work there is going to be to complete their Section 404 project. Additionally, some are unsure if there are some gaps in their entity-level controls that need to be identified and remediated. The scoping and risk assessment phase allows companies to perform this work quickly and efficiently. They can then update their audit committee and better understand and plan their budget and timeline.

The following outline includes all of the major steps in the first phase of the Sarbox Small Cap Solution:

Project Scope

  • Material accounts determination and risk assessment
  • Multi-location evaluation
  • IT platforms and applications evaluation
  • Determination of business cycles and related processes
  • Reconciliation of coverage of material accounts and related processes

Entity-level Review of Controls and Risk Assessment

  • COSO-based questionnaire for all five components of internal control
  • Enterprise risk management model
  • Test plans and methodology for assessment of effectiveness
Small Cap Solution - Documentation and Testing

Once a project has been fully scoped and the initial risk assessment performed, the documentation and testing of all key internal controls for financial reporting can be performed. The second phase - Documentation and Testing - has everything needed to perform this major area of work. One of the benefits of unbundling the scoping and risk assessment from the documentation and testing is the knowledge you will gain about how much work is needed and how much internal qualified resources you have for the project. This gives you the best opportunity to manage your budget and timing.

The following outline includes all of the major steps in the second phase of the Sarbox Small Cap Solution:

Process Risk Management and Documentation of Key Controls

  • Narratives of relevant processes
  • Documentation of walk-through (test of control design) of each class of transaction
  • Risk/control matrix for each process identifying key control objectives, key internal controls and any control gaps

Test of Operating Effectiveness of Key Internal Controls

  • Sample size determination
  • Testing methodology
  • Specific test plans for each key internal control and documented results of operating effectiveness from performance of testing
  • Identification of control gaps and remediation plan

Sarbox Key Internal Control Repository

  • Repository of control objectives and key internal controls for many common processes for financial reporting and disclosure as well as general IT controls

Assessment of Effectiveness of Internal Control

  • Entity-level (for each of five COSO components)
  • Process level (for each business cycle)
  • Overall assessment of effectiveness
Ongoing Internal Controls Monitoring

The Sarbanes-Oxley Act requires companies to continually monitor their internal controls over financial reporting and disclosure. The Sarbox Solutions Methodology for documenting and assessing internal controls was designed from the ground up to facilitate an efficient and thorough approach to ongoing monitoring of your key internal controls. Additionally, Sarbox Solutions can assist your company with change management practices. That is, as you evolve your business, systems and personnel, there will be an ever-changing set of processes and controls that need to be identified, documented and assessed. Whether you had Sarbox Solutions assist you with your initial Section 404 compliance or not, we are here to help you set up and maintain your monitoring practices.