6 steps to make Sarbanes-Oxley work for you
Does your Sarbanes-Oxley (SOX) documentation process stand a chance against the updated 2013 COSO Framework? Don’t wait until the last minute to correct your process.
Follow these steps to ensure your organization maps to the new framework:
- Don't procrastinate. Migrating from your current framework to the new 2013 COSO Framework can take hundreds of hours. Now is the time to create a plan, assign responsibilities, and prep your team for success.
- Set reasonable goals. End of year deadlines don’t change, but you can set incremental deadlines internally to evaluate how your controls map to the 17 principles. Meeting those deadlines will give you a cushion for design and testing, if you need it.
- Take a fresh look. Review and update your internal controls with all the new guidance you have received. As, Marie Hollein, President and CEO of FEI, and FEI’s Representative on the COSO Board recently said, "Roll up [your] sleeves, kick the tires, see what shakes loose.”
- SOX Section 404. Remember that this assessment of internal controls is over your external financial reporting processes and practices.
- Keep things simple. If you recently filed an IPO, start small and work your way up from there. Other preparers have recommended that you start with the original 5 components and then extend from there to the 17 principles detailed in the updated framework.
- Communicate with your external auditors early and often. As you outline current gaps against the updated COSO 2013 Framework and decide how to fill those gaps, get the help you need. Engage external auditors early and often throughout the process to make sure there is buy-in across the board, and prevent any surprises that might arise later in the year.
You can do this. There’s no need to struggle through the mapping process. A combination of knowledgeable employees, good technology, and a commitment to ongoing training will help to ensure that you stay in control and reduce your risk.
Recommended for You
12 things to look for when choosing a SOX or internal controls solutionView Slideshow
About the Author
Mike Starr is Vice President of Governmental and Regulatory Affairs. He previously served as the SEC Chief Accountant’s advisor with a focus on investors’ financial information needs and the role of structured data in meeting those needs. Prior to his work with the SEC, Mike served as Chief Operating Officer for Grant Thornton International Ltd., where he oversaw global strategy and public policy. He earned a Bachelor of Science in accounting from Oklahoma State University (OSU), and in 2010 was recognized as an OSU distinguished accounting alumnus and inducted into the School of Accounting Hall of Fame.