Embed Size (px)
Citation preview
THE MINIMUM COST ROUTESARBANES-OXLEY COMPLIANCE
Sam H. Carr, Managing Partner• Sam has over 30 years of experience in accounting, auditing,
financial management and consulting. Sam has focused much of his career on process improvement and redesign. Sam is a CPA, CIA, CISA and a Certified Compliance and Ethics Professional (CCEP).
• Sam is a finance and operations executive with broad-based
experience that includes 12 years as a CFO or Chief Accounting Officer in both public corporations and private entities, and fourteen years with an international public accounting firm. Sam orchestrated an Initial Public Offering (IPO) of a consolidation of dental practices throughout the United States. In addition to his IPO experience, he owns a powerful track record of demonstrated skills in a wide range of business environments including designing financing, mergers and acquisitions and growth companies.
THE SARBANES-OXLEY
The Sarbanes-Oxley Act of 2002 ("Act") was passed in response to some very
unfortunate financial disasters in the stock market. Enron, WorldCom and Tyco
were the poster children for the lack of internal controls over financial reporting.
These new requirements gave birth to an entire industry of internal control
documentation experts. Because of the relatively short timeline allowed to be in
compliance, public companies scrambled to find sufficient talent and time to
comprehensively document their processes and controls in a fashion that would
satisfy their independent public accountants.
EXPERTS IN INTERNAL CONTROLS
The audit firms had based much of their training and audit emphasis on testing balances. For the first-time, they would now be required to become experts in internal controls.
The documentation was prepared by relatively untrained accountants based upon broad and vague guidance from the regulators.
CFOs of public companies were grappling for guidance, information, talent and comfort that their controls were sufficient and operating effectively.
THE AVERAGE COST OF COMPLIANCE
In 2004, AMR Research estimated that SOX compliance in the US cost $5.5
billion. The average cost of compliance for a public company was $1.9 million.
The Financial Executives international estimated compliance costs at
somewhat higher $6.0 billion.
The cost of compliance with Sarbanes-Oxley was being seriously challenged
by public companies, particularly the smaller ones which spent a
disproportionately higher amount relative to their revenue streams.
TONE AT THE TOP
Depending on the industry, the Sarbanes-Oxley documentation is generally broken down into 12 or 13 financial cycles. In addition to these financial cycles, the "Tone at the Top" and Entity Level Controls were also documented and relied upon.
Testing of internal controls is a compliance test. A sample of transactions is selected and certain specified attributes of those samples are tested to confirm that there was evidence that the internal control was operating effectively throughout the year.
OPERATIONS HAVE EVOLVED
Over the last 10 years, there have been many changes affecting public
companies. They have experienced mergers, divestitures, new product line
introductions, organic growth, new regulations, discontinued operations and
the like. Operations have evolved to manage these changes in the industry
and in the company.
THE BOTTOM LINE OF THE COST OF TESTING
It is estimated that a single compliance test of a control could cost $10,000 in external audit time. In addition, the cost of Internal testing could be around $2,000. Assuming compliance can be confirmed through testing, each test therefore has a price tag of approximately $12,000.
The testing of 150 internal controls at $12,000 each totals approximately $1.8 million.
It is time for public companies to re-examine the documentation of their internal controls developed in the early stages of Sarbanes-Oxley.
COMPREHENSIVE REEVALUATION
Public companies need a comprehensive reevaluation of the existing internal
controls documentation and related testing.
The reevaluation of internal controls documentation should be performed
using a zero base approach. A fresh set of eyes exploring the undoubtedly
more efficient approach to satisfying the objectives for timely and accurate
financial reporting results in fewer key controls, better compliance and less
cost of maintaining the Sarbanes-Oxley required documentation.
RELY ON AUTOMATED CONTROLS
There may be ways to further automate controls within existing systems that have not been pursued. This is especially true of companies with installed ERP systems.
In addition, there are opportunities for reducing the number of controls, and therefore the compliance cost, through standardization.
THE QUALITY OF FINANCIAL REPORTING HAS IMPROVED
It is clear that Sarbanes-Oxley is not
going away. Companies cannot assume
that because they have been SOX
compliant in the past that the SOX
effort is on cruise control. Rather,
activities to eliminate, simplify,
streamline, focus and automate
processes must be actively pursued. It
is time for a fresh look at the Sarbanes-
Oxley approach and documentation.
