• The more we know, the bigger it gets.
• We don't have the budget to become compliant.
• We don't have the skills to perform the mandatory test of controls.
• Our board of directors is too busy to be involved with a fraud prevention program.
• Is there a technology solution to assist us in compliance?

Our approach
We have experience working with public companies and large private companies in developing practical approaches for audit committees, board of directors and management as to the impact and requirements of the Sarbanes-Oxley Act.

Our philosophy is not to take control of the reporting requirements long-term, rather, create a flexible, scalable, and cross-functional comprehensive approach that allows you to use internal resources.

Our approach focuses on the following:

• Build on what you already have
• Enforce a collaborative process
• Develop a comprehensive project team
  • Include wide variety of disciplines
  • Get commitment from CEO and CFO
  • Define process owners roles and responsibilities
• Define project scope
  • Link financial statement assertions, control objective, risks, controls, and activities
  • Identify significant business processes and locations
• Document
  • Link control objective and the control policy/procedure
  • Identify key controls
    • Include how transactions are initiated, recorded, processed and reported
  • Require process owners sign-off quarterly
• Define plan to assess process design and operating effectiveness
• Create a process for timing and updating of tests
  • Develop policy on how to update through the end of the period as audit of internal control over financial reporting is an "as of" date