School of Information Systems

Sarbanes Oxley Compliance

Several financial scandals involving big world-class companies led to the birth of SOX which stands for Sarbanes-Oxley Acts. The purpose of SOX is that public companies and their auditors can produce honest financial statements, prevent fraudulent financial reporting, protect investors, strengthen internal controls and punish criminals who commit fraud in financial statement reporting.

SOX is designed to prevent conflicts of interest. It also stipulates that the auditor may not provide other services to the company being audited. For example, the auditor may not provide bookkeeping consulting services to the company being audited. Auditors are also prohibited from providing financial information system design services to audited companies. So the auditor may not perform other services for at least 12 months prior to the audit period.

Another rule is that the audit committee must consist of a board of directors who are independent of the company. At least one member must be a financial expert. Another rule is that the CEO (Chief Executive Officer) and CFO (Chied Financial Officer) must certify that the financial statements are fair, have been checked by management and are not misleading. Of course, if there is fraud or fraud in these financial statements, company executives can be imprisoned.

Sarbanes-Oxley compliance requirements have elevated the role and responsibility of audit companies while taking aim at the C-suite with tough new rules that call for increased accountability from top company executives. Corporate disclosure, compliance oversight, controls monitoring, company training, and—the practice of public accounting—all have been impacted by Sarbanes-Oxley. Most companies face a compliance concern related to SARBOX rule 404. That rule requires management to assess the effectiveness of the company’s internal controls over financial reporting and include its findings in the company’s annual report to shareholders.

If this is your situation

  • You’ve identified potential controls issues that require remediation and require additional manpower to test your controls.
  • You require additional technical knowledge to plan and deliver a major controls project.
  • Your initial attempts at documenting and evaluating controls have produced inconsistent, often poor quality results and your staff need support.
  • You want to know how to derive the greatest value from your compliance efforts.
  • You want to understand what constitutes best practice in this area.

For non-audit clients, we provide direct assistance in the evaluation and remediation of controls.

  • Project management
  • Technical support including scoping, documentation, evaluation, and reporting
  • Risk assessment
  • Change management
  • Training and training materials
  • Control environment assistance
  • Documentation support
  • Design and execution of solutions
  • Quality assurance and review activities
  • Process improvement

https://www.ultima-erp.id/article/sia/sox/

https://www.pwc.com/sg/en/risk-assurance/sarbanes-oxley-compliance.html

Joni Suhartono