Contributors: John Heagy, Manager, Risk & Accounting Advisory Services
Sarbanes-Oxley (SOX) 404 compliance is widely perceived to be a highly burdensome requirement for U.S. Securities and Exchange Commission (SEC) filers large enough to have the compliance apply. The SOX mandate requires a company to obtain an auditor’s opinion on the financial statements (404a) and their opinion on the internal controls over the financial reporting process (404b).
SOX 404 requires a company to create and incorporate a comprehensive framework to address the risks related to the financial reporting process, including both quantitative and qualitative assessments of any components to the framework. Implementing SOX can be a daunting task for most organizations. However, there are benefits if done strategically.
Unpacking the Cost and Value of SOX Compliance
There are a wide range of SOX compliance costs that vary anywhere from , depending on the application of 404, as well as the overall size, structure and complexity of the company. These costs typically do not include the internal operational costs required to meet compliance (e.g., addition of necessary personnel). Altogether, it is a significant expense to meet compliance that can quickly amount to being material for many organizations. The question of cost and value are the two competing principles that must be balanced. There are two main components to success with SOX 404 compliance:
1. Simplifying and Sourcing
No one knows the business better than the organization itself. Decision makers and subject matter experts must collaborate to understand the workflows and the compliance requirements in order to create a compliance plan that makes sense. Enlisting the help of a certified public accountant (CPA) with significant expertise in audit and SOX compliance is also an asset when assessing risk. Advantages of working with a trusted CPA include:
- Improving low risk, repetitive processes
- Identifying areas for internal controls improvement
- Adjusting monitoring strategies
- Incorporating a more cost-efficient approach to addressing risk
With enhanced guidance, companies can manage their budgets for compliance and create opportunity for a more value-added risk approach for functions (i.e., revenue recognition or complex non-recurring transactions). Furthermore, working with a trusted CPA provides businesses with assurance that they are appropriately complying with SOX 404 requirements and that their financial reporting is accurate and reliable, as well as having an independent perspective of financial reporting and internal controls.
2. Incorporating Business Process Optimization to Your SOX Program
The second strategy for successful SOX 404 program implementation is to incorporate business process optimization (BPO). The BPO approach aims to take the compliance requirement of 404 and apply professional insight to add value to the organization. The necessity of SOX 404 to address risk for each pertinent financial reporting requirement can offer itself as an opportunity for areas within the organization to optimize processes, automate repetitive functions and improve output.
One example, as part of the SOX 404 requirement, would be that companies must perform walkthroughs to identify and assess risks related to financial reporting and internal controls, as well as familiarize themselves with the various processes of the organization. Walkthroughs allow professionals with BPO insights to see firsthand how the company operates and offer the chance to continually reassess and improve internal processes to aid in accomplishing the organization’s goals. This is achieved while also ensuring compliance and assurance to management, auditors and stakeholders.
Building ROI Through a Well-Planned SOX Program
Through an efficient SOX program and the execution of the above strategies, an environment can be established that fosters continual improvement and optimal efficiency. The long-term effects of SOX compliance include achieving compliance while simultaneously improving the business. The process also improves the experience for control owners, the output for stakeholders, the information for decision makers and cost of compliance with SOX. BPO fosters success by allowing a company to thoroughly understand the business, risks, requirements, emerging technology opportunities and evolving markets.
How Cherry Bekaert Can Help
Our practice is equipped with industry-aligned professionals who have comprehensive knowledge in emerging tools and technologies and extensive SOX compliance experience. Many of our professionals have been in your seat , and faced similar challenges, and are prepared to offer assistance.
Cherry Bekaert is here to guide you forward, whether you are embarking on SOX compliance, looking for an advisor to help with business process optimization, establishing or streamlining your existing SOX compliance program. Reach out to our Risk & Accounting Advisory professionals to develop your long-term strategy for business optimization, risk management, regulatory compliance and strong financial reporting.
Related Insights
- Article: Overcoming Challenges Under SEC’s New Cybersecurity Rules by Improving Your Cybersecurity Incident Response Program
- Article: 2024 SEC Filing Deadlines and Financial Statement Staleness Dates
- Podcast: SOX Offshoring: Benefits and Key Considerations From the Service Provider and Client Perspectives
- Podcast: Examining the Differences Between SOX 404a and 404b
- SOX Case Study: Regulatory, Tax and SOX Compliance for Biopharmaceutical Company Expanding U.S. Presence